Analysis Report

Overview

General Information

Joe Sandbox Version:	23.0.0
Analysis ID:	622264
Start time:	13:20:19
Joe Sandbox Product:	Cloud
Start date:	30.07.2018
Overall analysis duration:	0h 23m 30s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	pdfescape-desktop-asian-and-extended.msi
Cookbook file name:	defaultwindowsmsicookbook.jbs
Analysis system description:	Windows 7 x64 (Office 2003 SP3, Java 1.8.0_40, Flash 16.0.0.305, Acrobat Reader 11.0.08, Internet Explorer 11, Chrome 41, Firefox 36)
Number of analysed new started processes analysed:	41
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies	HCA enabled EGA enabled HDC enabled
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal44.rans.adwa.evad.mine.winMSI@503/506@3/5
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 66% (good quality ratio 56.1%) Quality average: 56.6% Quality standard deviation: 32.6%
HCA Information:	Successful, ratio: 99% Number of executed functions: 147 Number of non-executed functions: 241
Cookbook Comments:	Adjust boot time Correcting counters for adjusted boot time Found application associated with file extension: .msi
Warnings:	Show All Max analysis timeout: 600s exceeded, the analysis took too long Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe Report creation exceeded maximum time and may have missing behavior and disassembly information. Report size exceeded maximum capacity and may have missing behavior information. Report size exceeded maximum capacity and may have missing disassembly code. Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtEnumerateKey calls found. Report size getting too big, too many NtFsControlFile calls found. Report size getting too big, too many NtOpenFile calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtQueryVolumeInformationFile calls found. Report size getting too big, too many NtReadFile calls found. Report size getting too big, too many NtSetInformationFile calls found. Report size getting too big, too many NtWriteFile calls found. Report size getting too big, too many NtWriteVirtualMemory calls found. Skipping Hybrid Code Analysis (implementation is based on Java, .Net, VB or Delphi, or parses a document) for: msiexec.exe, msiexec.exe, mscorsvw.exe, mscorsvw.exe Too many dropped files, some of them have not been restored

Detection

Strategy	Score	Range	Reporting	Detection
Threshold	44	0 - 100	Report FP / FN

Confidence

Strategy	Score	Range	Further Analysis Required?	Confidence
Threshold	5	0 - 5	false

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox

Sample is looking for USB drives. Launch the sample with the USB Fake Disk cookbook

Sample monitors Window changes (e.g. starting applications), analyze the sample with the 'Simulates keyboard and window changes' cookbook

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Signature Overview

Click to jump to signature section

AV Detection:

Antivirus detection for dropped file

Show sources

Source: C:\Windows\System32\xbox-service.exe

Avira: Label: HEUR/AGEN.1013443

Multi AV Scanner detection for submitted file

Show sources

Source: pdfescape-desktop-asian-and-extended.msi

virustotal: Detection: 22%

Perma Link

Antivirus detection for unpacked file

Show sources

Source: 8.1.xbox-service.exe.13f1b0000.0.unpack	Avira: Label: HEUR/AGEN.1013443
Source: 8.2.xbox-service.exe.13f1b0000.0.unpack	Avira: Label: HEUR/AGEN.1013443
Source: 8.0.xbox-service.exe.13f1b0000.2.unpack	Avira: Label: HEUR/AGEN.1013443
Source: 9.1.xbox-service.exe.13fbc0000.0.unpack	Avira: Label: HEUR/AGEN.1013443
Source: 9.0.xbox-service.exe.13fbc0000.0.unpack	Avira: Label: HEUR/AGEN.1013443
Source: 8.0.xbox-service.exe.13f1b0000.0.unpack	Avira: Label: HEUR/AGEN.1013443
Source: 8.0.xbox-service.exe.13f1b0000.3.unpack	Avira: Label: HEUR/AGEN.1013443
Source: 8.0.xbox-service.exe.13f1b0000.1.unpack	Avira: Label: HEUR/AGEN.1013443

Cryptography:

Public key (encryption) found

Show sources

Source: tmp2C70.tmp.7.dr

Binary or memory string: -----BEGIN PUBLIC KEY-----

Bitcoin Miner:

Found strings related to Crypto-Mining

Show sources

Source: pagefile.sys.9.dr

String found in binary or memory: "cpu_threads_conf" : [ { "low_power_mode" : false, "no_prefetch" : true, "affine_to_cpu" : 0 }, ], "use_slow_memory" : "warn", "Nicehash_nonce" : false, "aes_override" : null, "use_tls" : false, "tls_secure_algo" : true, "tls_fingerprint" : "", "pool_address" : "monerohash.com:80", "wallet_address" :

Spreading:

Checks for available system drives (often done to infect USB drives)

Show sources

Source: C:\Windows\SysWOW64\msiexec.exe	File opened: z:	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: x:	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: v:	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: t:	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: r:	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: p:	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: n:	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: l:	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: j:	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: h:	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: f:	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: b:	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: y:	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: w:	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: u:	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: s:	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: q:	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: o:	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: m:	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: k:	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: i:	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: g:	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: e:	Jump to behavior
Source: C:\Windows\System32\svchost.exe	File opened: c:	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: a:	Jump to behavior

Contains functionality to enumerate / list files inside a directory

Show sources

Source: C:\Windows\System32\msiexec.exe	Code function: 7_1_000007FEF3941F30 FindFirstFileExW,	7_1_000007FEF3941F30
Source: C:\Windows\System32\msiexec.exe	Code function: 7_1_000007FEF3959598 FindFirstFileExA,	7_1_000007FEF3959598
Source: C:\Windows\System32\xbox-service.exe	Code function: 8_2_000000013F1D33D4 FindFirstFileExA,	8_2_000000013F1D33D4
Source: C:\Windows\System32\xbox-service.exe	Code function: 9_1_000000013FBE33D4 FindFirstFileExA,	9_1_000000013FBE33D4
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800C9C70 FindFirstFileExA,	10_1_00000001800C9C70
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800C9C70 FindFirstFileExA,	12_1_00000001800C9C70

Networking:

Connects to IPs without corresponding DNS lookups

Show sources

Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250

Uses a known web browser user agent for HTTP communication

Show sources

Source: global traffic	HTTP traffic detected: GET /module/glamour HTTP/1.1Accept: /UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: download-desktop.pdfescape.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /download/pdfescape/pdfescape1/glamour HTTP/1.1Accept: /UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: cdn.lulusoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /pdfescape3/glamour/PDFescape_Desktop_Installer_3.0.25.584.exe HTTP/1.1Accept: /UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: download-desktop-msi.pdfescape.comConnection: Keep-Alive

Contains functionality to download additional files from the internet

Show sources

Source: C:\Windows\System32\msiexec.exe

Code function: 7_1_000007FEF3942F30 DeleteUrlCacheEntry,URLDownloadToFileA,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,

7_1_000007FEF3942F30

Downloads files

Show sources

Source: C:\Windows\System32\msiexec.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GOPT6FQ2

Jump to behavior

Downloads files from webservers via HTTP

Show sources

Source: global traffic	HTTP traffic detected: GET /module/glamour HTTP/1.1Accept: /UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: download-desktop.pdfescape.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /download/pdfescape/pdfescape1/glamour HTTP/1.1Accept: /UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: cdn.lulusoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /pdfescape3/glamour/PDFescape_Desktop_Installer_3.0.25.584.exe HTTP/1.1Accept: /UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: download-desktop-msi.pdfescape.comConnection: Keep-Alive

Performs DNS lookups

Show sources

Source: unknown

DNS traffic detected: queries for: download-desktop.pdfescape.com

Urls found in memory or binary data

Show sources

Source: tmp2C70.tmp.7.dr	String found in binary or memory: file://
Source: tmp2C70.tmp.7.dr	String found in binary or memory: file://%s
Source: tmp2C70.tmp.7.dr	String found in binary or memory: file://%sresource://blankEndHTMLStartHTMLEndFragmentStartFragmentVersion:1.0
Source: tmp2C70.tmp.7.dr	String found in binary or memory: file://hostname/
Source: tmp2C70.tmp.7.dr	String found in binary or memory: ftp://
Source: tmp2C70.tmp.7.dr	String found in binary or memory: ftp://%s:%s
Source: tmp2C70.tmp.7.dr	String found in binary or memory: ftp://;type=AcceptAccept:
Source: pagefile.sys.9.dr	String found in binary or memory: http://%s/h
Source: pagefile.sys.9.dr	String found in binary or memory: http://%s/hHostLocation
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://%s:%d
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://%s:%d5
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://bugreport.pdfescape.com/service.asmxW
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: pdfescape-desktop-asian-and-extended.msi	String found in binary or memory: http://data28.somee.com/data32.zip
Source: msiexec.exe, pdfescape-desktop-asian-and-extended.msi	String found in binary or memory: http://desktop.sodapdf.com/
Source: pdfescape-desktop-asian-and-extended.msi	String found in binary or memory: http://desktop.sodapdf.com/SOFTWARE
Source: msiexec.exe, pdfescape-desktop-asian-and-extended.msi	String found in binary or memory: http://desktop.sodapdf.com/module/glamour
Source: pdfescape-desktop-asian-and-extended.msi	String found in binary or memory: http://desktop.sodapdf.com/module/glamourhttp://download8.sodapdf.com/module/glamourhttp://download-
Source: msiexec.exe, pdfescape-desktop-asian-and-extended.msi	String found in binary or memory: http://download-desktop.pdfescape.com/
Source: pdfescape-desktop-asian-and-extended.msi	String found in binary or memory: http://download-desktop.pdfescape.com/SOFTWARE
Source: msiexec.exe, pdfescape-desktop-asian-and-extended.msi	String found in binary or memory: http://download-desktop.pdfescape.com/module/glamour
Source: msiexec.exe, pdfescape-desktop-asian-and-extended.msi	String found in binary or memory: http://download2018.pdf-suite.com/
Source: pdfescape-desktop-asian-and-extended.msi	String found in binary or memory: http://download2018.pdf-suite.com/SOFTWARE
Source: msiexec.exe, pdfescape-desktop-asian-and-extended.msi	String found in binary or memory: http://download2018.pdf-suite.com/module/glamour
Source: msiexec.exe, pdfescape-desktop-asian-and-extended.msi	String found in binary or memory: http://download8.sodapdf.com/
Source: pdfescape-desktop-asian-and-extended.msi	String found in binary or memory: http://download8.sodapdf.com/SOFTWARE
Source: msiexec.exe, pdfescape-desktop-asian-and-extended.msi	String found in binary or memory: http://download8.sodapdf.com/module/glamour
Source: msiexec.exe, pdfescape-desktop-asian-and-extended.msi	String found in binary or memory: http://downloads.docudesk.com/
Source: pdfescape-desktop-asian-and-extended.msi	String found in binary or memory: http://downloads.docudesk.com/SOFTWARE
Source: msiexec.exe, pdfescape-desktop-asian-and-extended.msi	String found in binary or memory: http://downloads.docudesk.com/module/glamour
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://ftp://
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://jtracking-gate.lulusoft.comIEH
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://paygw.pdfescape.com/redirect/http://download-desktop.pdfescape.com/pdfescape-desktop&&version
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://s.symcd.com06
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/arrayType
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/arrayType0
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://sodapdf.com/fr/confidentialite#privacy-dehttp://sodapdf.com/de/datenschutz#privacy-it#privacy
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://sodapdf.com/privacy/
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://stats.pdfescape.com/Tracking.asmx
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://tempuri.org/
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://tempuri.org/AddBug
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://tempuri.org/CompressSimpleTrackSetup
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://tempuri.org/GetVersionInfo
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://tempuri.org/http://tempuri.org/VersionVersionparamparamNameName
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://tempuri.org/http://tempuri.org/datadata
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://terrainformatica.com/forums/topic.php?id=1772
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://upclick.com/
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://upclick.com/GetLocationInfo
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://upclick.com/http://upclick.com/
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://update.pdfescape.com/Service.asmx
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://webcompanion.com/nano_download.php?partner=
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://webcompanion.com/nano_download.php?partner=&campaign=
Source: pdfescape-desktop-asian-and-extended.msi	String found in binary or memory: http://winservice32.website.tk/m.html
Source: pagefile.sys.9.dr	String found in binary or memory: http://winservice32.website.tk/m.htmldata
Source: tmp2C70.tmp.7.dr	String found in binary or memory: http://wsgeoip.pdfescape.com/ipservice.asmx
Source: Identity-UTF16-V.2.dr	String found in binary or memory: http://www.artifex.com/licensing/
Source: Identity-UTF16-V.2.dr	String found in binary or memory: http://www.ghostscript.com/licensing/.
Source: pagefile.sys.9.dr	String found in binary or memory: http://www.openssl.org/support/faq.html
Source: pdfescape-desktop-asian-and-extended.msi	String found in binary or memory: http://www.pdfescape.com/privacy/
Source: msiexec.exe, 00000001.00000003.12378422218.000000000050A000.00000004.sdmp, pdfescape-desktop-asian-and-extended.msi	String found in binary or memory: http://www.redsoftware.com/
Source: msiexec.exe, 00000001.00000003.12667191155.0000000000586000.00000004.sdmp, msiexec.exe, 00000001.00000003.12378422218.000000000050A000.00000004.sdmp, pdfescape-desktop-asian-and-extended.msi	String found in binary or memory: http://www.redsoftware.com/contact/
Source: tmp2C70.tmp.7.dr	String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: tmp2C70.tmp.7.dr	String found in binary or memory: https://d.symcb.com/cps0%
Source: tmp2C70.tmp.7.dr	String found in binary or memory: https://d.symcb.com/rpa0
Source: tmp2C70.tmp.7.dr	String found in binary or memory: https://d.symcb.com/rpa0.
Source: tmp2C70.tmp.7.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: rundll32.exe, pagefile.sys.9.dr	String found in binary or memory: https://www.google-analytics.com/collect?v=1&tid=UA-108153473-1&cid=

Spam, unwanted Advertisements and Ransom Demands:

Modifies the hosts file

Show sources

Source: C:\Windows\System32\msiexec.exe

File written: C:\Windows\System32\drivers\etc\hosts

Jump to behavior

DDoS:

Too many similar processes found

Show sources

Source: unknown

Process created: 391

Operating System Destruction:

Mass deletion, destroys many files

Show sources

Source: c:\windows\system32\xbox-service.exe

File deleted: Number of file deletion 463 exceeds threshold 400

System Summary:

Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)

Show sources

Source: C:\Windows\SysWOW64\msiexec.exe	Memory allocated: 77080000 page execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Memory allocated: 771A0000 page execute and read and write	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Memory allocated: 77080000 page execute and read and write	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Memory allocated: 771A0000 page execute and read and write	Jump to behavior

Contains functionality to delete services

Show sources

Source: C:\Windows\System32\xbox-service.exe

Code function: 8_2_000000013F1BB640 OpenSCManagerA,LoadStringA,MessageBoxA,OpenServiceA,CloseServiceHandle,LoadStringA,ControlService,GetLastError,MessageBoxA,DeleteService,CloseServiceHandle,CloseServiceHandle,MessageBoxA,RegDeleteValueA,RegCloseKey,RegCloseKey,

8_2_000000013F1BB640

Creates driver files

Show sources

Source: C:\Windows\System32\xbox-service.exe

File created: C:\Windows\pagefile.sys

Creates files inside the system directory

Show sources

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\Installer\51df1b.msi

Jump to behavior

Deletes files inside the Windows folder

Show sources

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\51df1c.ipi

Jump to behavior

Detected potential crypto function

Show sources

Source: C:\Windows\System32\msiexec.exe	Code function: 7_1_000007FEF394E7A8	7_1_000007FEF394E7A8
Source: C:\Windows\System32\msiexec.exe	Code function: 7_1_000007FEF3952BD0	7_1_000007FEF3952BD0
Source: C:\Windows\System32\msiexec.exe	Code function: 7_1_000007FEF395938C	7_1_000007FEF395938C
Source: C:\Windows\System32\msiexec.exe	Code function: 7_1_000007FEF395696C	7_1_000007FEF395696C
Source: C:\Windows\System32\msiexec.exe	Code function: 7_1_000007FEF3958924	7_1_000007FEF3958924
Source: C:\Windows\System32\msiexec.exe	Code function: 7_1_000007FEF395CF80	7_1_000007FEF395CF80
Source: C:\Windows\System32\msiexec.exe	Code function: 7_1_000007FEF395E6F4	7_1_000007FEF395E6F4
Source: C:\Windows\System32\msiexec.exe	Code function: 7_1_000007FEF39566F4	7_1_000007FEF39566F4
Source: C:\Windows\System32\msiexec.exe	Code function: 7_1_000007FEF3957DE8	7_1_000007FEF3957DE8
Source: C:\Windows\System32\msiexec.exe	Code function: 7_1_000007FEF3947D48	7_1_000007FEF3947D48
Source: C:\Windows\System32\msiexec.exe	Code function: 7_1_000007FEF395BDA0	7_1_000007FEF395BDA0
Source: C:\Windows\System32\msiexec.exe	Code function: 7_1_000007FEF394EDAC	7_1_000007FEF394EDAC
Source: C:\Windows\System32\msiexec.exe	Code function: 7_1_000007FEF394F50C	7_1_000007FEF394F50C
Source: C:\Windows\System32\xbox-service.exe	Code function: 8_2_000000013F1BB640	8_2_000000013F1BB640
Source: C:\Windows\System32\xbox-service.exe	Code function: 8_2_000000013F1C9754	8_2_000000013F1C9754
Source: C:\Windows\System32\xbox-service.exe	Code function: 8_2_000000013F1C1770	8_2_000000013F1C1770
Source: C:\Windows\System32\xbox-service.exe	Code function: 8_2_000000013F1BA5F0	8_2_000000013F1BA5F0
Source: C:\Windows\System32\xbox-service.exe	Code function: 8_2_000000013F1B7EA0	8_2_000000013F1B7EA0
Source: C:\Windows\System32\xbox-service.exe	Code function: 8_2_000000013F1D4ED4	8_2_000000013F1D4ED4
Source: C:\Windows\System32\xbox-service.exe	Code function: 8_2_000000013F1D6510	8_2_000000013F1D6510
Source: C:\Windows\System32\xbox-service.exe	Code function: 8_2_000000013F1CB5E0	8_2_000000013F1CB5E0
Source: C:\Windows\System32\xbox-service.exe	Code function: 8_2_000000013F1B1490	8_2_000000013F1B1490
Source: C:\Windows\System32\xbox-service.exe	Code function: 8_2_000000013F1C8CA8	8_2_000000013F1C8CA8
Source: C:\Windows\System32\xbox-service.exe	Code function: 8_2_000000013F1CAAE8	8_2_000000013F1CAAE8
Source: C:\Windows\System32\xbox-service.exe	Code function: 8_2_000000013F1D8B6C	8_2_000000013F1D8B6C
Source: C:\Windows\System32\xbox-service.exe	Code function: 8_2_000000013F1CBB89	8_2_000000013F1CBB89
Source: C:\Windows\System32\xbox-service.exe	Code function: 8_2_000000013F1DA388	8_2_000000013F1DA388
Source: C:\Windows\System32\xbox-service.exe	Code function: 8_2_000000013F1C9A38	8_2_000000013F1C9A38
Source: C:\Windows\System32\xbox-service.exe	Code function: 8_2_000000013F1DC274	8_2_000000013F1DC274
Source: C:\Windows\System32\xbox-service.exe	Code function: 8_2_000000013F1D7A94	8_2_000000013F1D7A94
Source: C:\Windows\System32\xbox-service.exe	Code function: 8_2_000000013F1B3284	8_2_000000013F1B3284
Source: C:\Windows\System32\xbox-service.exe	Code function: 8_2_000000013F1B4AE0	8_2_000000013F1B4AE0
Source: C:\Windows\System32\xbox-service.exe	Code function: 8_2_000000013F1B5920	8_2_000000013F1B5920
Source: C:\Windows\System32\xbox-service.exe	Code function: 8_2_000000013F1C715C	8_2_000000013F1C715C
Source: C:\Windows\System32\xbox-service.exe	Code function: 8_2_000000013F1D31C8	8_2_000000013F1D31C8
Source: C:\Windows\System32\xbox-service.exe	Code function: 8_2_000000013F1CB0BC	8_2_000000013F1CB0BC
Source: C:\Windows\System32\xbox-service.exe	Code function: 9_1_000000013FBD1770	9_1_000000013FBD1770
Source: C:\Windows\System32\xbox-service.exe	Code function: 9_1_000000013FBC1490	9_1_000000013FBC1490
Source: C:\Windows\System32\xbox-service.exe	Code function: 9_1_000000013FBC3284	9_1_000000013FBC3284
Source: C:\Windows\System32\xbox-service.exe	Code function: 9_1_000000013FBC5920	9_1_000000013FBC5920
Source: C:\Windows\System32\xbox-service.exe	Code function: 9_1_000000013FBDB0BC	9_1_000000013FBDB0BC
Source: C:\Windows\System32\xbox-service.exe	Code function: 9_1_000000013FBD9754	9_1_000000013FBD9754
Source: C:\Windows\System32\xbox-service.exe	Code function: 9_1_000000013FBC7EA0	9_1_000000013FBC7EA0
Source: C:\Windows\System32\xbox-service.exe	Code function: 9_1_000000013FBE4ED4	9_1_000000013FBE4ED4
Source: C:\Windows\System32\xbox-service.exe	Code function: 9_1_000000013FBCA5F0	9_1_000000013FBCA5F0
Source: C:\Windows\System32\xbox-service.exe	Code function: 9_1_000000013FBCB640	9_1_000000013FBCB640
Source: C:\Windows\System32\xbox-service.exe	Code function: 9_1_000000013FBDB5E0	9_1_000000013FBDB5E0
Source: C:\Windows\System32\xbox-service.exe	Code function: 9_1_000000013FBE6510	9_1_000000013FBE6510
Source: C:\Windows\System32\xbox-service.exe	Code function: 9_1_000000013FBD8CA8	9_1_000000013FBD8CA8
Source: C:\Windows\System32\xbox-service.exe	Code function: 9_1_000000013FBDBB89	9_1_000000013FBDBB89
Source: C:\Windows\System32\xbox-service.exe	Code function: 9_1_000000013FBEA388	9_1_000000013FBEA388
Source: C:\Windows\System32\xbox-service.exe	Code function: 9_1_000000013FBE8B6C	9_1_000000013FBE8B6C
Source: C:\Windows\System32\xbox-service.exe	Code function: 9_1_000000013FBDAAE8	9_1_000000013FBDAAE8
Source: C:\Windows\System32\xbox-service.exe	Code function: 9_1_000000013FBE7A94	9_1_000000013FBE7A94
Source: C:\Windows\System32\xbox-service.exe	Code function: 9_1_000000013FBEC274	9_1_000000013FBEC274
Source: C:\Windows\System32\xbox-service.exe	Code function: 9_1_000000013FBC4AE0	9_1_000000013FBC4AE0
Source: C:\Windows\System32\xbox-service.exe	Code function: 9_1_000000013FBD9A38	9_1_000000013FBD9A38
Source: C:\Windows\System32\xbox-service.exe	Code function: 9_1_000000013FBE31C8	9_1_000000013FBE31C8
Source: C:\Windows\System32\xbox-service.exe	Code function: 9_1_000000013FBD715C	9_1_000000013FBD715C
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180058004	10_1_0000000180058004
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800D404C	10_1_00000001800D404C
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_000000018001A050	10_1_000000018001A050
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800B4140	10_1_00000001800B4140
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800101C0	10_1_00000001800101C0
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800D21EC	10_1_00000001800D21EC
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180054211	10_1_0000000180054211
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_000000018001E230	10_1_000000018001E230
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_000000018008A2A0	10_1_000000018008A2A0
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800D02AC	10_1_00000001800D02AC
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800582DF	10_1_00000001800582DF
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180052300	10_1_0000000180052300
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_000000018002A360	10_1_000000018002A360
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800B43BC	10_1_00000001800B43BC
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_000000018002C410	10_1_000000018002C410
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180010410	10_1_0000000180010410
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180054440	10_1_0000000180054440
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800C2444	10_1_00000001800C2444
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180052460	10_1_0000000180052460
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_000000018005A480	10_1_000000018005A480
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800745B0	10_1_00000001800745B0
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_000000018005260A	10_1_000000018005260A
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800B4638	10_1_00000001800B4638
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800CC634	10_1_00000001800CC634
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180058670	10_1_0000000180058670
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180010670	10_1_0000000180010670
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800566E0	10_1_00000001800566E0
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180054750	10_1_0000000180054750
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180056883	10_1_0000000180056883
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180058890	10_1_0000000180058890
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_000000018004C8E0	10_1_000000018004C8E0
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800528F3	10_1_00000001800528F3
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180010920	10_1_0000000180010920
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180054980	10_1_0000000180054980
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800529E0	10_1_00000001800529E0
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180058A70	10_1_0000000180058A70
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800A4B1C	10_1_00000001800A4B1C
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800D2B48	10_1_00000001800D2B48
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180056B63	10_1_0000000180056B63
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180062B90	10_1_0000000180062B90
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_000000018001ABB0	10_1_000000018001ABB0
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180066BC0	10_1_0000000180066BC0
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180056C11	10_1_0000000180056C11
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180050C40	10_1_0000000180050C40
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180056C50	10_1_0000000180056C50
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180054C60	10_1_0000000180054C60
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180088C70	10_1_0000000180088C70
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180026CC0	10_1_0000000180026CC0
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800D0D00	10_1_00000001800D0D00
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_000000018004CD40	10_1_000000018004CD40
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180010D50	10_1_0000000180010D50
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180040DA0	10_1_0000000180040DA0
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_000000018000CE50	10_1_000000018000CE50
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180098E9C	10_1_0000000180098E9C
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180054EE0	10_1_0000000180054EE0
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180008F70	10_1_0000000180008F70
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180062FB0	10_1_0000000180062FB0
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800BEFBC	10_1_00000001800BEFBC
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180053020	10_1_0000000180053020
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180059040	10_1_0000000180059040
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_000000018007B060	10_1_000000018007B060
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800550B1	10_1_00000001800550B1
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180015110	10_1_0000000180015110
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800D71B0	10_1_00000001800D71B0
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180029220	10_1_0000000180029220
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180011230	10_1_0000000180011230
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800BD250	10_1_00000001800BD250
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180031260	10_1_0000000180031260
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180031280	10_1_0000000180031280
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_000000018004B2B0	10_1_000000018004B2B0
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800312F0	10_1_00000001800312F0
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800C92F8	10_1_00000001800C92F8
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180021310	10_1_0000000180021310
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180031380	10_1_0000000180031380
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800BB3D8	10_1_00000001800BB3D8
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180031400	10_1_0000000180031400
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180057450	10_1_0000000180057450
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800D34DC	10_1_00000001800D34DC
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800074E0	10_1_00000001800074E0
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180053570	10_1_0000000180053570
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_000000018005560A	10_1_000000018005560A
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_000000018007B630	10_1_000000018007B630
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180059640	10_1_0000000180059640
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_000000018005F640	10_1_000000018005F640
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180057670	10_1_0000000180057670
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800536D0	10_1_00000001800536D0
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180055770	10_1_0000000180055770
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180011780	10_1_0000000180011780
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800A77D4	10_1_00000001800A77D4
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180045800	10_1_0000000180045800
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800CF818	10_1_00000001800CF818
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180045850	10_1_0000000180045850
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180045880	10_1_0000000180045880
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180053879	10_1_0000000180053879
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180059890	10_1_0000000180059890
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800BD8AC	10_1_00000001800BD8AC
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800458D0	10_1_00000001800458D0
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_000000018003D8F0	10_1_000000018003D8F0
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_000000018003B960	10_1_000000018003B960
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_000000018007B980	10_1_000000018007B980
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800159E0	10_1_00000001800159E0
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800C9A64	10_1_00000001800C9A64
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180099A98	10_1_0000000180099A98
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180077AD0	10_1_0000000180077AD0
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180055AE0	10_1_0000000180055AE0
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180053B55	10_1_0000000180053B55
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800C7B80	10_1_00000001800C7B80
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800C5C40	10_1_00000001800C5C40
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180053C50	10_1_0000000180053C50
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_0000000180011C60	10_1_0000000180011C60
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_000000018007BCA0	10_1_000000018007BCA0
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800CFD14	10_1_00000001800CFD14
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180058004	12_1_0000000180058004
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800D404C	12_1_00000001800D404C
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_000000018001A050	12_1_000000018001A050
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800B4140	12_1_00000001800B4140
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800101C0	12_1_00000001800101C0
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800D21EC	12_1_00000001800D21EC
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180054211	12_1_0000000180054211
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_000000018001E230	12_1_000000018001E230
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_000000018008A2A0	12_1_000000018008A2A0
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800D02AC	12_1_00000001800D02AC
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800582DF	12_1_00000001800582DF
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180052300	12_1_0000000180052300
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_000000018002A360	12_1_000000018002A360
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800B43BC	12_1_00000001800B43BC
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_000000018002C410	12_1_000000018002C410
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180010410	12_1_0000000180010410
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180054440	12_1_0000000180054440
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800C2444	12_1_00000001800C2444
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180052460	12_1_0000000180052460
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_000000018005A480	12_1_000000018005A480
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800745B0	12_1_00000001800745B0
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_000000018005260A	12_1_000000018005260A
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800B4638	12_1_00000001800B4638
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800CC634	12_1_00000001800CC634
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180058670	12_1_0000000180058670
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180010670	12_1_0000000180010670
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800566E0	12_1_00000001800566E0
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180054750	12_1_0000000180054750
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180056883	12_1_0000000180056883
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180058890	12_1_0000000180058890
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_000000018004C8E0	12_1_000000018004C8E0
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800528F3	12_1_00000001800528F3
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180010920	12_1_0000000180010920
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180054980	12_1_0000000180054980
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800529E0	12_1_00000001800529E0
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180058A70	12_1_0000000180058A70
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800A4B1C	12_1_00000001800A4B1C
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800D2B48	12_1_00000001800D2B48
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180056B63	12_1_0000000180056B63
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180062B90	12_1_0000000180062B90
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_000000018001ABB0	12_1_000000018001ABB0
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180066BC0	12_1_0000000180066BC0
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180056C11	12_1_0000000180056C11
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180050C40	12_1_0000000180050C40
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180056C50	12_1_0000000180056C50
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180054C60	12_1_0000000180054C60
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180088C70	12_1_0000000180088C70
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180026CC0	12_1_0000000180026CC0
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800D0D00	12_1_00000001800D0D00
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_000000018004CD40	12_1_000000018004CD40
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180010D50	12_1_0000000180010D50
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180040DA0	12_1_0000000180040DA0
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_000000018000CE50	12_1_000000018000CE50
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180098E9C	12_1_0000000180098E9C
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180054EE0	12_1_0000000180054EE0
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180008F70	12_1_0000000180008F70
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180062FB0	12_1_0000000180062FB0
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800BEFBC	12_1_00000001800BEFBC
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180053020	12_1_0000000180053020
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180059040	12_1_0000000180059040
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_000000018007B060	12_1_000000018007B060
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800550B1	12_1_00000001800550B1
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180015110	12_1_0000000180015110
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800D71B0	12_1_00000001800D71B0
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180029220	12_1_0000000180029220
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180011230	12_1_0000000180011230
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800BD250	12_1_00000001800BD250
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180031260	12_1_0000000180031260
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180031280	12_1_0000000180031280
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_000000018004B2B0	12_1_000000018004B2B0
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800312F0	12_1_00000001800312F0
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800C92F8	12_1_00000001800C92F8
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180021310	12_1_0000000180021310
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180031380	12_1_0000000180031380
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800BB3D8	12_1_00000001800BB3D8
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180031400	12_1_0000000180031400
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180057450	12_1_0000000180057450
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800D34DC	12_1_00000001800D34DC
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800074E0	12_1_00000001800074E0
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180053570	12_1_0000000180053570
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_000000018005560A	12_1_000000018005560A
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_000000018007B630	12_1_000000018007B630
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180059640	12_1_0000000180059640
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_000000018005F640	12_1_000000018005F640
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180057670	12_1_0000000180057670
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800536D0	12_1_00000001800536D0
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180055770	12_1_0000000180055770
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180011780	12_1_0000000180011780
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800A77D4	12_1_00000001800A77D4
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180045800	12_1_0000000180045800
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800CF818	12_1_00000001800CF818
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180045850	12_1_0000000180045850
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180045880	12_1_0000000180045880
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180053879	12_1_0000000180053879
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180059890	12_1_0000000180059890
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800BD8AC	12_1_00000001800BD8AC
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800458D0	12_1_00000001800458D0
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_000000018003D8F0	12_1_000000018003D8F0
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_000000018003B960	12_1_000000018003B960
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_000000018007B980	12_1_000000018007B980
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800159E0	12_1_00000001800159E0
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800C9A64	12_1_00000001800C9A64
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180099A98	12_1_0000000180099A98
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180077AD0	12_1_0000000180077AD0
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180055AE0	12_1_0000000180055AE0
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180053B55	12_1_0000000180053B55
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800C7B80	12_1_00000001800C7B80
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800C5C40	12_1_00000001800C5C40
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180053C50	12_1_0000000180053C50
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180011C60	12_1_0000000180011C60
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_000000018007BCA0	12_1_000000018007BCA0
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800CFD14	12_1_00000001800CFD14
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180053E30	12_1_0000000180053E30
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180057E70	12_1_0000000180057E70
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_0000000180069E80	12_1_0000000180069E80

Enables security privileges

Show sources

Source: C:\Windows\System32\msiexec.exe

Process token adjusted: Security

Jump to behavior

Found potential string decryption / allocating functions

Show sources

Source: C:\Windows\System32\rundll32.exe	Code function: String function: 0000000180034730 appears 301 times
Source: C:\Windows\System32\rundll32.exe	Code function: String function: 000000018008B730 appears 48 times
Source: C:\Windows\System32\rundll32.exe	Code function: String function: 00000001800340E0 appears 219 times
Source: C:\Windows\System32\rundll32.exe	Code function: String function: 0000000180033EB0 appears 70 times
Source: C:\Windows\System32\rundll32.exe	Code function: String function: 000000018003CFB0 appears 37 times
Source: C:\Windows\System32\rundll32.exe	Code function: String function: 000000018008B5CC appears 38 times
Source: C:\Windows\System32\rundll32.exe	Code function: String function: 0000000180030EF0 appears 32 times
Source: C:\Windows\System32\rundll32.exe	Code function: String function: 0000000180037140 appears 54 times
Source: C:\Windows\System32\rundll32.exe	Code function: String function: 00000001800345E0 appears 42 times
Source: C:\Windows\System32\rundll32.exe	Code function: String function: 000000018008EF10 appears 1421 times
Source: C:\Windows\System32\rundll32.exe	Code function: String function: 0000000180037A10 appears 1090 times

PE file contains executable resources (Code or Archives)

Show sources

Source: xbox-service.exe.7.dr	Static PE information: Resource name: RT_RCDATA type: Zip archive data, at least v2.0 to extract
Source: PDFescape_Desktop_Installer_3.0.25.584[1].exe.7.dr	Static PE information: Resource name: DLL type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Source: PDFescape_Desktop_Installer_3.0.25.584[1].exe.7.dr	Static PE information: Resource name: IDT_SZSR type: Zip archive data, at least v2.0 to extract

PE file contains strange resources

Show sources

Source: PDFescape_Desktop_Installer_3.0.25.584[1].exe.7.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: pagefile.sys.9.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: pagefile.sys.9.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: pagefile.sys.9.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Reads the hosts file

Show sources

Source: C:\Windows\System32\msiexec.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Sample file is different than original file name gathered from version info

Show sources

Source: pdfescape-desktop-asian-and-extended.msi

Binary or memory string: OriginalFilenameprinteula.dllL vs pdfescape-desktop-asian-and-extended.msi

Tries to load missing DLLs

Show sources

Source: C:\Windows\System32\xbox-service.exe	Section loaded: ext-ms-win-kernel32-package-current-l1-1-0.dll			Jump to behavior
Source: C:\Windows\System32\xbox-service.exe	Section loaded: ext-ms-win-kernel32-package-current-l1-1-0.dll

PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)

Show sources

Source: xbox-service.exe.7.dr

Static PE information: Section: .rsrc ZLIB complexity 0.998208776846

Binary contains device paths (device paths are often used for kernel mode <-> user mode communication)

Show sources

Source: metadata-2.2.dr	Binary string: buttonup_off.png22\\?\Volume{4d4a291d-7dbc-11e1-a697-806e6f6e6963}\QQprogramdata\microsoft\device stage\device\{113527a4-45d4-4b6f-b567-97838f1b04b0}
Source: metadata-2.2.dr	Binary string: scenes_intro_bg_pal.wmv22\\?\Volume{4d4a291d-7dbc-11e1-a697-806e6f6e6963}\QQprogramdata\microsoft\device stage\device\{113527a4-45d4-4b6f-b567-97838f1b04b0}
Source: metadata-2.2.dr	Binary string: keypad.xml22\\?\Volume{4d4a291d-7dbc-11e1-a697-806e6f6e6963}\99program files\dvd maker\shared\dvdstyles\specialoccasion,,specialnavigationup_selectionsubpicture.png22\\?\Volume{4d4a291d-7dbc-11e1-a697-806e6f6e6963}\QQprogramdata\microsoft\device stage\device\{8702d817-5aad-4674-9ef3-4d3decd87120}
Source: metadata-2.2.dr	Binary string: acxtrnal.dll22\\?\Volume{4d4a291d-7dbc-11e1-a697-806e6f6e6963}\((windows\diagnostics\system\device\en-us
Source: metadata-2.2.dr	Binary string: journal.exe22\\?\Volume{4d4a291d-7dbc-11e1-a697-806e6f6e6963}\QQprogramdata\microsoft\device stage\device\{8702d817-5aad-4674-9ef3-4d3decd87120}
Source: metadata-2.2.dr	Binary string: sbdrop.dll22\\?\Volume{4d4a291d-7dbc-11e1-a697-806e6f6e6963}\QQprogramdata\microsoft\device stage\device\{113527a4-45d4-4b6f-b567-97838f1b04b0}
Source: metadata-2.2.dr	Binary string: system.web.dynamicdata.dll22\\?\Volume{4d4a291d-7dbc-11e1-a697-806e6f6e6963}\BBprogram files (x86)\windows sidebar\gadgets\weather.gadget\images33docked_black_moon-waxing-gibbous_partly-cloudy.png22\\?\Volume{4d4a291d-7dbc-11e1-a697-806e6f6e6963}\QQprogramdata\microsoft\device stage\device\{8702d817-5aad-4674-9ef3-4d3decd87120}
Source: metadata-2.2.dr	Binary string: system.addin.contract.dll22\\?\Volume{4d4a291d-7dbc-11e1-a697-806e6f6e6963}\QQprogramdata\microsoft\device stage\device\{113527a4-45d4-4b6f-b567-97838f1b04b0}
Source: metadata-2.2.dr	Binary string: wmplayer.exe.mui22\\?\Volume{4d4a291d-7dbc-11e1-a697-806e6f6e6963}\BBprogram files (x86)\windows sidebar\gadgets\weather.gadget\images**undocked_black_moon-new_partly-cloudy.png22\\?\Volume{4d4a291d-7dbc-11e1-a697-806e6f6e6963}\((windows\diagnostics\system\device\en-us
Source: metadata-2.2.dr	Binary string: highlight.png22\\?\Volume{4d4a291d-7dbc-11e1-a697-806e6f6e6963}\66program files\windows sidebar\gadgets\rssfeeds.gadgeticon.png22\\?\Volume{4d4a291d-7dbc-11e1-a697-806e6f6e6963}\QQprogramdata\microsoft\device stage\device\{113527a4-45d4-4b6f-b567-97838f1b04b0}

Classification label

Show sources

Source: classification engine

Classification label: mal44.rans.adwa.evad.mine.winMSI@503/506@3/5

Contains functionality to create services

Show sources

Source: C:\Windows\System32\xbox-service.exe	Code function: GetModuleFileNameA,OpenSCManagerA,MessageBoxA,CreateServiceA,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,		8_2_000000013F1B8DA0
Source: C:\Windows\System32\xbox-service.exe	Code function: GetModuleFileNameA,OpenSCManagerA,MessageBoxA,CreateServiceA,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,		9_1_000000013FBC8DA0

Contains functionality to instantiate COM classes

Show sources

Source: C:\Windows\System32\xbox-service.exe

Code function: 8_2_000000013F1B6360 CoCreateInstance,

8_2_000000013F1B6360

Contains functionality to load and extract PE file embedded resources

Show sources

Source: C:\Windows\System32\msiexec.exe

Code function: 7_1_000007FEF3943870 GetWindowsDirectoryA,FindResourceA,LoadResource,LockResource,SizeofResource,Sleep,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,

7_1_000007FEF3943870

Contains functionality to modify services (start/stop/modify)

Show sources

Source: C:\Windows\System32\msiexec.exe

Code function: 7_1_000007FEF3943560 OpenSCManagerA,OpenServiceA,ChangeServiceConfigA,StartServiceA,CloseServiceHandle,CloseServiceHandle,

7_1_000007FEF3943560

Contains functionality to register a service control handler (likely the sample is a service DLL)

Show sources

Source: C:\Windows\System32\xbox-service.exe	Code function: 8_2_000000013F1BB330 RegQueryValueExA,StartServiceCtrlDispatcherA,GetLastError,RegCloseKey,RegCloseKey,		8_2_000000013F1BB330
Source: C:\Windows\System32\xbox-service.exe	Code function: 9_1_000000013FBCB330 RegQueryValueExA,StartServiceCtrlDispatcherA,GetLastError,RegCloseKey,RegCloseKey,		9_1_000000013FBCB330

Creates files inside the program directory

Show sources

Source: C:\Windows\System32\msiexec.exe

File created: C:\Program Files\PDFescape Desktop

Jump to behavior

Creates temporary files

Show sources

Source: C:\Windows\System32\msiexec.exe

File created: C:\Users\user~1\AppData\Local\Temp\~DFA7C98E8F99864179.TMP

Jump to behavior

Reads ini files

Show sources

Source: C:\Windows\SysWOW64\msiexec.exe

File read: C:\Windows\win.ini

Jump to behavior

Reads software policies

Show sources

Source: C:\Windows\SysWOW64\msiexec.exe

Key opened: HKEY_USERS\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Runs a DLL by calling functions

Show sources

Source: unknown

Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll

SQL strings found in memory and binary data

Show sources

Source: tmp2C70.tmp.7.dr	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: tmp2C70.tmp.7.dr	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: tmp2C70.tmp.7.dr	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: tmp2C70.tmp.7.dr	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');

Sample is known by Antivirus

Show sources

Source: pdfescape-desktop-asian-and-extended.msi

virustotal: Detection: 22%

Spawns processes

Show sources

Source: unknown	Process created: C:\Windows\SysWOW64\msiexec.exe 'C:\Windows\System32\msiexec.exe' /i 'C:\Users\user\Desktop\pdfescape-desktop-asian-and-extended.msi'
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: unknown	Process created: C:\Windows\System32\VSSVC.exe C:\Windows\system32\vssvc.exe
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k swprv
Source: unknown	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Source: unknown	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\MsiExec.exe -Embedding D0DE56A5A4E90E630E24D08AB2B60C38
Source: unknown	Process created: C:\Windows\System32\xbox-service.exe C:\Windows\system32\xbox-service.exe -service
Source: unknown	Process created: C:\Windows\System32\xbox-service.exe C:\Windows\system32\xbox-service.exe
Source: unknown	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: unknown	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: unknown	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: unknown	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: unknown	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: unknown	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: unknown	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: unknown	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: unknown	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: unknown	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: unknown	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: unknown	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: unknown	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: unknown	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: unknown	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: unknown	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: unknown	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: unknown	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: unknown	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: unknown	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: unknown	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: unknown	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: unknown	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: unknown	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: unknown	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: unknown	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: unknown	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: unknown	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: unknown	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\MsiExec.exe -Embedding D0DE56A5A4E90E630E24D08AB2B60C38	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\xbox-service.exe C:\Windows\system32\xbox-service.exe -service	Jump to behavior
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: C:\Windows\System32\rundll32.exe rundll32 C:\Windows\pagefile.sys,dll
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown
Source: C:\Windows\System32\xbox-service.exe	Process created: unknown unknown

Uses an in-process (OLE) Automation server

Show sources

Source: C:\Windows\SysWOW64\msiexec.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000C103E-0000-0000-C000-000000000046}\InProcServer32

Jump to behavior

Found GUI installer (many successful clicks)

Show sources

Source: C:\Windows\SysWOW64\msiexec.exe	Automated click: I accept the terms in the License Agreement
Source: C:\Windows\SysWOW64\msiexec.exe	Automated click: Install

Found installer window with terms and condition text

Show sources

Source: C:\Windows\SysWOW64\msiexec.exe

Window detected: WixUI_Bmp_DialogI &accept the terms in the License Agreement&Print&Back&InstallCancelThe software that is subject to this End User's Software License Agreement ("EULA") is the PDFescape Desktop software (the "Licensed Software" as more fully defined below). This EULA is a legally binding agreement between the end user (the "Licensee") and Red Software (the "Licensor") pursuant to which the Licensor licenses the use of the Licensed Software to the end user (the "Licensee").Please read it carefully. If you have any questions concerning this EULA please contact the Licensor. Any installing copying accessing or using the Licensed Software by you (the "Licensee") constitutes Licensee's acceptance of and promise to comply with all of the terms and conditions of this EULA.Revised 2016-04-04LICENSE TERMS1. SOFTWARE CONTENTThe "Licensed Software" includes all of the contents of the files disk(s) CD-ROM(s) DVDs or other media for which this EULA is provided including:(1)third party computer information or software that

Creates a directory in C:\Program Files

Show sources

Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\78-EUC-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\78-EUC-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\78-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\78-RKSJ-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\78-RKSJ-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\78-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\78ms-RKSJ-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\78ms-RKSJ-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\83pv-RKSJ-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\90ms-RKSJ-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\90ms-RKSJ-UCS2	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\90ms-RKSJ-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\90msp-RKSJ-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\90msp-RKSJ-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\90pv-RKSJ-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\90pv-RKSJ-UCS2	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\90pv-RKSJ-UCS2C	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\90pv-RKSJ-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Add-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Add-RKSJ-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Add-RKSJ-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Add-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-CNS1-0	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-CNS1-1	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-CNS1-2	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-CNS1-3	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-CNS1-4	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-CNS1-5	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-CNS1-B5pc	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-CNS1-ETenms-B5	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-CNS1-H-CID	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-CNS1-H-Host	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-CNS1-H-Mac	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-CNS1-UCS2	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-GB1-0	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-GB1-1	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-GB1-2	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-GB1-3	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-GB1-4	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-GB1-5	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-GB1-GBK-EUC	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-GB1-GBpc-EUC	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-GB1-H-CID	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-GB1-H-Host	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-GB1-H-Mac	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-GB1-UCS2	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Japan1-0	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Japan1-1	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Japan1-2	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Japan1-3	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Japan1-4	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Japan1-5	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Japan1-6	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Japan1-90ms-RKSJ	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Japan1-90pv-RKSJ	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Japan1-H-CID	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Japan1-H-Host	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Japan1-H-Mac	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Japan1-PS-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Japan1-PS-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Japan1-UCS2	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Japan2-0	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Korea1-0	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Korea1-1	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Korea1-2	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Korea1-H-CID	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Korea1-H-Host	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Korea1-H-Mac	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Korea1-KSCms-UHC	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Korea1-KSCpc-EUC	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Korea1-UCS2	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\B5-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\B5-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\B5pc-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\B5pc-UCS2	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\B5pc-UCS2C	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\B5pc-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\CNS-EUC-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\CNS-EUC-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\CNS01-RKSJ-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\CNS02-RKSJ-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\CNS03-RKSJ-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\CNS04-RKSJ-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\CNS05-RKSJ-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\CNS06-RKSJ-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\CNS07-RKSJ-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\CNS1-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\CNS1-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\CNS15-RKSJ-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\CNS2-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\CNS2-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\ETen-B5-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\ETen-B5-UCS2	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\ETen-B5-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\ETenms-B5-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\ETenms-B5-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\ETHK-B5-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\ETHK-B5-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\EUC-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\EUC-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Ext-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Ext-RKSJ-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Ext-RKSJ-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Ext-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\GB-EUC-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\GB-EUC-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\GB-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\GB-RKSJ-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\GB-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\GBK-EUC-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\GBK-EUC-UCS2	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\GBK-EUC-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\GBK2K-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\GBK2K-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\GBKp-EUC-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\GBKp-EUC-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\GBpc-EUC-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\GBpc-EUC-UCS2	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\GBpc-EUC-UCS2C	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\GBpc-EUC-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\GBT-EUC-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\GBT-EUC-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\GBT-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\GBT-RKSJ-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\GBT-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\GBTpc-EUC-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\GBTpc-EUC-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Hankaku	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Hiragana	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\HK-RKSJ-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\HKdla-B5-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\HKdla-B5-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\HKdlb-B5-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\HKdlb-B5-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\HKgccs-B5-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\HKgccs-B5-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\HKm314-B5-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\HKm314-B5-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\HKm471-B5-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\HKm471-B5-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\HKscs-B5-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\HKscs-B5-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Hojo-EUC-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Hojo-EUC-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Hojo-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Hojo-RKSJ-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Hojo-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Identity-UTF16-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Identity-UTF16-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Katakana	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\KSC-EUC-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\KSC-EUC-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\KSC-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\KSC-Johab-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\KSC-Johab-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\KSC-RKSJ-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\KSC-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\KSC2-RKSJ-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\KSCms-UHC-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\KSCms-UHC-HW-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\KSCms-UHC-HW-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\KSCms-UHC-UCS2	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\KSCms-UHC-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\KSCpc-EUC-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\KSCpc-EUC-UCS2	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\KSCpc-EUC-UCS2C	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\KSCpc-EUC-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\NWP-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\NWP-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\RKSJ-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\RKSJ-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\Roman	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\TCVN-RKSJ-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UCS2-90ms-RKSJ	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UCS2-90pv-RKSJ	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UCS2-B5pc	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UCS2-ETen-B5	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UCS2-GBK-EUC	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UCS2-GBpc-EUC	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UCS2-KSCms-UHC	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UCS2-KSCpc-EUC	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniCNS-UCS2-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniCNS-UCS2-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniCNS-UTF16-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniCNS-UTF16-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniCNS-UTF32-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniCNS-UTF32-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniCNS-UTF8-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniCNS-UTF8-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniGB-UCS2-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniGB-UCS2-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniGB-UTF16-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniGB-UTF16-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniGB-UTF32-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniGB-UTF32-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniGB-UTF8-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniGB-UTF8-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniHojo-UCS2-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniHojo-UCS2-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniHojo-UTF16-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniHojo-UTF16-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniHojo-UTF32-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniHojo-UTF32-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniHojo-UTF8-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniHojo-UTF8-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniJIS-UCS2-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniJIS-UCS2-HW-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniJIS-UCS2-HW-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniJIS-UCS2-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniJIS-UTF16-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniJIS-UTF16-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniJIS-UTF32-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniJIS-UTF32-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniJIS-UTF8-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniJIS-UTF8-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniJIS2004-UTF16-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniJIS2004-UTF16-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniJIS2004-UTF32-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniJIS2004-UTF32-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniJIS2004-UTF8-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniJIS2004-UTF8-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniJISPro-UCS2-HW-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniJISPro-UCS2-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniJISPro-UTF8-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniJISX0213-UTF32-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniJISX0213-UTF32-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniJISX02132004-UTF32-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniJISX02132004-UTF32-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniKS-UCS2-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniKS-UCS2-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniKS-UTF16-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniKS-UTF16-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniKS-UTF32-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniKS-UTF32-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniKS-UTF8-H	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\UniKS-UTF8-V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\V	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\PDFescape Desktop\resources\CMap\WP-Symbol	Jump to behavior

Creates a software uninstall entry

Show sources

Source: C:\Windows\System32\msiexec.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Uninstall\{B52074CE-AD76-4FB0-A18E-750A76508F5E}

Jump to behavior

Submission file is bigger than most known malware samples

Show sources

Source: pdfescape-desktop-asian-and-extended.msi

Static file information: File size 5918720 > 1048576

Binary contains paths to debug symbols

Show sources

Source:	Binary string: C:\progects\mining-service\xmr\build\x64\Release\service64.pdb" source: xbox-service.exe, 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp, pdfescape-desktop-asian-and-extended.msi
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 /WX -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -D"WINVER=0x0501" -D"_WIN32_WINNT=0x0501" -D"_USING_V110_SDK71_" source: tmp2C70.tmp.7.dr
Source:	Binary string: D:\LULU\TempBuilds\TemporaryBuilds\CAN_Installer_Builder_1\9\s\_bin\PDFescape\Win32\PDFescapeDesktopInstaller.pdb". source: tmp2C70.tmp.7.dr
Source:	Binary string: C:\progects\mining-service\xmr\build\Release\service32.pdb source: pdfescape-desktop-asian-and-extended.msi
Source:	Binary string: C:\progects\mining-service\xmr\build\x64\Release\service64.pdb source: xbox-service.exe, 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp, pdfescape-desktop-asian-and-extended.msi
Source:	Binary string: D:\LULU\TempBuilds\TemporaryBuilds\CAN_Installer_Builder_1\9\s\_bin\PDFescape\Win32\PDFescapeStatisticsDll.pdb source: tmp2C70.tmp.7.dr
Source:	Binary string: D:\LULU\TempBuilds\TemporaryBuilds\CAN_Installer_Builder_1\9\s\_bin\PDFescape\Win32\PDFescapeDesktopInstaller.pdb source: tmp2C70.tmp.7.dr
Source:	Binary string: ?crypto\stack\stack.ccompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 /WX -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -D"WINVER=0x0501" -D"_WIN32_WINNT=0x0501" -D"_USING_V110_SDK71_"crypto\bio\bio_lib.c source: tmp2C70.tmp.7.dr
Source:	Binary string: C:\delivery\Dev\wix30_public\build\ship\x86\PrintEula.pdb source: pdfescape-desktop-asian-and-extended.msi

Data Obfuscation:

Contains functionality to dynamically determine API calls

Show sources

Source: C:\Windows\System32\rundll32.exe

Code function: 10_1_00000001800A2778 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

10_1_00000001800A2778

PE file contains an invalid checksum

Show sources

Source: xbox-service.exe.7.dr	Static PE information: real checksum: 0x0 should be: 0xf91e3
Source: pagefile.sys.9.dr	Static PE information: real checksum: 0x176fd5 should be:
Source: PDFescape_Desktop_Installer_3.0.25.584[1].exe.7.dr	Static PE information: real checksum: 0xb9e019 should be:

Persistence and Installation Behavior:

Drops executables to the windows directory (C:\Windows) and starts them

Show sources

Source: C:\Windows\System32\msiexec.exe

Executable created and started: C:\Windows\system32\xbox-service.exe

Jump to behavior

Drops PE files

Show sources

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\xbox-service.exe	Jump to dropped file
Source: C:\Windows\System32\xbox-service.exe	File created: C:\Windows\pagefile.sys	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIB0F.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user~1\AppData\Local\Temp\tmp2C70.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GOPT6FQ2\PDFescape_Desktop_Installer_3.0.25.584[1].exe	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Show sources

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\xbox-service.exe	Jump to dropped file
Source: C:\Windows\System32\xbox-service.exe	File created: C:\Windows\pagefile.sys	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIB0F.tmp	Jump to dropped file

May use bcdedit to modify the Windows boot settings

Show sources

Source: metadata-2.2.dr	Binary or memory string: bcdedit.exe22\\?\Volume{4d4a291d-7dbc-11e1-a697-806e6f6e6963}\
Source: metadata-2.2.dr	Binary or memory string: bcdedit.exe.mui22\\?\Volume{4d4a291d-7dbc-11e1-a697-806e6f6e6963}\

Boot Survival:

Creates or modifies windows services

Show sources

Source: C:\Windows\System32\msiexec.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher

Jump to behavior

Modifies existing windows services

Show sources

Source: C:\Windows\System32\msiexec.exe

Registry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore

Jump to behavior

Contains functionality to start windows services

Show sources

Source: C:\Windows\System32\msiexec.exe

Code function: 7_1_000007FEF3943560 OpenSCManagerA,OpenServiceA,ChangeServiceConfigA,StartServiceA,CloseServiceHandle,CloseServiceHandle,

7_1_000007FEF3943560

Hooking and other Techniques for Hiding and Protection:

Extensive use of GetProcAddress (often used to hide API calls)

Show sources

Source: C:\Windows\System32\msiexec.exe

Code function: 7_1_000007FEF3947D48 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

7_1_000007FEF3947D48

Disables application error messsages (SetErrorMode)

Show sources

Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

Checks the free space of harddrives

Show sources

Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Contains long sleeps (>= 3 min)

Show sources

Source: C:\Windows\System32\xbox-service.exe	Thread delayed: delay time: 600000
Source: C:\Windows\System32\xbox-service.exe	Thread delayed: delay time: 600000

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Show sources

Source: C:\Windows\System32\xbox-service.exe

Window / User API: threadDelayed 462

Found dropped PE file which has not been started or loaded

Show sources

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user~1\AppData\Local\Temp\tmp2C70.tmp			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GOPT6FQ2\PDFescape_Desktop_Installer_3.0.25.584[1].exe			Jump to dropped file

Found large amount of non-executed APIs

Show sources

Source: C:\Windows\System32\xbox-service.exe	API coverage: 9.6 %
Source: C:\Windows\System32\rundll32.exe	API coverage: 4.1 %
Source: C:\Windows\System32\rundll32.exe	API coverage: 4.0 %

May sleep (evasive loops) to hinder dynamic analysis

Show sources

Source: C:\Windows\System32\msiexec.exe TID: 2664	Thread sleep time: -300000s >= -60000s	Jump to behavior
Source: C:\Windows\System32\VSSVC.exe TID: 2388	Thread sleep time: -180000s >= -60000s	Jump to behavior
Source: C:\Windows\System32\VSSVC.exe TID: 2388	Thread sleep time: -60000s >= -60000s	Jump to behavior
Source: C:\Windows\System32\svchost.exe TID: 2776	Thread sleep time: -60000s >= -60000s	Jump to behavior
Source: C:\Windows\System32\msiexec.exe TID: 284	Thread sleep count: 41 > 30	Jump to behavior
Source: C:\Windows\System32\msiexec.exe TID: 284	Thread sleep time: -2460000s >= -60000s	Jump to behavior
Source: C:\Windows\System32\xbox-service.exe TID: 2696	Thread sleep time: -101738s >= -60000s
Source: C:\Windows\System32\xbox-service.exe TID: 2696	Thread sleep count: 462 > 30
Source: C:\Windows\System32\xbox-service.exe TID: 2696	Thread sleep time: -277200000s >= -60000s
Source: C:\Windows\System32\xbox-service.exe TID: 2696	Thread sleep time: -600000s >= -60000s

Sample execution stops while process was sleeping (likely an evasion)

Show sources

Source: C:\Windows\System32\xbox-service.exe

Last function: Thread delayed

Contains functionality to enumerate / list files inside a directory

Show sources

Source: C:\Windows\System32\msiexec.exe	Code function: 7_1_000007FEF3941F30 FindFirstFileExW,	7_1_000007FEF3941F30
Source: C:\Windows\System32\msiexec.exe	Code function: 7_1_000007FEF3959598 FindFirstFileExA,	7_1_000007FEF3959598
Source: C:\Windows\System32\xbox-service.exe	Code function: 8_2_000000013F1D33D4 FindFirstFileExA,	8_2_000000013F1D33D4
Source: C:\Windows\System32\xbox-service.exe	Code function: 9_1_000000013FBE33D4 FindFirstFileExA,	9_1_000000013FBE33D4
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800C9C70 FindFirstFileExA,	10_1_00000001800C9C70
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800C9C70 FindFirstFileExA,	12_1_00000001800C9C70

Contains functionality to query system information

Show sources

Source: C:\Windows\System32\xbox-service.exe

Code function: 8_2_000000013F1C5370 VirtualQuery,GetSystemInfo,VirtualAlloc,VirtualProtect,

8_2_000000013F1C5370

May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)

Show sources

Source: msiexec.exe, 00000002.00000003.12408141029.0000000002C6C000.00000004.sdmp	Binary or memory string: microsoft-hyper-v-migration-replacement.man
Source: metadata-2.2.dr	Binary or memory string: lsm.exe22\\?\Volume{4d4a291d-7dbc-11e1-a697-806e6f6e6963}\--windows\system32\migwiz\replacementmanifests,,microsoft-hyper-v-migration-replacement.man22\\?\Volume{4d4a291d-7dbc-11e1-a697-806e6f6e6963}\
Source: msiexec.exe, 00000002.00000003.12440495715.000000000423A000.00000004.sdmp	Binary or memory string: microsoft-hyper-v-client-migration-replacement.man
Source: msiexec.exe, 00000002.00000003.12440495715.000000000423A000.00000004.sdmp	Binary or memory string: microsoft-hyper-v-drivers-migration-replacement.man`
Source: metadata-2.2.dr	Binary or memory string: iasmigplugin-dl.man22\\?\Volume{4d4a291d-7dbc-11e1-a697-806e6f6e6963}\--windows\system32\migwiz\replacementmanifests33microsoft-hyper-v-client-migration-replacement.man22\\?\Volume{4d4a291d-7dbc-11e1-a697-806e6f6e6963}\##windows\system32\spp\tokens\ppdlic
Source: metadata-2.2.dr	Binary or memory string: imscmig.dll22\\?\Volume{4d4a291d-7dbc-11e1-a697-806e6f6e6963}\--windows\system32\migwiz\replacementmanifests44microsoft-hyper-v-drivers-migration-replacement.man22\\?\Volume{4d4a291d-7dbc-11e1-a697-806e6f6e6963}\
Source: metadata-2.2.dr	Binary or memory string: iasmigplugin-dl.man22\\?\Volume{4d4a291d-7dbc-11e1-a697-806e6f6e6963}\--windows\syswow64\migwiz\replacementmanifests33microsoft-hyper-v-client-migration-replacement.man22\\?\Volume{4d4a291d-7dbc-11e1-a697-806e6f6e6963}\,,program files (x86)\internet explorer\en-us

Queries a list of all running processes

Show sources

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging:

Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))

Show sources

Source: C:\Windows\SysWOW64\msiexec.exe

System information queried: KernelDebuggerInformation

Jump to behavior

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Show sources

Source: C:\Windows\System32\msiexec.exe

Code function: 7_1_000007FEF394CFD4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

7_1_000007FEF394CFD4

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Show sources

Source: C:\Windows\System32\msiexec.exe

Code function: 7_1_000007FEF394844C GetLastError,IsDebuggerPresent,OutputDebugStringW,

7_1_000007FEF394844C

Contains functionality to dynamically determine API calls

Show sources

Source: C:\Windows\System32\rundll32.exe

Code function: 10_1_00000001800A2778 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

10_1_00000001800A2778

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Show sources

Source: C:\Windows\System32\msiexec.exe

Code function: 7_1_000007FEF395521C GetProcessHeap,

7_1_000007FEF395521C

Contains functionality to register its own exception handler

Show sources

Source: C:\Windows\System32\msiexec.exe	Code function: 7_1_000007FEF3949364 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	7_1_000007FEF3949364
Source: C:\Windows\System32\msiexec.exe	Code function: 7_1_000007FEF394CFD4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_1_000007FEF394CFD4
Source: C:\Windows\System32\msiexec.exe	Code function: 7_1_000007FEF3949608 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_1_000007FEF3949608
Source: C:\Windows\System32\xbox-service.exe	Code function: 8_2_000000013F1BFC90 SetUnhandledExceptionFilter,_invalid_parameter_noinfo,	8_2_000000013F1BFC90
Source: C:\Windows\System32\xbox-service.exe	Code function: 8_2_000000013F1C4F10 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	8_2_000000013F1C4F10
Source: C:\Windows\System32\xbox-service.exe	Code function: 8_2_000000013F1C0324 SetUnhandledExceptionFilter,	8_2_000000013F1C0324
Source: C:\Windows\System32\xbox-service.exe	Code function: 8_2_000000013F1BF114 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	8_2_000000013F1BF114
Source: C:\Windows\System32\xbox-service.exe	Code function: 8_2_000000013F1C014C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	8_2_000000013F1C014C
Source: C:\Windows\System32\xbox-service.exe	Code function: 9_1_000000013FBCFC90 SetUnhandledExceptionFilter,_invalid_parameter_noinfo,	9_1_000000013FBCFC90
Source: C:\Windows\System32\xbox-service.exe	Code function: 9_1_000000013FBD4F10 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	9_1_000000013FBD4F10
Source: C:\Windows\System32\xbox-service.exe	Code function: 9_1_000000013FBD0324 SetUnhandledExceptionFilter,	9_1_000000013FBD0324
Source: C:\Windows\System32\xbox-service.exe	Code function: 9_1_000000013FBCF114 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	9_1_000000013FBCF114
Source: C:\Windows\System32\xbox-service.exe	Code function: 9_1_000000013FBD014C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	9_1_000000013FBD014C
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_000000018008E8CC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	10_1_000000018008E8CC
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800B0FF4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	10_1_00000001800B0FF4
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_000000018008F444 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	10_1_000000018008F444
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_000000018008E8CC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	12_1_000000018008E8CC
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800B0FF4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	12_1_00000001800B0FF4
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_000000018008F444 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	12_1_000000018008F444

HIPS / PFW / Operating System Protection Evasion:

Modifies the hosts file

Show sources

Source: C:\Windows\System32\msiexec.exe

File written: C:\Windows\System32\drivers\etc\hosts

Jump to behavior

Mutes Antivirus updates and installments via hosts file black listing

Show sources

Source: C:\Windows\System32\msiexec.exe

Hosts file modification: 127.0.0.1 update.eset.com

Jump to dropped file

May try to detect the Windows Explorer process (often used for injection)

Show sources

Source: tmp2C70.tmp.7.dr

Binary or memory string: E#more-details#restartRestart button clickedd:\lulu\tempbuilds\temporarybuilds\can_installer_builder_1\9\s\glaminstallercom\balloonview.cpp.popup-info p.top-loaderShell_TrayWnd,

Language, Device and Operating System Detection:

Contains functionality locales information (e.g. system language)

Show sources

Source: C:\Windows\System32\msiexec.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	7_1_000007FEF395DA4C
Source: C:\Windows\System32\msiexec.exe	Code function: EnumSystemLocalesW,	7_1_000007FEF3955288
Source: C:\Windows\System32\msiexec.exe	Code function: EnumSystemLocalesW,	7_1_000007FEF395D9B4
Source: C:\Windows\System32\msiexec.exe	Code function: EnumSystemLocalesW,	7_1_000007FEF395D8E4
Source: C:\Windows\System32\msiexec.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	7_1_000007FEF395DFC4
Source: C:\Windows\System32\msiexec.exe	Code function: GetLocaleInfoW,	7_1_000007FEF3955724
Source: C:\Windows\System32\msiexec.exe	Code function: GetLocaleInfoW,	7_1_000007FEF395DE8C
Source: C:\Windows\System32\msiexec.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	7_1_000007FEF395DDDC
Source: C:\Windows\System32\msiexec.exe	Code function: TranslateName,TranslateName,IsValidCodePage,wcschr,wcschr,GetLocaleInfoW,	7_1_000007FEF395D5D8
Source: C:\Windows\System32\msiexec.exe	Code function: GetLocaleInfoW,	7_1_000007FEF395DC90
Source: C:\Windows\System32\xbox-service.exe	Code function: EnumSystemLocalesW,	8_2_000000013F1D6F44
Source: C:\Windows\System32\xbox-service.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	8_2_000000013F1D6FDC
Source: C:\Windows\System32\xbox-service.exe	Code function: EnumSystemLocalesW,	8_2_000000013F1D6E74
Source: C:\Windows\System32\xbox-service.exe	Code function: GetLocaleInfoW,	8_2_000000013F1CFD04
Source: C:\Windows\System32\xbox-service.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	8_2_000000013F1D7554
Source: C:\Windows\System32\xbox-service.exe	Code function: GetLocaleInfoW,	8_2_000000013F1D741C
Source: C:\Windows\System32\xbox-service.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	8_2_000000013F1D736C
Source: C:\Windows\System32\xbox-service.exe	Code function: TranslateName,TranslateName,IsValidCodePage,wcschr,wcschr,GetLocaleInfoW,	8_2_000000013F1D6B68
Source: C:\Windows\System32\xbox-service.exe	Code function: GetLocaleInfoW,	8_2_000000013F1D7220
Source: C:\Windows\System32\xbox-service.exe	Code function: EnumSystemLocalesW,	8_2_000000013F1CF868
Source: C:\Windows\System32\xbox-service.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	9_1_000000013FBE6FDC
Source: C:\Windows\System32\xbox-service.exe	Code function: EnumSystemLocalesW,	9_1_000000013FBE6F44
Source: C:\Windows\System32\xbox-service.exe	Code function: EnumSystemLocalesW,	9_1_000000013FBE6E74
Source: C:\Windows\System32\xbox-service.exe	Code function: GetLocaleInfoW,	9_1_000000013FBDFD04
Source: C:\Windows\System32\xbox-service.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	9_1_000000013FBE7554
Source: C:\Windows\System32\xbox-service.exe	Code function: GetLocaleInfoW,	9_1_000000013FBE741C
Source: C:\Windows\System32\xbox-service.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	9_1_000000013FBE736C
Source: C:\Windows\System32\xbox-service.exe	Code function: TranslateName,TranslateName,IsValidCodePage,wcschr,wcschr,GetLocaleInfoW,	9_1_000000013FBE6B68
Source: C:\Windows\System32\xbox-service.exe	Code function: GetLocaleInfoW,	9_1_000000013FBE7220
Source: C:\Windows\System32\xbox-service.exe	Code function: EnumSystemLocalesW,	9_1_000000013FBDF868

Contains functionality to query CPU information (cpuid)

Show sources

Source: C:\Windows\System32\msiexec.exe

Code function: 7_1_000007FEF3958EB0 cpuid

7_1_000007FEF3958EB0

Queries the volume information (name, serial number etc) of a device

Show sources

Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Contains functionality to query local / system time

Show sources

Source: C:\Windows\System32\msiexec.exe

Code function: 7_1_000007FEF39499C4 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

7_1_000007FEF39499C4

Contains functionality to query time zone information

Show sources

Source: C:\Windows\System32\rundll32.exe

Code function: 10_1_00000001800C7B80 GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,

10_1_00000001800C7B80

Contains functionality to query windows version

Show sources

Source: C:\Windows\System32\rundll32.exe

Code function: 10_1_00000001800342F0 GetStdHandle,GetFileType,MultiByteToWideChar,GetVersion,RegisterEventSourceW,ReportEventW,DeregisterEventSource,MessageBoxW,

10_1_00000001800342F0

Queries the cryptographic machine GUID

Show sources

Source: C:\Windows\SysWOW64\msiexec.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings:

Modifies the hosts file

Show sources

Source: C:\Windows\System32\msiexec.exe

File written: C:\Windows\System32\drivers\etc\hosts

Jump to behavior

AV process strings found (often used to terminate AV products)

Show sources

Source: msiexec.exe, 00000002.00000003.12440495715.000000000423A000.00000004.sdmp	Binary or memory string: msascui.exe
Source: msiexec.exe, 00000002.00000003.12440495715.000000000423A000.00000004.sdmp	Binary or memory string: mcupdate.exe

Remote Access Functionality:

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Show sources

Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800A64E8 Concurrency::details::InternalContextBase::SwitchOut,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::InternalContextBase::SwitchTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::WorkItem::Bind,	10_1_00000001800A64E8
Source: C:\Windows\System32\rundll32.exe	Code function: 10_1_00000001800A53B4 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::WorkItem::Bind,Concurrency::details::SchedulerBase::GetInternalContext,	10_1_00000001800A53B4
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800A64E8 Concurrency::details::InternalContextBase::SwitchOut,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::InternalContextBase::SwitchTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::WorkItem::Bind,	12_1_00000001800A64E8
Source: C:\Windows\System32\rundll32.exe	Code function: 12_1_00000001800A53B4 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::WorkItem::Bind,Concurrency::details::SchedulerBase::GetInternalContext,	12_1_00000001800A53B4

Behavior Graph

Simulations

Behavior and APIs

Time	Type	Description
13:21:50	API Interceptor	142x Sleep call for process: msiexec.exe modified
13:21:55	API Interceptor	3x Sleep call for process: svchost.exe modified
13:22:01	API Interceptor	3x Sleep call for process: mscorsvw.exe modified
13:23:27	API Interceptor	468x Sleep call for process: xbox-service.exe modified

Antivirus Detection

Initial Sample

Source	Detection	Scanner	Label	Link
pdfescape-desktop-asian-and-extended.msi	22%	virustotal		Browse

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Windows\System32\xbox-service.exe	100%	Avira	HEUR/AGEN.1013443

Unpacked PE Files

Source	Detection	Scanner	Label
8.1.xbox-service.exe.13f1b0000.0.unpack	100%	Avira	HEUR/AGEN.1013443
8.2.xbox-service.exe.13f1b0000.0.unpack	100%	Avira	HEUR/AGEN.1013443
8.0.xbox-service.exe.13f1b0000.2.unpack	100%	Avira	HEUR/AGEN.1013443
9.1.xbox-service.exe.13fbc0000.0.unpack	100%	Avira	HEUR/AGEN.1013443
9.0.xbox-service.exe.13fbc0000.0.unpack	100%	Avira	HEUR/AGEN.1013443
8.0.xbox-service.exe.13f1b0000.0.unpack	100%	Avira	HEUR/AGEN.1013443
8.0.xbox-service.exe.13f1b0000.3.unpack	100%	Avira	HEUR/AGEN.1013443
8.0.xbox-service.exe.13f1b0000.1.unpack	100%	Avira	HEUR/AGEN.1013443

Domains

Source	Detection	Scanner	Link
pdfedesktopmsi.b-cdn.net	0%	virustotal	Browse
cdn.lulusoft.com	0%	virustotal	Browse
partner1.lulusoft.com	0%	virustotal	Browse
download-desktop-msi.pdfescape.com	0%	virustotal	Browse

URLs

No Antivirus matches

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Memory Dumps

No yara matches

Unpacked PEs

No yara matches

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
64.15.159.203	PDF_Architect_6_Installer.exe .exe	a7286b80224e7d034f39e614b040ecce0d2916b9a20b248301184186723591d1	malicious	Browse	cdn.lulusoft.com/download/pdfarchitect/pdfarch6/glamour

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
cdn.lulusoft.com	PDF_Architect_6_Installer.exe .exe	a7286b80224e7d034f39e614b040ecce0d2916b9a20b248301184186723591d1	malicious	Browse	64.15.159.203

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
VENUS-INTERNET-ASGB	ntVhnbr5F.exe	94fe0e8a61c506fba45d14571a14dc259e1d52778cef8366ce8cbdcd871e28db	malicious	Browse	82.102.21.90
IWEB-AS-iWebTechnologiesIncCA	http://wcdownloadercdn.lavasoft.com/4.0.1767.3319/WcInstaller.exe		malicious	Browse	72.55.154.81
	https://steakncake.com/Contracting/foundation.com.html		malicious	Browse	184.107.226.138
	16information.exe	ecf99b89356eb88ac2d7aabe49453829561196937d12b2ac8b1f9c6a16a0e3b3	malicious	Browse	192.175.119.132
	1LqOyBqqKwJ.exe	16e902bd262ec1fb8889f22927fd0cebc93e874ce5448ca27708f90c2546baed	malicious	Browse	64.15.135.145
	Documents.doc	c66c84f8ceaa3402958e94c264c022d462d7ed01639744416602d810cd47cef9	malicious	Browse	184.107.35.132
	3900494915.doc.js	7a28268d0b661fe555f774cf22bf9ba99f8525e524b7724d9c8a4567956529df	malicious	Browse	184.107.174.122
	sima-mehta.com/new-order		malicious	Browse	198.50.100.242
	49ATTACHMEN.exe	105e23db2f6fe01469e8eff5131c0cfb108d469f2c819d6f0c30ae9a46c8fd9f	malicious	Browse	174.142.225.233
	https://lomassmith.co.uk/Privates/foundation.com.html		malicious	Browse	184.107.226.138
	.exe	1f7e7d2f28c4173ab033bf8945ed5ea7641301c83c41baf81c878a99dfff2dea	malicious	Browse	174.142.225.233
	http://dance-u.com/Helpdesk/OWA.html		malicious	Browse	184.107.176.122
	http://south-floridaattorney.com/indictment-vs-information-in-a-criminal-case/		malicious	Browse	184.107.41.75
	PDF_Architect_6_Installer.exe .exe	a7286b80224e7d034f39e614b040ecce0d2916b9a20b248301184186723591d1	malicious	Browse	64.15.159.224
	FedEx_AWB invoic.exe	4eca73174bcdbc8c7fd352834cfb9db02e9554c3f06ccd2a0340da67ea7f093e	malicious	Browse	184.107.112.115
	http://karimatlassi.com/assets/demme/direct.php?email=tdaniels@coe.montana.edu		malicious	Browse	174.142.53.42
	http://teachingacademy.co.uk/wp-includes/css/ekwe/direct.php?email=austin.leach@montana.edu		malicious	Browse	174.142.53.42
	11.html .exe	7c8f8cd47ce05c5d4323765edc9fa8804b48a28442f4f7bee33707e2c1596a6b	malicious	Browse	64.15.135.145
	19youtube.exe	db3ee875ef668d4fd0d8b15f659868281f41cdf9993b81f531b6eb87334dfde9	malicious	Browse	184.107.21.170
	3900494915.doc.js	7a28268d0b661fe555f774cf22bf9ba99f8525e524b7724d9c8a4567956529df	malicious	Browse	184.107.174.122
	download.ap.bittorrent.com/track/stable/endpoint/utorrent/os/windows		malicious	Browse	72.55.154.81
IWEB-AS-iWebTechnologiesIncCA	http://wcdownloadercdn.lavasoft.com/4.0.1767.3319/WcInstaller.exe		malicious	Browse	72.55.154.81
	https://steakncake.com/Contracting/foundation.com.html		malicious	Browse	184.107.226.138
	16information.exe	ecf99b89356eb88ac2d7aabe49453829561196937d12b2ac8b1f9c6a16a0e3b3	malicious	Browse	192.175.119.132
	1LqOyBqqKwJ.exe	16e902bd262ec1fb8889f22927fd0cebc93e874ce5448ca27708f90c2546baed	malicious	Browse	64.15.135.145
	Documents.doc	c66c84f8ceaa3402958e94c264c022d462d7ed01639744416602d810cd47cef9	malicious	Browse	184.107.35.132
	3900494915.doc.js	7a28268d0b661fe555f774cf22bf9ba99f8525e524b7724d9c8a4567956529df	malicious	Browse	184.107.174.122
	sima-mehta.com/new-order		malicious	Browse	198.50.100.242
	49ATTACHMEN.exe	105e23db2f6fe01469e8eff5131c0cfb108d469f2c819d6f0c30ae9a46c8fd9f	malicious	Browse	174.142.225.233
	https://lomassmith.co.uk/Privates/foundation.com.html		malicious	Browse	184.107.226.138
	.exe	1f7e7d2f28c4173ab033bf8945ed5ea7641301c83c41baf81c878a99dfff2dea	malicious	Browse	174.142.225.233
	http://dance-u.com/Helpdesk/OWA.html		malicious	Browse	184.107.176.122
	http://south-floridaattorney.com/indictment-vs-information-in-a-criminal-case/		malicious	Browse	184.107.41.75
	PDF_Architect_6_Installer.exe .exe	a7286b80224e7d034f39e614b040ecce0d2916b9a20b248301184186723591d1	malicious	Browse	64.15.159.224
	FedEx_AWB invoic.exe	4eca73174bcdbc8c7fd352834cfb9db02e9554c3f06ccd2a0340da67ea7f093e	malicious	Browse	184.107.112.115
	http://karimatlassi.com/assets/demme/direct.php?email=tdaniels@coe.montana.edu		malicious	Browse	174.142.53.42
	http://teachingacademy.co.uk/wp-includes/css/ekwe/direct.php?email=austin.leach@montana.edu		malicious	Browse	174.142.53.42
	11.html .exe	7c8f8cd47ce05c5d4323765edc9fa8804b48a28442f4f7bee33707e2c1596a6b	malicious	Browse	64.15.135.145
	19youtube.exe	db3ee875ef668d4fd0d8b15f659868281f41cdf9993b81f531b6eb87334dfde9	malicious	Browse	184.107.21.170
	3900494915.doc.js	7a28268d0b661fe555f774cf22bf9ba99f8525e524b7724d9c8a4567956529df	malicious	Browse	184.107.174.122
	download.ap.bittorrent.com/track/stable/endpoint/utorrent/os/windows		malicious	Browse	72.55.154.81

Dropped Files

No context

Screenshots

Startup

System is w7x64

msiexec.exe (PID: 632 cmdline: 'C:\Windows\System32\msiexec.exe' /i 'C:\Users\user\Desktop\pdfescape-desktop-asian-and-extended.msi' MD5: EEE470F2A771FC0B543BDEEF74FCECA0)

msiexec.exe (PID: 2852 cmdline: C:\Windows\system32\msiexec.exe /V MD5: A190DA6546501CB4146BBCC0B6A3F48B)

msiexec.exe (PID: 1180 cmdline: C:\Windows\system32\MsiExec.exe -Embedding D0DE56A5A4E90E630E24D08AB2B60C38 MD5: A190DA6546501CB4146BBCC0B6A3F48B)

xbox-service.exe (PID: 2772 cmdline: C:\Windows\system32\xbox-service.exe -service MD5: 3E1B6D4FDD4DD9E328D4D65C0C436008)

VSSVC.exe (PID: 2152 cmdline: C:\Windows\system32\vssvc.exe MD5: B60BA0BC31B0CB414593E169F6F21CC2)

svchost.exe (PID: 2524 cmdline: C:\Windows\System32\svchost.exe -k swprv MD5: C78655BC80301D76ED4FEF1C1EA40A7D)

mscorsvw.exe (PID: 1268 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe MD5: BD2AE15EFB47E5215B4D0C59EA00C91A)

mscorsvw.exe (PID: 1804 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe MD5: 30EAABE7A3B1081B6F5DDE4A1C0305D2)

xbox-service.exe (PID: 2572 cmdline: C:\Windows\system32\xbox-service.exe MD5: 3E1B6D4FDD4DD9E328D4D65C0C436008)

rundll32.exe (PID: 1928 cmdline: rundll32 C:\Windows\pagefile.sys,dll MD5: DD81D91FF3B0763C392422865C9AC12E)

rundll32.exe (PID: 876 cmdline: rundll32 C:\Windows\pagefile.sys,dll MD5: DD81D91FF3B0763C392422865C9AC12E)

rundll32.exe (PID: 1784 cmdline: rundll32 C:\Windows\pagefile.sys,dll MD5: DD81D91FF3B0763C392422865C9AC12E)

rundll32.exe (PID: 3024 cmdline: rundll32 C:\Windows\pagefile.sys,dll MD5: DD81D91FF3B0763C392422865C9AC12E)

rundll32.exe (PID: 1572 cmdline: rundll32 C:\Windows\pagefile.sys,dll MD5: DD81D91FF3B0763C392422865C9AC12E)

rundll32.exe (PID: 2208 cmdline: rundll32 C:\Windows\pagefile.sys,dll MD5: DD81D91FF3B0763C392422865C9AC12E)

rundll32.exe (PID: 556 cmdline: rundll32 C:\Windows\pagefile.sys,dll MD5: DD81D91FF3B0763C392422865C9AC12E)

rundll32.exe (PID: 2128 cmdline: rundll32 C:\Windows\pagefile.sys,dll MD5: DD81D91FF3B0763C392422865C9AC12E)

rundll32.exe (PID: 2180 cmdline: rundll32 C:\Windows\pagefile.sys,dll MD5: DD81D91FF3B0763C392422865C9AC12E)

rundll32.exe (PID: 2244 cmdline: rundll32 C:\Windows\pagefile.sys,dll MD5: DD81D91FF3B0763C392422865C9AC12E)

rundll32.exe (PID: 3048 cmdline: rundll32 C:\Windows\pagefile.sys,dll MD5: DD81D91FF3B0763C392422865C9AC12E)

rundll32.exe (PID: 2884 cmdline: rundll32 C:\Windows\pagefile.sys,dll MD5: DD81D91FF3B0763C392422865C9AC12E)

rundll32.exe (PID: 2540 cmdline: rundll32 C:\Windows\pagefile.sys,dll MD5: DD81D91FF3B0763C392422865C9AC12E)

rundll32.exe (PID: 2100 cmdline: rundll32 C:\Windows\pagefile.sys,dll MD5: DD81D91FF3B0763C392422865C9AC12E)

rundll32.exe (PID: 2644 cmdline: rundll32 C:\Windows\pagefile.sys,dll MD5: DD81D91FF3B0763C392422865C9AC12E)

rundll32.exe (PID: 576 cmdline: rundll32 C:\Windows\pagefile.sys,dll MD5: DD81D91FF3B0763C392422865C9AC12E)

rundll32.exe (PID: 1312 cmdline: rundll32 C:\Windows\pagefile.sys,dll MD5: DD81D91FF3B0763C392422865C9AC12E)

rundll32.exe (PID: 1528 cmdline: rundll32 C:\Windows\pagefile.sys,dll MD5: DD81D91FF3B0763C392422865C9AC12E)

rundll32.exe (PID: 2456 cmdline: rundll32 C:\Windows\pagefile.sys,dll MD5: DD81D91FF3B0763C392422865C9AC12E)

rundll32.exe (PID: 2776 cmdline: rundll32 C:\Windows\pagefile.sys,dll MD5: DD81D91FF3B0763C392422865C9AC12E)

rundll32.exe (PID: 1144 cmdline: rundll32 C:\Windows\pagefile.sys,dll MD5: DD81D91FF3B0763C392422865C9AC12E)

rundll32.exe (PID: 1964 cmdline: rundll32 C:\Windows\pagefile.sys,dll MD5: DD81D91FF3B0763C392422865C9AC12E)

rundll32.exe (PID: 2064 cmdline: rundll32 C:\Windows\pagefile.sys,dll MD5: DD81D91FF3B0763C392422865C9AC12E)

rundll32.exe (PID: 1012 cmdline: rundll32 C:\Windows\pagefile.sys,dll MD5: DD81D91FF3B0763C392422865C9AC12E)

rundll32.exe (PID: 1908 cmdline: rundll32 C:\Windows\pagefile.sys,dll MD5: DD81D91FF3B0763C392422865C9AC12E)

rundll32.exe (PID: 1444 cmdline: rundll32 C:\Windows\pagefile.sys,dll MD5: DD81D91FF3B0763C392422865C9AC12E)

rundll32.exe (PID: 1324 cmdline: rundll32 C:\Windows\pagefile.sys,dll MD5: DD81D91FF3B0763C392422865C9AC12E)

rundll32.exe (PID: 1584 cmdline: rundll32 C:\Windows\pagefile.sys,dll MD5: DD81D91FF3B0763C392422865C9AC12E)

rundll32.exe (PID: 1800 cmdline: rundll32 C:\Windows\pagefile.sys,dll MD5: DD81D91FF3B0763C392422865C9AC12E)

cleanup

Created / dropped Files

C:\Config.Msi\51df1d.rbs
Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Size (bytes):	25137
Entropy (8bit):	5.473092321727085
Encrypted:	false
MD5:	424A3D567416178A88C5D3BAAFC110E3
SHA1:	AD6381A2F56C6956E6C1AEADC6279F3FEEB6EBC0
SHA-256:	D301A35C9719FA3FA8B8C1B75CD20CA5CDF54D1DAAB314110827DA91C4114BAB
SHA-512:	F7747294F4BA7A6D78AF88E581A060B8D40C388EA9D7987283887301439FAD6352CC3A4F97E9E9D1E0EDC36F6C30B5C103D9BD6A5820CC80ED5D2CAF7FC10466
Malicious:	false
Reputation:	low

C:\Program Files\PDFescape Desktop\resources\CMap\78-EUC-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	14341
Entropy (8bit):	4.640769865737826
Encrypted:	false
MD5:	370839CDFB43B7EBE4E445403A98AACD
SHA1:	FB73A64F56DEDCAE222E13DB148DB380A4323E6C
SHA-256:	96350BCE0C635CBA4F6342338CB377AF35C89DAD7F4D69D02C8A1F98CB07CCD5
SHA-512:	CF1CACF3E5DA02F6649CC8C6CEE8AB02EBB8F7C144424B2CD0F257993E2E50457FA2DD4E8C852CB8225502DA42EFCD4E8B8927336944602C54B61B5923EC7CAA
Malicious:	false
Reputation:	low

C:\Program Files\PDFescape Desktop\resources\CMap\78-EUC-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2145
Entropy (8bit):	5.2509580694261
Encrypted:	false
MD5:	9B3015F3A3FDC93D401F4923F1E37D38
SHA1:	E9FC89C6152889158185D4A176931A7CEAC6BFEB
SHA-256:	852E43B1E84B1F60B4D82550DABF44DFCFB5D1DD9431C661D73AE3D7B6D760BA
SHA-512:	0C1F0EFD40CF07E42CDC4E7C32B8B8E791D99F040B367CDE2F1CD3BE29205FA79246D90E5326D5025B8A9A9DC781FE70D97C92FD7EDC1F1FE9BE737E4246A3FA
Malicious:	false
Reputation:	low

C:\Program Files\PDFescape Desktop\resources\CMap\78-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	14210
Entropy (8bit):	4.512449470822823
Encrypted:	false
MD5:	463F1495F8C8B8CBEA4A1180DA15EA0D
SHA1:	AD5CA88F5C3962C332EC40606F9A20D9DEA7625D
SHA-256:	11CFDA05EA682803F3E12BDDC35FF09C08D3BD2CEF57DF5F2EFE7416ECE45EEB
SHA-512:	F3FFACA47F629AEFC6A5A4A0070E4E1F7D50B9CD459D866FE459DEECC62BD8C0F57212384EE6DCE8B0609D6944DA38716C3130A73B9416AABC71E2874D07FBC3
Malicious:	false
Reputation:	low

C:\Program Files\PDFescape Desktop\resources\CMap\78-RKSJ-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	14374
Entropy (8bit):	4.601188620529036
Encrypted:	false
MD5:	7AD9DD45C16DCC05866D58DE7A785C16
SHA1:	E2897DA80BE65E608DFE2663F4624DD256C164B2
SHA-256:	50D89FF3EE9AF9BFC1259C880E7D69F4A69C47262AA42396B6547EA76AD37809
SHA-512:	900A804FF232BB78068841999FD279A445856B4C2C968871BF9AC2A4285E1FB31F1E844FBD82088BE8A662F25D0CC46CD9BA0A5F8DCBAB5D8F2E4D112BC4C403
Malicious:	false
Reputation:	low

C:\Program Files\PDFescape Desktop\resources\CMap\78-RKSJ-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2151
Entropy (8bit):	5.31067812345524
Encrypted:	false
MD5:	F8D52C6E89E89731FA5445480E2B75D6
SHA1:	B02992C82AF58355B23325F148694A6096362959
SHA-256:	ED78B3CF3BE6530F76F2FDF042D8899555C2B8E1086F135FCD812FB5D6CE1419
SHA-512:	B4F9960772B3F79DEE0EAA9AD56C580070C79FA278C4D2DABAFDA412C738324A064B7CFB3A30B889EE926133C00FAF385C3676D2B5395780B6FD3D3216B2A3CB
Malicious:	false
Reputation:	low

C:\Program Files\PDFescape Desktop\resources\CMap\78-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2121
Entropy (8bit):	5.287341255519694
Encrypted:	false
MD5:	00240F118D7BA0D169A081AD390697E8
SHA1:	2FFA6855DBE7D204856021D27B13DACB9F246ECB
SHA-256:	C6E7095BC748EC8426FFC4B490932015744DF41C4D25EB52142CA552D58DFDDC
SHA-512:	83E85F2E6FD1772D88DFF17E731A0541B32A7C2E6415B18ACB8AD621A17AEC6037FC7036C7DC3BE4023C71FBA6314A98BF3653A9C96E7BAC8D273439195CDD97
Malicious:	false
Reputation:	low

C:\Program Files\PDFescape Desktop\resources\CMap\78ms-RKSJ-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	16137
Entropy (8bit):	4.573299551645618
Encrypted:	false
MD5:	C49B7DD31450C68F44B51B4F912C9B6F
SHA1:	B93F9206D0ADFBA30F513E24E683C695DDC70EF5
SHA-256:	8AD7D7ECE0E88024F6A69D3537A87DFE5D0058A8B7F72481E1541B75476B2290
SHA-512:	3E32CC774FAE76253018DFF2C5C623059337AF2A18BE823EBD5D1C3B439BC2BFEE72A65605103665B95FD44FB8CAFF8720CB32D5D080E1D7805920FCA2440CCA
Malicious:	false
Reputation:	low

C:\Program Files\PDFescape Desktop\resources\CMap\78ms-RKSJ-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	3183
Entropy (8bit):	5.201835051530239
Encrypted:	false
MD5:	0F25EDEEAFD8A688FFC47AFBF73CBCC7
SHA1:	82805A3F99ACABE7BF8D47F2B9C5CF1ABFE46600
SHA-256:	57FCDE2F5682E3428E71099AF092D9A1DF7AA95FE833ED4C6E062CF404FEDA0F
SHA-512:	644A01A60D297F6747247868B7941F826CC35C1825C80D036D5229DD97693848097C4519E87DC8E77EEFB428264C3E543EDBF49F615DB0BEC90EE85D67441F97
Malicious:	false
Reputation:	low

C:\Program Files\PDFescape Desktop\resources\CMap\83pv-RKSJ-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	6213
Entropy (8bit):	4.882556659332088
Encrypted:	false
MD5:	90777F56325F9A373103D6DBDD998982
SHA1:	1FA8BE2DE7CD2157F14E57D6E56C39D0BAB2933E
SHA-256:	739E0BB767DB6346F8CC9DCDB9BB8D4AEC2F4768DF25FF3915131E8768D74AC8
SHA-512:	C9A7B72465C5C2FC001FADF9370DD10EF705149CF9900E869AF75A0B637EF6CDE8DA70B9FEF7F46D0442262DF082155F68237D24AFCD0F1E72B7A4EFE4BC910D
Malicious:	false
Reputation:	low

C:\Program Files\PDFescape Desktop\resources\CMap\90ms-RKSJ-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	5148
Entropy (8bit):	4.978291388213517
Encrypted:	false
MD5:	228A3E09302BBDBC66D6F5C643D8444F
SHA1:	7E413B16661721468D271D365BBB2E6DBC9E90DC
SHA-256:	D4D1781BB79AB6CD34AEC3A5AFE8FC9111E611F9F2983CEA0EEF616E85F38B67
SHA-512:	1DCB076570729D5A918EF7B2E2E3BC99C5A1A57452A09CFAD702A049BCC14C82E5F9C9FC53E7575D2DD4EEB30F0EA9AF94A206239F9257CE618F846E5D38A4EF
Malicious:	false
Reputation:	low

C:\Program Files\PDFescape Desktop\resources\CMap\90ms-RKSJ-UCS2
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	112126
Entropy (8bit):	4.293088611316774
Encrypted:	false
MD5:	931262181FF6C52E3FDBD648C9808062
SHA1:	B4FDD6920B56E01BD5BCB945FAAAEAFC344741A8
SHA-256:	542C30FC65095E0140784D63B0906C16CA221F3C55061079DFEC0A709E300873
SHA-512:	3F5187E04845817796A9C511DC649D4B09736ECC484B83577FEDA67CD8E15D40C65A267735C17050550D0930220D75C5F52703CFD78CF013A1E5659E9E2A73A9
Malicious:	false
Reputation:	low

C:\Program Files\PDFescape Desktop\resources\CMap\90ms-RKSJ-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	3204
Entropy (8bit):	5.215278071232581
Encrypted:	false
MD5:	3907193B99CD738EB1C1ACB1B4152ECB
SHA1:	725C8C73D9C4BEEF4F186B0DD68179363E08BDCF
SHA-256:	CFA3DA1ED44C6517A4D968E2F908FDDECE340FF797ECF9B9B028A875C41EF47D
SHA-512:	FD341F29C2B5D3D09914896EA03DA07A94F89D71EA311333ED26661E3B8A8EBBE37F4288D8721D844853D7A5E9565515A300FDB14EDC8ABE8E5CE0978777C533
Malicious:	false
Reputation:	low

C:\Program Files\PDFescape Desktop\resources\CMap\90msp-RKSJ-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	5077
Entropy (8bit):	4.986328806769972
Encrypted:	false
MD5:	AE871D0E24E3CC7F23E07A072E9EAF72
SHA1:	171AC088E6567BBBBC797E95F1F26107AC42ED7F
SHA-256:	2212DD34CEC2AA77EEB1C0B926367DC933F8BF5FB5DF973F8E1371FEDA3A5BAE
SHA-512:	1262AFC9FA6D2ACB2E9F7650ACAB68961B16A49C2CDB95D1B624D5F6962AC75E5E034779958F59531E8F32FFC5C5DA16A2B688603FABCD864980CC10E49C80DB
Malicious:	false
Reputation:	low

C:\Program Files\PDFescape Desktop\resources\CMap\90msp-RKSJ-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	3186
Entropy (8bit):	5.2115614666191785
Encrypted:	false
MD5:	FFD991D3C1A5A2A1076F536992C278BD
SHA1:	907E7617E5F4F2CD7F1C117F1C72DA39A0B94E58
SHA-256:	C5513B2BBAC3C54AEC45E0C0477BD28635E412B0D83FD4BA567BD183EA480B89
SHA-512:	C49EB8E761E31A9B2E6DFC163EC266ADB8AE1FDA6C74F07258D7273BBE4013EDB807089B8A84FBB6FCF4E57EEA49D3D5DCBF04C345EC997A490151ED4E3F88D8
Malicious:	false
Reputation:	low

C:\Program Files\PDFescape Desktop\resources\CMap\90pv-RKSJ-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	6989
Entropy (8bit):	4.8377428676567735
Encrypted:	false
MD5:	1B54AF63F9977FE92C7E828008669580
SHA1:	9A3CC1385866F31B36F09264ED3E6A26D5272DB3
SHA-256:	2C97A645E63D652FDE1F22012383180955894750C4BC6EE40160097B2D268D64
SHA-512:	72BE506B88CD5AD5E98A0DDE7AA167D4447F71F70E873B96FA7A0552549EC12F289336E984868E1A84227A62017B23A868A54FCE2B6594EB69D07A8C5FEC0FA1
Malicious:	false
Reputation:	low

C:\Program Files\PDFescape Desktop\resources\CMap\90pv-RKSJ-UCS2
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1854
Entropy (8bit):	5.419996175485311
Encrypted:	false
MD5:	F2A6D5A7AF435E4BB4457CC40AE4886C
SHA1:	6DD757475E03D9213D530DCAAD3FF863C9AF31A4
SHA-256:	8528857C384931DD00C8E4793D38D90169053EC16F66845710268A7DA6D93BEB
SHA-512:	3542FF1F67758F2C89440D72CE913E907C92F5FA2FED707193457AD475473B4EEE06469855D01F3AC1B938C54C52CBBC6014952F9E0D8E27547B74E28CCECCD7
Malicious:	false
Reputation:	low

C:\Program Files\PDFescape Desktop\resources\CMap\90pv-RKSJ-UCS2C
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	102591
Entropy (8bit):	4.29446278824904
Encrypted:	false
MD5:	E45775DA4F286E61864EACEF1691D861
SHA1:	5F4B22D8EE7CF7DE8224464D25FFB4EFC88D9638
SHA-256:	038872D8542854B395B547B9FDBEA8F9197CF406AF7ACFBABEBAC41FFFD369C6
SHA-512:	2590B8D489E4C318C6C6CE47EBB6D58050B1021CFE0475570EA5497A5077983CC33E87C94CE81E179DEAEE5807E0EC14EEDC05B4BE0C60FC42EF82508444E015
Malicious:	false
Reputation:	low

C:\Program Files\PDFescape Desktop\resources\CMap\90pv-RKSJ-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2663
Entropy (8bit):	5.284794333646648
Encrypted:	false
MD5:	B59A17BB2244D6CAFE9722FEF0B0B349
SHA1:	701D36C6FFBE442DE26B38FCC4DE6F15C95B83CF
SHA-256:	03395BD6FBD45FA7C8A8C25874EA67F0FEAA7BBEA6FFBF160C8A27521B7E860B
SHA-512:	A9430761FD4C9CDFC678958B39F98A59FC2A6A27AFDF82C1FDE2F52EE6606A9331F9C5E34A9096F12D7B1080AD0CA542EBCF745231F2363EB1EA015865F50239
Malicious:	false
Reputation:	low

C:\Program Files\PDFescape Desktop\resources\CMap\Add-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	14400
Entropy (8bit):	4.514238960700053
Encrypted:	false
MD5:	1CAE00AF2A19EFACD8C6877E11F3EEAC
SHA1:	388216A8AEE969C83ABA388FD00FF9221C5BDB0D
SHA-256:	EB075FD17563C5AA4E914AED6919C2EBA7E13ECC398CEED383B0B21FD62D48A0
SHA-512:	E642E4DED703E1F0402FD081755F86FB0980B6BD0A9B4AF3F8FAFD7152672A3B8BC4E754C4F36ED461F3326B319F7BD4C3C7FA543B7D6E55635043109D8EBD3C
Malicious:	false
Reputation:	low

C:\Program Files\PDFescape Desktop\resources\CMap\Add-RKSJ-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	14595
Entropy (8bit):	4.599780863844275
Encrypted:	false
MD5:	0C3D998FEEC1F3054308CA74A3BBAD3C
SHA1:	2052F2787FF5016858F80910D1221A6FC8FBB31A
SHA-256:	464309083A1C4C3598B7BEEA539C34891AA4A1D9A53889924307ABCEE1E39278
SHA-512:	63CEDCB61614AB65516C041B3C99AA0646DDA1262B9205FFAD1854C52504EC35471A9A140D278E78A4A0681BD69348F6B12CBD3DF2F4ECD23540AA93A9307E46
Malicious:	false
Reputation:	low

C:\Program Files\PDFescape Desktop\resources\CMap\Add-RKSJ-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2777
Entropy (8bit):	5.248087927873708
Encrypted:	false
MD5:	2F3E7968204DDBADD8EA6A2F6AFCB759
SHA1:	7AA6961687A99460636145F30F3A2EC163D788BE
SHA-256:	2EA44175DB8ED24E92435A2E7E6872F41FB8BE135A9C6186E1ABDA85DE85B13A
SHA-512:	BE4B1CA2BE22406C1F7055E5FDB1E9FFA6A8B9549196720D6174319CB97C64495CD56C78D6E76DC38B5DAEB4939A19CCE54A8FD0F1610878298D069B0B36BD3F
Malicious:	false
Reputation:	low

C:\Program Files\PDFescape Desktop\resources\CMap\Add-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2747
Entropy (8bit):	5.235404987669805
Encrypted:	false
MD5:	AD7D29B8017D4535F48E8F4F7742E56B
SHA1:	721B0D1E53B7AA72E9F86C1679631E1836133797
SHA-256:	8E9390583FF811CAAD46F01A5D68103C6A0117AD1D3E74B94B2447DBC9E3223F
SHA-512:	18C82590F73E86DD5C0A6D030BA161AAC3C7B8A0B29200236EC17F627B5DD5EE3BC1C1CA0B8DC9ABFB6FF550835F5820C296A652285D0E2F40C77851DB814A28
Malicious:	false
Reputation:	low

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-CNS1-0
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2784
Entropy (8bit):	5.138274257800016
Encrypted:	false
MD5:	170E5339F04BBB308D251B562114701A
SHA1:	38E2A3965D4AEF788EBE1881874EA4106A52F832
SHA-256:	1EFC1304EF4529A7315915A95D7771D8B694A446446DAF100CB560A2793256C2
SHA-512:	473FA4DA3B03BA933A1FA36529AB2E228A183950EADB1B861C6DB6C0AD977438390F1231DBCB54C5349536B0BDEA6E5077DC5D5B438A413622107FF0D9BECD45
Malicious:	false
Reputation:	low

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-CNS1-1
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2968
Entropy (8bit):	5.129629600892158
Encrypted:	false
MD5:	2302E47BCDB917FA339B6787A6A1E22E
SHA1:	91424A236315543964E898A762B76C2C9290FCAC
SHA-256:	8D6C3813BA68594E777DEDF6AE4F0EC74A3E3FD7B48179683F2DF430B5020DD1
SHA-512:	0407FF45E3704332A4B4C97FEBF5A8B6A877AC6C1E901CA59137AB85B9723A8063248856104C31CEFB71161CB0E269610BC5DA4DB334F759CB82AA7A500AF55D
Malicious:	false
Reputation:	low

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-CNS1-2
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2989
Entropy (8bit):	5.128304519828398
Encrypted:	false
MD5:	F940E0F1E1FB6870D933F9BD7459E04A
SHA1:	9EA02468C37C318D0C21DCA42B797C13CF7A61A5
SHA-256:	4D3C351D1C817430B4E92FCF7822E8BE772B740E6FFE05570727A2FCF9387465
SHA-512:	F3AB5896E0B4D51AD2E76118AA227359CD3C6865365A86EAD981E25CCF33C9078DC23FACCD5225C61D3E6777ECB8A67861FA5223B07C9C5F6342A6E8F229CAAD
Malicious:	false
Reputation:	low

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-CNS1-3
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	3094
Entropy (8bit):	5.120256728072487
Encrypted:	false
MD5:	CFF42875107446978E91ADAD4090E587
SHA1:	B410ED4F42DB0CA74BB7F470A1C89A8DD1CE584B
SHA-256:	9CA7C377CE633A1EED972464E6DF85E8CA465CD58910B6863CBDE3FAF41A2D0E
SHA-512:	51F66ED340E8980E02B62F7A612D9DE19E365CA7981671197635FDDC08E36AF7350A9953F36F7A83EFC3AAFB545A3C02121529007008F5A21E94155BD97076BD
Malicious:	false
Reputation:	low

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-CNS1-4
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	3115
Entropy (8bit):	5.1199529226713505
Encrypted:	false
MD5:	4852A7E570C71F6684D2067FC3EABB7E
SHA1:	CDE2E415D5BAAECEB85A33ACD45A0CD38D02C1E6
SHA-256:	8AA46C6F286DF2CD57EE41AFEC3BBE4530606DD6CBFE12CBDC871AD78010D9F1
SHA-512:	3A64E9E8394FE12925AFE2DDCD3537D3D8D92DAE9CF2D8C9B1A8262B81519F04ACB0C27FBCCEE0A823B12B8B272A5AE4E7DE81EDA342C02E809BE2A6B5A1A921
Malicious:	false
Reputation:	low

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-CNS1-5
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	3115
Entropy (8bit):	5.119428173228057
Encrypted:	false
MD5:	B1FC297F6C511DE3FEAAA31B56F068A7
SHA1:	1279F091F36499544E9BB040FF27102E3829A629
SHA-256:	BDB0B3A1F6C8B248C5FC6446774D3CE3F4B6A40FD3E78F3AB107E5D1E80F835D
SHA-512:	D80DB707F8DCE05FA40FE1FE0695B8248C548D6A4F71D37D245F34DF4410FA582C844AA80CDEA4241E1303BE6772D7E1274744B643DD9389FCED32DD3481652E
Malicious:	false
Reputation:	low

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-CNS1-B5pc
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	7955
Entropy (8bit):	4.81301030554895
Encrypted:	false
MD5:	B2F8EAD108FED17863B4BEBD93A3B6B8
SHA1:	54832CB72F9577A748D799877ACF6BFAB4B37B21
SHA-256:	8CDDE6D7EC1920BAD706272B81C3597C2C3CE8760CE6AC9D3644A8BC72ECAA79
SHA-512:	81912765A13E53AB0BA03605931F70B0792C2525530DF9C9F6A408ED32E6FE74EDA4FA75472C42EC88CA114C16F09B4F58BE11034F0BE3EDB0E3E172B2BB58F9
Malicious:	false
Reputation:	low

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-CNS1-ETenms-B5
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	8686
Entropy (8bit):	4.890515893784256
Encrypted:	false
MD5:	0A805CFAB18278565A903E6F621A4894
SHA1:	9064E8C70E6362AAB869C6BC87792418D269BCD3
SHA-256:	099E05526D22FC9ED16E8F600240D0B87410BC8D2096B2E675192C828FF2562B
SHA-512:	C98FBBC3DA554878B3BF46340C72E9E89A876B12F019C56562E79500048288EAF22ACB8FF95A61B567DD0FC371611F28DB197E0C7A6099D077095B34483C1785
Malicious:	false
Reputation:	low

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-CNS1-H-CID
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1973
Entropy (8bit):	5.197656065363367
Encrypted:	false
MD5:	DEFD69743191497B4DEB1ACF71E920DA
SHA1:	EB088AB9C7E0A21228794F1E5D2AE8A1D6904086
SHA-256:	EC5A2E2F8EDA7F32AA16570B9E9E7C32F6D886D43A7F637457BF4D69CB3A4307
SHA-512:	B3B9927627680F7D8EB9786ACEF14C4B2F49FA8FF239625CF3C26D83477BB1DA1D3B2535292F0A5E83C4448C83A4D51DFA74C5B782FDE4C2D95CD67654CD50B2
Malicious:	false
Reputation:	low

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-CNS1-H-Host
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	8490
Entropy (8bit):	4.867571021917726
Encrypted:	false
MD5:	AF4ADC90076ACC8F4007AB2A6CB737F1
SHA1:	7F840071D2DA8F86FF6C070723D570F5EA743768
SHA-256:	EE01DD357EA06811BC620616938FA7F3B69F84DBE9B180884AAE4D8F7FD72B51
SHA-512:	3F3590E5B615930CE4A580D85FC66BCF77D9224BA2AFA96DB88F8B1A4966587789E7DADDB06E8B36CAEBDB61579484516884602CF0D058A1A2DC8807527264A2
Malicious:	false
Reputation:	low

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-CNS1-H-Mac
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	8022
Entropy (8bit):	4.853056786915336
Encrypted:	false
MD5:	BD0CFC5A6CE314C8AEB4020BE991EEA9
SHA1:	5BF97716F22BE870AD87E802F7F37398EC8CAF99
SHA-256:	0CC7E67480615975717F0EFA9F1EF04A791EBEA81AF562F42DF9E0855C495762
SHA-512:	C31B319F577A3AB06CE7FCF9365E9338356F6D48AA8ABE38D4AD4DB1B8D77057CE7E6BDFCD3FEBF39B087E9AB01AD13FE3486BC10A9D456E222ED0A91FDA048F
Malicious:	false
Reputation:	low

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-CNS1-UCS2
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	281794
Entropy (8bit):	4.247357278718808
Encrypted:	false
MD5:	951429CC247751A93112FD9EC41941BA
SHA1:	D4A78F708B286EDEABD7D1A799B8944BD5854BA1
SHA-256:	F5376FB98CC0534D21B634908D679938BFC89D6A3C810D7C3CFAA625A4B56776
SHA-512:	4038ACD180ED85CBBD64DD5C48E4C55705E2935AA38139BA5EEF362CE949EC79D68FDE6EF2A637DFE58754710D7D3C48B96379A4C7169D51FCF2ED76706BF192
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-GB1-0
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2222
Entropy (8bit):	5.216225531697327
Encrypted:	false
MD5:	3058FE97B5868C09D4CD804C00544484
SHA1:	CA06A72DBB3401182E559405D96172C4C8899700
SHA-256:	DD1D4384F09F2B08A9DDFFECF0926F429F1D4EF1203E93E6BD98EF3FB9693D5F
SHA-512:	FE7E806DD3384AE2D9518157A443C76977B15DAD2B6CFA87FC75B22D0B7AF400FA79ACAA4C48BAECC4AD9994E4C9340E548E6B0ECC8CF07E628219A673FD7E2F
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-GB1-1
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2384
Entropy (8bit):	5.211069960264191
Encrypted:	false
MD5:	CF5773E0D89F872611051755FEA1A83F
SHA1:	30EFD494F53C629157648F68F066DF599E8187D7
SHA-256:	3BCFDCC415B7B6C28B13D79B4F50FCEBB76AF922F7C1C542666FFF4A6CB7DBCF
SHA-512:	4ECEAFB88D92E24BC09C5533A88A89EA9DC87538C0C1CDBE05B293EC06266883C215BA1E52C947FDEAB6C14451C8A341EF350B535C687E133B2BABCC8E4B5DF6
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-GB1-2
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	3386
Entropy (8bit):	5.089729921166496
Encrypted:	false
MD5:	0B01471B6AF94A0B275B2881BDB25096
SHA1:	5C2492C40BC08CB6DEF126EF0150C6DE56507EB3
SHA-256:	DC818C9D4F9CC8F04F9035AEE04D21D5779672FA4A3C0F589CAA8C027A1B1CB9
SHA-512:	80C63DF4E6BED5E7FA09BDCFB5D10FA3FF222E77F8C282E010C7233AA3AD484C9EB91E5448FF98618995C841A48F670D3621A5AD02A9AAE7CA00AE0795A4C4F1
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-GB1-3
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	3385
Entropy (8bit):	5.081140586177736
Encrypted:	false
MD5:	896145BD0BC8678F1ABC873438C37135
SHA1:	28AF56D68623731ECF6F36AA7742F22065D26E0F
SHA-256:	64494F01448C8B388BD619E5744BEAE8543B4CAF6CB70D9F6341F6884A0D2968
SHA-512:	B0B11C335E37E1E29DA153F79E351AB9349582D62812666D9C1E9187DD7477C04A8F4CFDBF4DC4709D339A20ECE06202210C7FA905F9F3AAB7C039BA963403FB
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-GB1-4
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	3967
Entropy (8bit):	5.0131257456669776
Encrypted:	false
MD5:	4FF4F633481655578787E1A305C2A431
SHA1:	48A7B325478AC4CD182018C07CE326E1E626EFC4
SHA-256:	505390750CE4518910C5977A5CFA68E4984196CC46E0FC7E9FC608B1C8B73B79
SHA-512:	4060A57683CB9C11E2E51C12EADBA5F27C544867BC14DDB45323C79B02C0236BE265A46DD08B43FA7C99FCA41E6ECDE0B809C1A7DCF04626A339492C4D7E92D5
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-GB1-5
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	4072
Entropy (8bit):	5.001827356240676
Encrypted:	false
MD5:	95D70343B2B2C7C4EF468CF6E2F7227E
SHA1:	40BBDC2FE991AA816F02CBECCA5B0290C3349C35
SHA-256:	E3E105F792C0C6F9E998FF953029AB9773E6D0AFBA45DEFC2400C2D03E24BA5E
SHA-512:	06BEC02DDA839535C2DE571991C25113DDEE096EA208EBF530C7AA4B77D0B8B59C91D528038612FEF4EE18BB0E94D2ACFA966F1A3F730EC51EA39107C0B61889
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-GB1-GBK-EUC
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	93830
Entropy (8bit):	4.27782071497828
Encrypted:	false
MD5:	A32DAD54634EB161CBCBDEFDFEDFCE3F
SHA1:	E2C9DCCBD5BDDBB68BB0FD5609D984FD2C06D3FC
SHA-256:	37CC49A3310FCB9F8DF6AC5C4B991A1BF264D1B76115E1BDF0C1E71E17AEAFAA
SHA-512:	DF53F651EB68C61987724E18E3CC355D311460E54A16F654DF2BDCD78BCDBE6128D5C5E1B191F5E313E16709A3D2F59969913D6AACBA179DB0945AAF37BE5F43
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-GB1-GBpc-EUC
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	4226
Entropy (8bit):	5.050817076695763
Encrypted:	false
MD5:	695439BEB0975C26696B865CEC4B5DF4
SHA1:	3561D2CEA351690DAE7CCE68B1BECC99DE16BA3A
SHA-256:	343DEB5D658D6CA5C3C3D364C4FD1B4771C72A085984FE9393E9C68B92A62890
SHA-512:	E2B9B0BE2C49E8CAAE444FC9440DCEED0A7ED1A38AE63DBC99155C3C7D03038C1C17A6A658FF5C681EA1BE01CF907CCCCA67F8F7B28BF892C58B24D88B41B91E
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-GB1-H-CID
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2092
Entropy (8bit):	5.245830108084073
Encrypted:	false
MD5:	E48DE6E368F76EF218A99537410C24E7
SHA1:	0CB2DEC58F95E4BB9164541A83E7D3FFDFA95F5C
SHA-256:	89072FFFAC6533FB285E417F496C04F783D36E9CD6C8C263A24143633835B66F
SHA-512:	D599510538C1D1380DF0C1B66499ACA50DBBA805428F058DA36910FBF7853514327EB7A3A56E314F76894AC2A92DB44AD5BB8817A64FE76CF5D386D91CB04FF5
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-GB1-H-Host
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	94436
Entropy (8bit):	4.293720256045751
Encrypted:	false
MD5:	F61266DAC1ABDAE81900E38DDE959968
SHA1:	F477B1DFF27DE05E363880C8BF66E231566820C1
SHA-256:	DA65AC7C2F63136D2E9BDA7D2872EC1CB3502F1CAEFEFFA39D63F470333E49DE
SHA-512:	7B99590B7ABD89AF81513DA22D1A5D7A52099033CE129B58B5314331DE40C814746B875A25A42A7280E210A8DA6CA45B3037C41EA3718CC59D3A57FB79311E29
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-GB1-H-Mac
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	4207
Entropy (8bit):	5.097210186597037
Encrypted:	false
MD5:	00C24C16F5501DB09F9B87019DE9FED6
SHA1:	DD55E30D59617CC185D8BFB52A72C9FEAFBCB756
SHA-256:	78F6580E8F7E3D87DC82B957AF5B54191DB7D3DA0E64ADE5E2EBA6A6D1310E2F
SHA-512:	0DD232007913B94A225FCFD4EA0ACB7F2E1FE33E942587A747DB0411B1F6E14C1E40842F26475C7F1F1D662C9E05BBB15B599EF26349C277EC6F8FE1B4CB394C
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-GB1-UCS2
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	244619
Entropy (8bit):	4.196194434809811
Encrypted:	false
MD5:	8B7E3843E90AE5DEB4D429BB9796FDED
SHA1:	2B4B3D47BB552C7073C1EACFFF9CFE93C771A565
SHA-256:	9F9B8A8E84E87A00335127F9DF3FFED60B418B57D1996560328B229ECD030EF0
SHA-512:	4F278499F42E018016DF5BFFE9C89A7F95C2443A01EF4FC0EB912F07C29A4B5360ACBF581C2D062DAE7C2753DDB220DA4E4397D64915E3CCC017E5F8905D88E4
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Japan1-0
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2273
Entropy (8bit):	5.204762453744711
Encrypted:	false
MD5:	CE66900E6A964053A7F6F3919CD3BD9C
SHA1:	5867B0C42B1131DF8943FB716ECD5B1CF027945C
SHA-256:	A9544CE4CBB6B1D9B080270F7677EF6FE1E79651E5AAA56A54E2E7238789FF01
SHA-512:	0A5274D822709E0D8E2EEC4CA5914CE03E0BC646F3EFB4951F194FC8C783C7E6B84B1ECD9F2DFFB705A61F5F0F27C94ED03C6E2FF40BEC0E8452FFFBB6C8E634
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Japan1-1
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2274
Entropy (8bit):	5.203654081994142
Encrypted:	false
MD5:	8F9926B6446FEEFF21E63E1CE1E72C08
SHA1:	77A246D9037B166D6C5595EB52708669CFA5D790
SHA-256:	B47432149AF926292E563309A6F69A12DEDB92B5CA585C02E48A80A9A3B1BC79
SHA-512:	4B80D1A4CF097CA51DB800719E67DEC74CD070E9B6273CE46BB47F181B790CFC76AEFE29799371F3674F45787211FEE4E88CBDA42F849CDDD132E74E231FF95B
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Japan1-2
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2314
Entropy (8bit):	5.2048326606825634
Encrypted:	false
MD5:	784C5AF38457FC2DEF63CE8BAF5F1835
SHA1:	4043475B76D6AEC5E32B37F343D362F32A834BFB
SHA-256:	991C58D73D480352C415301D51083C3F6007EED21C81FDDC07FF271DAE4F2A3B
SHA-512:	E464C07CC6EAC27650BDCB621497A749B8B8485A4122704765625380D7AFD40065B44041B58E2276C508708603A42576DF608E2F08A8A2E7F9031B2EFD5C13A6
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Japan1-3
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2325
Entropy (8bit):	5.205468963550046
Encrypted:	false
MD5:	6A17C8CC0B3960BA6554966D8CF4B881
SHA1:	809CD4F013BB2BFC01A1A1D9A793A5A6CEB266D8
SHA-256:	78ACBBF920C4B596E9FA0055FF8999CAC376210A2D53E7C85659525B2DA669C9
SHA-512:	D736E62CCABF0E53EA740E1C8F4F06F76645EACB75D0FC3FE993B62511C0E8833BF8B3245A4F00013EE6B80C13419CB06D9FB28471466D1C1B4BC55064920CE4
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Japan1-4
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2827
Entropy (8bit):	5.154639194222973
Encrypted:	false
MD5:	811D66DC25E14B3B68DED7BDFD90D485
SHA1:	67EC0E91351D78170D0B4BB92ED3B442DFD558C8
SHA-256:	A450B54FB6A8C19FF2D88AB199EA53DA397E75FD25CC51A7C0B2BFF78FC2E1F3
SHA-512:	6ADF8A031D890B747D2A23F6AC97D38B8349A984BDC9A0E44A9225D402E12312F23F031A58AD5234E9283D53AE7E2727CEFBFF3DD728698141167027EB815D59
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Japan1-5
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	3226
Entropy (8bit):	5.103756911718583
Encrypted:	false
MD5:	E79D92586C384FDF4025B0614E53E747
SHA1:	51371B5F3C7C689DF7C4960D9B5BC84DEFE64B81
SHA-256:	5A8EE7F6751CCC12917C594F789DC821A491082FD7BD907C35B4EF232703E871
SHA-512:	30351C35361166E5A1105354E137DB5E857DA9B08EFE116A36BDC2A3CA970595B570AEF7C5EE7C252AAD08368DE29F8363DF0E7514CED804A4D21B1756C41529
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Japan1-6
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	3457
Entropy (8bit):	5.07300282189751
Encrypted:	false
MD5:	B850AFF74B266A24455FAF838A6D7B50
SHA1:	8A3D67117223109C826F396C7445853BC1C05AE3
SHA-256:	56F262E644FA324FDF16B05831B63DEF6E655FC1143FEA2AFCDD1066A212ABED
SHA-512:	D4A5D0FFCAC347AEC788545AEF354EA4997D0F0EFC21ABF736F72EFF064CA92A7E7FD374CA6C397988BEA2BDCF9B684BD42D99CB83FB64D7117589262C943726
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Japan1-90ms-RKSJ
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	6353
Entropy (8bit):	4.7321427315564915
Encrypted:	false
MD5:	4FE15D1E3C10E96FBB462DCBA328CB04
SHA1:	12749D895D00ACA0D62F6D34B31D15A1C6EA7240
SHA-256:	4A46F0E127A1A23083352343F37D862024D599224185F05C867F3DB10FFA3FD0
SHA-512:	7EE9D6F3E3E29F3DE5CB3455536562BA17F28503CC355F0328D3DEE4F1E5CD882080C694486FF6BBBF3C381FEEDCC3305CD8C19AE96114C1C7E9A552A4126FDE
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Japan1-90pv-RKSJ
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	8442
Entropy (8bit):	4.633170920084621
Encrypted:	false
MD5:	8E5EA554D875A28AB36AA4F7D2C00D5D
SHA1:	F4CE72A720C4D80265FD7D258FB9F000EDCF7AF3
SHA-256:	5C32110B450780E3EF93B508F57DC61119E07139580722000BF5B20EE0373E09
SHA-512:	548EB1FF04A124F2F722B2BAF17E8FF176E3B22C752280E3ADA2BD39BD77362012FA8BC7B48A51AF4B57EC172E3388A9DD8041C6EFF26CB27ED0806C2066A2A6
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Japan1-H-CID
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2291
Entropy (8bit):	5.268570148114787
Encrypted:	false
MD5:	621844CE5F059B4103260610E74744E8
SHA1:	8AF5F9BE43E29B87AFFEBCA36EE7F5C0911EDFCF
SHA-256:	476E45AA4E92A49E0ABA0BC368116DC10B69F2A187346F6D641E84CE7F8BCDEA
SHA-512:	17044AF55ADB881820FB8E5F6F8A6700C9976006CA5F8B454FA30219A6B148D55A0413B5711A065D466D7DCAD2B4A03451158AD871BEEC21B8BB89D685924137
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Japan1-H-Host
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	6625
Entropy (8bit):	4.94664691544175
Encrypted:	false
MD5:	7A340CB8C576E40639862E298BC476D3
SHA1:	4BEBD4A26C1AEC5685CC057B84225A66CCF0181D
SHA-256:	02AD0910D538F2390E501DEF9F854991FD640E40F642EA3C8151C2D352943F54
SHA-512:	3568A9B4AF9B17878919E375CBC52B80C49D53EF23444AD26B879B7FE882AD54C327FB018650D0B082EEF9E2A424CEF74B962C2F24E6EEF64035DDC9C299241D
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Japan1-H-Mac
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	5492
Entropy (8bit):	4.818247281547322
Encrypted:	false
MD5:	FFA22A9E53456C64F0F80A88F5896E98
SHA1:	826DEC6715F8B8EC45A5D439826456252D5720F4
SHA-256:	C7719419FE3015BB7917B577FF5A67A545BAE2CAACF3B65367318AE62128F7F5
SHA-512:	4C8E322784E760389D3B1E9608C01BA12051DD808613250227A4AAEEA7B62BDE51F4BD55F6832770F5FBD1B5FF3D1BEB7CC1D469C189E6B330D8FB918CA3367D
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Japan1-PS-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	23023
Entropy (8bit):	4.432687352118582
Encrypted:	false
MD5:	E9843BC8BAF1AAD5D5C01BA302551210
SHA1:	ED212C41F07970A5D7C0D4CAF44145846A150EA3
SHA-256:	D69BB2309BFE0419946069C19BDAF8F5FB9B8C4A28112B159B1344D00FE918C3
SHA-512:	5A7B03A1580C3312207C821909ED335C5210BB695D4E7BDD69AA38E6D34AFFCC4A6650F9B77A3DC3C84372FA1651D5CD8FF0E85913B9E343F353A26C528C3997
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Japan1-PS-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	13346
Entropy (8bit):	4.761500938489517
Encrypted:	false
MD5:	0BE4A8FA59A7F5501F1EC16E779CDA78
SHA1:	F7DC5C7FFDCB54634313E72239FA33C567200819
SHA-256:	6290D3D9CEC868D3A8D724FF2EE13D897A7CDCE008B162D0EE5A617C4A29A174
SHA-512:	5715FBF6110414CB5C256D9D61B58B78B989638281D262512A2E9F5B32C5A00583B3BE6877C9918F975B3830BF6679208540E804714F5F167B9A6F6F7EE9C207
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Japan1-UCS2
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	301722
Entropy (8bit):	4.226348839845
Encrypted:	false
MD5:	4F46F8A3B1344184FCB5FE267E6DF127
SHA1:	8FC7A40B4F2EAF4ECC82610F36EA6DAC548DBAE2
SHA-256:	6C3F0D16A65BF6F49FC97FC67348E7C8E31E439037F04FB66DA65A6C97E6EE11
SHA-512:	0136ADAB8DE25A79EC5CFCCF4C96D16F742066110BF6D42CD172519E49FDA3795DFA4A4C98AD22DDF1CD035C3F058B8CCB1D4D31A2324E0B3325C8E1B9AD4227
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Japan2-0
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2091
Entropy (8bit):	5.211153403100496
Encrypted:	false
MD5:	86FB079F2363E3BDF36BACF967A0B5FB
SHA1:	65C6C161F17BBEF711A5E4288FE6F6517AEC5A48
SHA-256:	12C56CB3CE2E8FA15AFAF9F951C826E5047F8DAFF359BD0BBEE9428BF95B0AE9
SHA-512:	28830F12832AA71CBACAAC34CBB3848CA9D78C930C9397BD8FC6D44DD0BFD320238E1F51CED03393EAA1054228A53E7B467BDD473D09A24451D9909E86478930
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Korea1-0
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2368
Entropy (8bit):	5.171010356752722
Encrypted:	false
MD5:	EC02013FBBEDF5CDA88B8B0E8658E95C
SHA1:	76C0765D58C87957B9AD76ADA640BF811D0C4C6E
SHA-256:	0D9E3934812E798AFFB5B93A8CEC5B419818612605085006170606421B8BCC01
SHA-512:	319FD0C67A0C8643A55A651A3CEF9D526866310F2FAE27A73C57580A62D461C06585D8C8DD3BE843AD536F1DDDE3A335104522E37BCF5263A2043BC1D9881991
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Korea1-1
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	3059
Entropy (8bit):	5.129122414014324
Encrypted:	false
MD5:	6B4CD5F61BEB67959629A58091A8BB86
SHA1:	3F6108CDCDCD89A30F57E79DC242017D051CD1D3
SHA-256:	7EE098E449A676C1D662655BD65795AD4FF26D70868D8BE552F0E0E2AEB41B84
SHA-512:	B086D780F3CF970F1B9D5A18D41FB10555A3E4711EFD1B40F288089753D7161CA72C6DBF925354FF4613CC8FE11CCD9C10899A0631BFBBB155CDE02FA87CC8FD
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Korea1-2
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	3058
Entropy (8bit):	5.121494563389067
Encrypted:	false
MD5:	CE875D8AFFAD5BDB237F3F375709D883
SHA1:	C663C115482833C7539321F609F4044812187439
SHA-256:	79067B2D8C524D3E21F85279E8D6C24B2708FF4F461B3E9EE6B695FF0D44480F
SHA-512:	CA8433DFE06745E3149192E640FB4171A29839E6F32F5C2C2014AD707ADEF2221C5FC87B400ECFB46FF3954A7143CF6BFDC57B0CAEBFACC17752B20B1D50344C
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Korea1-H-CID
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1642
Entropy (8bit):	5.161450495430538
Encrypted:	false
MD5:	F7F3C3D3983BB3F0AB9F8A7FDF540E6F
SHA1:	57779FD346D86E77A60F3B559297D2A29E285EA8
SHA-256:	481DB661D1208863464CF8C0CF560DAC3C9F0DAC93EB0C9B148E70D8D4BC8030
SHA-512:	457448F2583860264E416A12D7106BFDA3C1A86F911D18D21097BBD0B05DC07F62ED949C5C849BD417AE2FC128F0994FE4F4F8E687C4E44457EBBBBBBB9DC9E1
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Korea1-H-Host
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	16064
Entropy (8bit):	4.650693218201857
Encrypted:	false
MD5:	9B7CEDDB1CE3281CECD7BE8C94D19014
SHA1:	5FB3ADB11B66079ECBF2826FEECFEE4988BA3EBA
SHA-256:	EAD88A3C185D3D26EE13B2A857A48BD81B02D588BE341A97A9B216E14520A295
SHA-512:	48639DAD629E2168DC3E8C8D44D33CFBF28824B080AC95239C3752EDFE26EEF5A9F50E59F6C730576F05683495A2C0DD6C851CE124B307075066285A2BF64245
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Korea1-H-Mac
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	11427
Entropy (8bit):	4.710933912284564
Encrypted:	false
MD5:	69C7C283EBC363F1454410269455A701
SHA1:	D84F3D1D658BEC30B6DE37CF4B55908C43EA5A8E
SHA-256:	243F51C48ACB19EF5F0FE10ACA528E41C8136FDF17C5B7B171973C50292AA7D4
SHA-512:	05D8FF8A71D98800049399D9F7291F33779ABD54311B9BC1DD2F0D7F2A8BDD3543D1B48CC8C0EADCACFB93E6242AA24FAA69D5F4CCCA78C6FA22A2C7D51C3758
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Korea1-KSCms-UHC
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	15858
Entropy (8bit):	4.601660556844394
Encrypted:	false
MD5:	645C909314F758F5B91B3B2F4F2543B0
SHA1:	21BE1C03DF7D34FF4422EE6D634670FD657405C0
SHA-256:	F1E527A0F2582D1C6A46412DCF86B92DE591945B16C9E5FA96C5A253AFC3B89E
SHA-512:	1573490553A80406B787CC1B3873844E99867BECD4195656F5911F35A3EA1FA272A664708B2534AD15ACDBC2BF99E021FE5DCCC7F2B3EA0B53A7C3CEB829BB66
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Korea1-KSCpc-EUC
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	11507
Entropy (8bit):	4.6657128696345005
Encrypted:	false
MD5:	F04AE20F3AFF9CD454D21E6739B81411
SHA1:	C1CFCB9A79AC943CD0E37D51ABFF75D0AF440741
SHA-256:	E294469FFED71FAF25737C1C19E825492DEBA82F3993A5B2CE73AE66A765D9C5
SHA-512:	BB9143167E0ABB38966B149A768DF36B5371B8C23619A9FDC79A7F56F37DDF95C6A505707B1B76904F81FD70C75FA1E8E42D32954133F0A1148032AD1CB7389B
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Adobe-Korea1-UCS2
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	154586
Entropy (8bit):	4.289864885715283
Encrypted:	false
MD5:	7C5E7E23F10D577321F4B7123057CC96
SHA1:	FA93BD22EB076ACA13BCBFF30836B8A2320305EF
SHA-256:	60C8D3C8A1CE27194A4A6A2AE9752CA7A63417A112AC07EEC3899805623401DC
SHA-512:	3C0F17610587F94A3296D19A60D376457BB96963AD7C08B2212AF091DEB3BB84FAFFF17161A8AFF0483916FD26B0202F69805E01BE260F7536BF0B62AB616263
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\B5-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	6645
Entropy (8bit):	4.892829972808234
Encrypted:	false
MD5:	7B4D7578185B6F0C6476941585790843
SHA1:	A044D841D9E6C63CF90A0467E79AF5C933975D88
SHA-256:	9D029A6C6FBB2EA0D9B00FAD4DD2A0ACFE4C00F40FFF337F2507B9463CC1EF02
SHA-512:	73366E32F5E4C59DB9466470A1C2D090B25D01090796270612B30C6DA90706189659262FC9FD4C6E6C4767F26123DCC8D2978BF491A1259FE4C6B8FDA65215C4
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\B5-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1833
Entropy (8bit):	5.216807968175122
Encrypted:	false
MD5:	604FF0D5BA4D9035E1339248C06C70BB
SHA1:	22C7D743AC44CDF44CF23644191EA5026D013D14
SHA-256:	45A630FE3ACE7562547433F4D8D7AA644C0309E13F5E18559A1ACE1587079450
SHA-512:	D211E38DA750A1DD597FC6D696EA7AF63DC3DEA87B683CD53E45677C6E720B0EA43C74C82F9B57460C48B72DF01A8D54B83FE1C3FDCBE8DDA85485F142761F4C
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\B5pc-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	6703
Entropy (8bit):	4.891169355474026
Encrypted:	false
MD5:	D8845C19BB3F5D51D113665336374265
SHA1:	E5254781EEFCA7A1AABCF4D12C96234A1C156EA3
SHA-256:	B401FC0320EE08668C32BB272B4EE04FB60BB234E2F678B08317AB0CD00EE09A
SHA-512:	C34E682A93FA616750ED134FC90E2C66118F9EE0B59CBA2E50E9C6F8B58CC8F21137EB793E18D3F3B06C827DA40CEF503CCF66A540BCAC959633A6A7F041259F
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\B5pc-UCS2
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1225
Entropy (8bit):	5.056933263494124
Encrypted:	false
MD5:	A11F8B2F368817709729E04B1D9811F8
SHA1:	6C15E5EA7CCC2360763C874ED158ED3C2D6B8ADF
SHA-256:	8C380993CF31428EE903E19DEA6269E08EAFC83D220C215316AC86DDF9278D27
SHA-512:	3B8989AE7601799E331B5BB13033C02F27E893CEC981B8357ABEC90C3D84404FF67AC9682362E49DFDFD4C912CB16F643BD02C7DB45D6296F99D9F0249FFDD3D
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\B5pc-UCS2C
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	284606
Entropy (8bit):	4.317488056807595
Encrypted:	false
MD5:	024D3FEAF8FE550866F969B807B37399
SHA1:	B0C08E1EA8293C70493386F9D5C06FFC71C36AB0
SHA-256:	888C6276D04A49F4557010175FBD73A25BC69B86A3A2FC97291375C2B1EB73BA
SHA-512:	99F948457084930D0F213FD15AC93DD9CA4EB18B80F01166530E785C8537E298C3EF7E551904CEF43A09FDD50172BDFD50C631703FDB11B2EB180E915D6766D9
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\B5pc-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1845
Entropy (8bit):	5.219501554223885
Encrypted:	false
MD5:	5BCDC030B439D1E0FBB9E71E2DC21899
SHA1:	9716029DBD34848ACBC79FC09D6D623F1D991734
SHA-256:	BB2D5C4F14087ECD7B38E9BC9DAF7B93D298B52DA5AFE0AD43F517E7FE3A48A8
SHA-512:	620BC754983BC0C860B8F95F0B44A50376CF3F260F4C0727A5F91A3138A3E6FB16B4B702535AF6CE88EA70D1B42AA9765383A59F977B46C5F130C4A13927A392
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\CNS-EUC-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	11555
Entropy (8bit):	4.611235104573058
Encrypted:	false
MD5:	BEA633D5831A4F7E7B31D18DC3C71A27
SHA1:	16251DA9B3723DCED2D3845B8949A9418AC843EC
SHA-256:	7A9E70D0DE68474F4558F2ADD0875A850BDF011D77B59C927D96A04C90EB5096
SHA-512:	7721353D3C7A12402E45C69726CB78074D4D7C1E523540EB35E0FC9ED1F4AD1291BBF31E0B68A62902F2E2B5C4AA5E948896D6A33C6B22972556C1C5E7560467
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\CNS-EUC-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	12635
Entropy (8bit):	4.573737589641177
Encrypted:	false
MD5:	0D75EB35B8E4D9380EC15E4507CDF70D
SHA1:	5143AE0C68F4CA37A4503013D864DA0FE49D3A71
SHA-256:	4E80E0A9B5493A10317AA75828849C86A86AD289D402689517F9D54B46220335
SHA-512:	B18BCE9681E34B491CEE3F7CBF41DC6979E49D3B6D9A73CDD27A072158B8195A6FAF2941C076436C5CC343CA6E502B115C9D2298ED47F58EC6B950D792308DD2
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\CNS01-RKSJ-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	3050
Entropy (8bit):	5.1922912313243605
Encrypted:	false
MD5:	AAEDEC104742E28755F18C172F4B14B1
SHA1:	BE8F6A6F737291A63639C0C18616C65F561A51E1
SHA-256:	46BB93C1A05AC550183113319BC235753F0BED043161E4804A238719159F1A0E
SHA-512:	0FEB9E43A6572B60D9688D60F9ED0CDB834FE3C5AD639265D63CCF55589F7AF0BA2D3E0F0414BE764B983B7BAFD42CF116376F574139FE39EB6E0FA0EF62D4AA
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\CNS02-RKSJ-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	3349
Entropy (8bit):	5.158468293032132
Encrypted:	false
MD5:	26F224EF35C6403AAA6332546CA19332
SHA1:	2FD4BD279FD280EF9358EBA7DA11000220E330BE
SHA-256:	4B7347B2605B0BBA71442FADBD6E3BA04920C12E283F5D1581C7E524805F247B
SHA-512:	906ABC0F31A5DD29FF129536B53D381678DBB074DE355F1E1406DCD63DCFA01D5AA4B3A31905478E69AA34C661D7010C9A2DE5627A789AE563916BF1A8BA8654
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\CNS03-RKSJ-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	3055
Entropy (8bit):	5.209964150721604
Encrypted:	false
MD5:	AFE6A20F2CD858D5CE28FD011792EC6C
SHA1:	12F70D9D53FAAA6B8769400702D9CCD3C80245C4
SHA-256:	0561F283342197181B8212C0C78EE72B9B88FAD175DC5C9C3ED4FC6BE75AB348
SHA-512:	2B0D66C4B04DE660E62614C37593EB0A68FF1A5E51356D8D3CFE723DF31FCA116F487BA258F4668F71F9025D6FEA6D0DEFB73809BED5151CB8A1BE278C1AC03D
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\CNS04-RKSJ-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	3307
Entropy (8bit):	5.180300803417591
Encrypted:	false
MD5:	83DA74F1B7853AB199495B72A8CF88AD
SHA1:	FA8A6FECD81BC83DA48A70AC612B9A187B15734F
SHA-256:	3E1F122252E9656B52AE575E8D8D0834E911440814FC0C9EDC20B85B638B2348
SHA-512:	0FFEC48B70D8D6D5542D874A217408961FCE3770282934991EF37E4DBE7F2A73F77F00E155227B7C74D25FAC1B58BA1DA75CB18CB8BAB306E70AADFB1C5E3C18
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\CNS05-RKSJ-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	3601
Entropy (8bit):	5.137154790997028
Encrypted:	false
MD5:	C9178AB1E23B526EA1E1014B9C59E02E
SHA1:	0AC59E7C5DE62EEC283B65440B8F3BAE4369B798
SHA-256:	09024ED4B839164550A0704A90EB601AD3CCDF73E63F3636D91F828330F9F939
SHA-512:	910901E3E4A7FEDB6BEDC21F490DBFC8956605341AC8A841BC49C037FD52554C8C30919363DA0FF9065DFD87569FB11471B6F5782EE3E4479077298B8524221F
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\CNS06-RKSJ-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	3097
Entropy (8bit):	5.207091535408963
Encrypted:	false
MD5:	EF1CDD41861E95FE458DF0D6FEDE7C48
SHA1:	5F7AD7D1E665F961844ACE0AF4BE92C4E4E6E275
SHA-256:	2586A54F3E1F133FA8444517A7B3847E4C56A286E16139FB9C597DEACA30914F
SHA-512:	35BE80FC1510DF9E605DED9952E102A1C885A03FAF55EBC4A63C8247C39A36C080A495B29C9907923423C361C335BE73492278E32C4B3A3285758305999D72B0
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\CNS07-RKSJ-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	3139
Entropy (8bit):	5.1934562935503665
Encrypted:	false
MD5:	55CC09558E8BB88F6CB3051B5A431D80
SHA1:	D38175A18262D343AA0C6C68DD6961336255E759
SHA-256:	D5EBCBD214BEC38B9E822BDD47210D6CD608CFD6F469B04F631137447B5FB411
SHA-512:	600B45ECED9A8308357AC3A6EEEE556FF924C405A5F76A0D0A3C64DAEF4B95A6B0475F96A11658D0D681647FFCF1C67AB605BCE0E267820161DEDC3DB1ABE162
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\CNS1-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	4667
Entropy (8bit):	4.942381707482757
Encrypted:	false
MD5:	C85716491C9566C9BD5B0E7AF3F6F386
SHA1:	CAE48CD9EB830194985A6C39EAE22C56BDCE597C
SHA-256:	BC22058CFB8292CAC66105D2F3DAE8426A8E6392F0C37031857DA73030B81C72
SHA-512:	851A9C96683124A0CB7F74F2BB295C4749EDD933140D9742E10645716B8CAE7660D10178CC225A3D1F4A91060C0A142AF1341A769C0012BA137FFEBC8E7A8C2C
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\CNS1-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1841
Entropy (8bit):	5.2301504886023205
Encrypted:	false
MD5:	7D8462F4D6C64E3082D1681A4F34C84E
SHA1:	658D2ACC97DB36161D04477D3852179B9CEE5A14
SHA-256:	517C6CFD460D3A6529DCD9994B98EB1CF3512D37A03218CCCC157F1067498783
SHA-512:	E738EC34C95154708AC06285DE5595251BD39C9AAAFF68D1F7D2534E1B9A3F7CB072A129C4A530AA7F93418BD8353C9B18357A03B925DAABB7892F1CD7AE1462
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\CNS15-RKSJ-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	3286
Entropy (8bit):	5.180412050370209
Encrypted:	false
MD5:	129149C80F3C961CEA32BB2F32D5F0B2
SHA1:	215087136EFCD9CB27B7B6A6E2BB0DAB0F1A98C8
SHA-256:	6973EC44C3D88C546E2B7BFEB7EEEB8BC0283E9B8C1D8F95010F9D702790AEDA
SHA-512:	2BA08FB30D48BA1D7CC7013D602EA4C5A93D6551E8C978C980C8CF5DFB9DB944FE79B6347270F2FA4A5C7000972AE47C164A6FD1561285DD69DAC8547C788B48
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\CNS2-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	3254
Entropy (8bit):	5.131166395426133
Encrypted:	false
MD5:	82D9B0AD9F7C0226E7BE0D742E930FC3
SHA1:	D0B3D1B0E9B8EA7F6FA6EEF0E4989FAFF20DAC17
SHA-256:	69C7464CDC5686CBE89874B2D048E81DD0173C196F91A1B788D0213A9F1D7A4E
SHA-512:	A7864ABA1CFE1CEC595A679577FAC37A47090EC5BC9E68C86F9568C7F1A027A7E2D721A577AF4BEF7F6D8D9541E3BE489011215AB841116F1E51EC1E65631707
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\CNS2-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1578
Entropy (8bit):	5.0573816100676074
Encrypted:	false
MD5:	798680D27CF063A46C31672693134309
SHA1:	B1C5E7F2E52548F919BCAFAB92F4BAA6E70A3BE8
SHA-256:	51DC557391833091091827B21AD09D3D5DF61251E729C09A5899DDF4523532A1
SHA-512:	B6883B0276EE8D128D2CB17CFE01378936B0E07BA32640F953240EE2AFB7E3D7D4933B8DAD34A631B4D20A3E5646F6258A18F57A943E4D69AF48A238628D4E23
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\ETHK-B5-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	23307
Entropy (8bit):	4.546911437857636
Encrypted:	false
MD5:	F4956ACB0E018EF559D0BCED904DC0BF
SHA1:	5279BE4ECADA70945AEF242E008CF8667C89DE30
SHA-256:	7E527E01A591B7EED2B6B693639AB3245AE9FF2E3119A6E629EF334F58EB088C
SHA-512:	47D865D3A555546930BEA37EF2998265C3FE496F8912C1191B0A9139002A13D845AC14CA089E85D88F44D63F151617E792184268EB62D1CB6EBCBD7E9809FB33
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\ETHK-B5-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1864
Entropy (8bit):	5.253992182292973
Encrypted:	false
MD5:	230F133BE2C5FCE8D165A882754E036B
SHA1:	5CF6CEBEEF4FC5FEF597ABBA90015BFFC1F14CA2
SHA-256:	32F207BEE4FCB5914846C97F25B6EBEDE123A917E37D6D8E0FC88A623B6E6D44
SHA-512:	EAA0A9A9391B1447FB04956BBE073D3890C65DCA301BD2B33596707CE0F4EC1E8BCE3B88238148A6F149572B8DFC35FB2D08CD51A0DDE201D2D1E52E99B1EDF6
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\ETen-B5-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	6865
Entropy (8bit):	4.887989035311328
Encrypted:	false
MD5:	54C362DF1536C5FDFE4561C1FD11B815
SHA1:	19BA0D3136F4C8145BC570F32437FC16ACE5C6FF
SHA-256:	C85AE1AC455531C0131FBA990E10413EBEC0C7F191A1A0E29AB058507259EADE
SHA-512:	9490F69C646BDD1F63020C27E2C6DDB2E745F71AFF2D1B17DF16BFC5DEC243B211CA6AC5927F743BA0475774700EDB13D97318659DC230BA91178DAA5D7F07D2
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\ETen-B5-UCS2
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	288463
Entropy (8bit):	4.227797071108912
Encrypted:	false
MD5:	0E725835F629403DBD5815EDBB3E9F56
SHA1:	BE31C745554B89EF5E3A1901977895D90FDD97E7
SHA-256:	3BC5029EFA482ED8B250B48A1DF2F358E4D3C5FB9CF33C8F07868C5D01C8986F
SHA-512:	B72635ACECEBAAC99E47388DCC5D9B4BB8B85571D180EE87B0F8DFD0A039A931BC2373486073D9B1275F84EA72A212BFC909F7C3F4550745449705C581F828D4
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\ETen-B5-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1884
Entropy (8bit):	5.23352713072506
Encrypted:	false
MD5:	8B12E207BB8A426FDECEDD93E94CA15F
SHA1:	84D3332676ED4BCB16F93DD8C69C39DD3DB84901
SHA-256:	BEB81E16E87B527CCAA56E958FED7F1FCD99B6C8F9FE55F73E0A344B929B6020
SHA-512:	C6A9EFC3502AEE3DE303D644D624CEE644745820D626FB68653F40630CD81B5675C7F47B4984D1BCB112D827310DA20C32875D2204E35303E1489E07DA675FA0
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\ETenms-B5-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1627
Entropy (8bit):	5.067788725497625
Encrypted:	false
MD5:	70B20C3C2FAE4824CF7E3E8A158272C0
SHA1:	ECC9226AD853471223E0D3527110079E0F137505
SHA-256:	5E0C8BE93DE7899A583E0B642934DD7FD36850442248917DE8933233A8995F2E
SHA-512:	258D2F28D150966773FCBD0DEC0841F49CCDF5C26EA2215EBF6FE5FD687A440B1DD9776309B12FDE16CCB1176F715D012FF42C1C89F2B02B25F8A5633E69D44D
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\ETenms-B5-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1959
Entropy (8bit):	5.236739418022888
Encrypted:	false
MD5:	9038BE9F192848D77D1AEA26521D8DF3
SHA1:	91265CE00E1C994E8B787B4704750190C7E982D3
SHA-256:	A1E090A2A9D94CEE5A963E3BFDDB76F60129D36FB40010688E2E582CDF8CAB2A
SHA-512:	84808557682A076D562AEF513DB7C2D28B4A5857A3D17A137142C574FAAA349C740FCEEB83431F82C59574CF0FC2815D914072B5DFE62C37B588B745DD185B79
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\EUC-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	4101
Entropy (8bit):	5.057798878953274
Encrypted:	false
MD5:	2358F6F6033031231B709E02C7D23FD4
SHA1:	8FCB5EC62DBD88AD36817214BC3F615CA58F5EF4
SHA-256:	9E7FAE093BBCCA1A4EFAD4C872A056C1EC900C907631369B8657882B4F38D9B3
SHA-512:	251B7E07C1D816901614848911C4320D934D2B297C88F522B41A95F0A1D36125E0A557ECCF3A016E970BF0576E3DD3397432E070C72F84D11505516ED3D70F63
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\EUC-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2147
Entropy (8bit):	5.256362044042596
Encrypted:	false
MD5:	DC10ACD6B0BAC5089D218607345EB420
SHA1:	C014031F7694878701FB3A9E7DCC04096798CB11
SHA-256:	71CA5CD091F2F542CAA02632FA034FB63E8195F3CE9C8570B4018AD628A48B83
SHA-512:	E233EAA3758FE399FCFBA07351148CF30D954142BF99F45A958EECFD94B35DA7B546412ADF11085B43F623906D0BA7828A1CDDB01BD8F40DF5F4EC768CA5F0D2
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Ext-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	15000
Entropy (8bit):	4.506704719365051
Encrypted:	false
MD5:	EED09160E2A5696B7650FE2F5FC567ED
SHA1:	0E255C1744D863A49219AC09323F03CEE749E77F
SHA-256:	41F2DD4CAA345A3748EE766F1695735F1F2C8C3E33A556B3D5AB61F9E4954F63
SHA-512:	D1B796FBB5FB7D976CE7236F91310D4968B96013DA859832C5E46F925B8278CD1D5967F5A5D971C1BECFBA871E6F9C45F312B9DAAACD998CD34FCC91F9B874BA
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Ext-RKSJ-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	15194
Entropy (8bit):	4.586970901831898
Encrypted:	false
MD5:	F38F4ED375E4AB4B8289B86324DCFCB5
SHA1:	5B6CD448471003E21159C53A265E53066A688C0D
SHA-256:	25B6758621B0868B299300475F83624BD312C4AC2CD6078C5F1E5D369A3E04C6
SHA-512:	CB8B6DD606DC784211617F8A3908267FC2CA7EAE685E4DE32E5CE26FF02FFF82185C2A35F919C4A66763F08E765C6EB741B42496434E55CD039D8DAB32CF8037
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Ext-RKSJ-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2417
Entropy (8bit):	5.320629354880411
Encrypted:	false
MD5:	27220E82F85B7C0BEC216D1359A3B6A9
SHA1:	054FAEA2B003D8DA72D39B11AA7F64480CC8FA24
SHA-256:	BECE635F642C5A0B3EAFD08F5F4F47DCAE177FA04A7502D0367CEAF6BE1D0384
SHA-512:	9437D772AF3D5505957EABE90DF21843A2FDD0C1D20E5BCB18AE8EF428422437B3138CD2EBDE80DBD7340363DDD52C393162ECCBFBD9846AB17FB7ECEA0801DA
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Ext-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2387
Entropy (8bit):	5.284481964361779
Encrypted:	false
MD5:	C4DD85C41855D7C5D149470070C75EF3
SHA1:	7356F582BF3B867E5BE453EA0BE46E85C728C91B
SHA-256:	7F2EC847AB476BF1E805A1956F041EE862BD01581EC7655EF9C6445897786C28
SHA-512:	6C152B83D85004DD042D220E12087D12626F2AF70B6000FB94D375C0C4714BEC52F4FC09D4652575CBE4C88F95C433BA076B63BB0E97CBB2480A6678546E839E
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\GB-EUC-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	3419
Entropy (8bit):	5.1278831444326425
Encrypted:	false
MD5:	26883E7A2D6883C2042D077C8D48F7B1
SHA1:	8D40D8C51A9FA0B6EB6875D699C7B070BFED3DC3
SHA-256:	3C10B2203091397A3123580DB5D8EA62913F1A1089C510AA8ACA95C6A48B5775
SHA-512:	4A4C096FA8B0632353E50C640F31EABF4BAEA8A04959378B7866D4F273BE120FB8490A3506B41287A1EB32471D35E2405AD0ABE162AFCE60DDEEFA8C1472A0AF
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\GB-EUC-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2017
Entropy (8bit):	5.239336441923902
Encrypted:	false
MD5:	EAC5FAB33BD23675CF32F8EC4C6630B0
SHA1:	A906827147276200511164A7368E045A6CA62938
SHA-256:	FFF4F1D72B1DA1DBC6B333E79443CAA30AB096F6241628B7D75D13947081C665
SHA-512:	FF4E2787BD96FAEC3301BD07FECEF398FDCBCA501918588D5C3E1F6965B8A5DB935D551FC5BA5A8208EE61EF341D2A45C52D94CBB55DF2A98CCAD498D062E021
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\GB-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	3307
Entropy (8bit):	5.124224374435868
Encrypted:	false
MD5:	7DF208D36B1C1D12D60409A09FA5287D
SHA1:	E74717289F2684641D68C54C0CD3C43340030F3A
SHA-256:	353D3A1F5F8EA8C05E076BFF8BC74C21109025AE6F3760A120F41C448C99343E
SHA-512:	5B0D6E169FF9FCC52E38983206BCAE7A98BBB7E2796016CB5E72F7497234F3001A7CBEFC88E3D1E05BC97A790ADB5C308AAB6DD9C0104BBDCBA9C396BFA86241
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\GB-RKSJ-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	3550
Entropy (8bit):	5.139193658690557
Encrypted:	false
MD5:	D8B66DB73B8B7F96FEA56E4D7CF5E31B
SHA1:	62A6638E847827307081B13CF3D488EF0C90F7F5
SHA-256:	3362A3E7729AF1692FC00195B3E08359492EC8AC62A83651F85D6000F388F507
SHA-512:	4A361E3A0F7EA674567A2BD882CDCA8ADB4C6BE355B787D6A3604680A442F8D1A49FC827171E8FDFB38F7D36DB481734EB9FB59E4E4267779B9A888032FB20C9
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\GB-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1993
Entropy (8bit):	5.260001876480939
Encrypted:	false
MD5:	64407B0FB7F823632B481CADCA7D5AA2
SHA1:	DC629F45CFC2E1767300D05FC0AA4C281CE4971A
SHA-256:	F0B9865E76B7D0F49941718F5085816B3278293FDE9242C4ED3CA6F5C443B7F8
SHA-512:	046DA29493F9CCD17FAFF38DDCCB6C09C8360E6CF959599C85F39545BCF3684E1BEC91BDF2E6AE94D3B90DB1349F755662605562CDCB729D3E17E13CBDAE2CFF
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\GBK-EUC-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	86194
Entropy (8bit):	4.357258646209463
Encrypted:	false
MD5:	B249049A6888BB40C5C550CF3F7648DA
SHA1:	CDD7098CEDE7D8E51CF80765AEAE6EDF6CA7174B
SHA-256:	6B2F91211371C3DA93CEBB1BC00BA51897566396FB99666CB6A509272E13F474
SHA-512:	7B78EE97394486216818C25B7B3B518C454BF0A228DB273AE22F6CADB8139D7F5C203265906ECD3B523ADEF31D0CC7C8BB39389430B164F13C0E361C3FC14D6D
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\GBK-EUC-UCS2
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	233552
Entropy (8bit):	4.326747372908721
Encrypted:	false
MD5:	21BF4C010DAE576F8EE03D490FC1A900
SHA1:	BE905194052B1C19BF4B97CC659002B023C66007
SHA-256:	24DCB9020ACD2EEE983E385CA7A7A1EF4151E7E6104A9636D4DF3DD248078990
SHA-512:	2354A8FE3BF0C050340CDC809816F58947146764543344CF02CDE85AE7B9784B90403B2E72D174E9861F1B3E4685D12E0AE5B3E415048253EBD74F4FC6FF8A6A
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\GBK-EUC-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2005
Entropy (8bit):	5.249916950235904
Encrypted:	false
MD5:	AC7F879D7929FE62957448DED628FADC
SHA1:	76745DA2711CD1F8E9B0B6460E750CC1E3F6AEE4
SHA-256:	3F1A1049AF42BBB6981CFE8695AE740327CFFC3E257CF099D5F4EF1A7CDC4E14
SHA-512:	C670EF9B20DBC7AF497778ACF1644DE5962839950263DF3C3EB0D051B7E76FBB6E443948392A3C08C96F374D1AEBB2B890932CEA518F8EA8FDCACF9C67F993A1
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\GBK2K-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	95070
Entropy (8bit):	4.354910619485827
Encrypted:	false
MD5:	A2B80C67007450EF86C1D8350BB67224
SHA1:	BBC3A8CBDB5C50DA3E8FA09F098EA65D0F9F7F8C
SHA-256:	8CC707FC72A5EF2AF2AE96165BDA2314E219CC89091E1450CBB7493CED80EC15
SHA-512:	85A0EB37C0470468D9DA231F08D723C236246EF530895B138158CF5903BE3A68E207E22F14AD31E7AB85617E9578219F341BA86CD2B11EA26162D1660C1E869A
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\GBK2K-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2419
Entropy (8bit):	5.262894781711503
Encrypted:	false
MD5:	2D4E5A20AA2DC60EA785D11529FACBB8
SHA1:	1B0D79AF87F61B0E26F8F2561765A11FBCE84649
SHA-256:	5768560AD622D94D9D9D94FA376511EDB7387FA80103E07C58ED391F04AECACA
SHA-512:	858B4F12C62CA2C300F25434F5E48761747579E421AD803F8901CFDABD998BB9DB5EE5E5EE4E14CD6A6320CB5FD1FAEBAF1F8DD1346CAEE5764650FAA7BCE0F4
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\GBKp-EUC-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	86174
Entropy (8bit):	4.357565246965052
Encrypted:	false
MD5:	2FD0ACF667E20B2841FCA5F883695823
SHA1:	8970A6F575581D14144CF62D48055AF69F2F9EB6
SHA-256:	316A9438BD9A7D3295397139595DB96976642A42A8E28DA2A8A095947FDB6435
SHA-512:	985C5016B47BAF2E629DCBDF6C9EF48939624688507DE0F01C0452C75B4721B27E10BE6881DF16DDD1CC30CDE233D4C4FCCEE1C4A54F7B392CC43DC2C6C6DC2F
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\GBKp-EUC-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2011
Entropy (8bit):	5.252553923776346
Encrypted:	false
MD5:	1B6B284E97375447818C20F9F86C5044
SHA1:	124FB1FF71E32D36CA33F8D74245500D47D7FB5D
SHA-256:	03C8EE76256D08B40A02FA7C9ED3A8F9CAD847AA73E4FC22B94532513D331FCA
SHA-512:	2A71CE623C6A8B3EEDBEAB7AA1DB9F85EEB0EA8E2262F33B2D19A1A8728A821C82F7EDBA2A3C6B86669ADB4CF7F304A4315D62ECF0E006C41D655F01E8204CCA
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\GBT-EUC-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	48024
Entropy (8bit):	4.429933465288752
Encrypted:	false
MD5:	2669857901B405C9DAF418B375C6B4B9
SHA1:	8B061DC2D5039C079C226B03DDD7D2DE0DB25203
SHA-256:	654D939871EC08D54B2635C6D7C4E9EABF709BB3B45691D7ECC2F0B52D60EC2B
SHA-512:	29BC3B41E62B47FD2D0CB7A6D7DD9569AE521F241C6F1DC988CFA598E5B44ABCCBBC7A32F1ECA1DD7137055C7ED129B12C996BA1ECE2D06D867B7B919D8069AC
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\GBT-EUC-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2025
Entropy (8bit):	5.249164677052822
Encrypted:	false
MD5:	1E928D81ACBA834BA6BE5DBF3B0F65C0
SHA1:	85CF74FEEBE92E7A2B617E014B2A96C4F7245FF8
SHA-256:	4041F02E340DDCDC733A5FA3419004C58B12F9A1E031F24CB7C022DAD7CCE1D5
SHA-512:	B3575198F9BD153F5DFBFB0F60371AFF992CD6F637CA8C66BB34F2D00802132BC8EEF48B32D2AA3514A0CB4809D62D9BC056D3689888228E913635D154165A43
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\GBT-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	47912
Entropy (8bit):	4.286356980036747
Encrypted:	false
MD5:	BD9AF8B1C388EE475CE68AC0AD02729F
SHA1:	63B77C1953FF8A5246325E1CC516927B6EEEEF74
SHA-256:	B1E511E7F86DAF0A7665AC4E3AF32D4218E1494CC0FFABE589284A7707F3D266
SHA-512:	CFB0A7668BC4FE50C15A90BCE767FDD6849B3AE0F1E1D709EF5094EDA5DA389734CB9E2713281357CFB021146067B0BDDEED628C8DC25AB8141D00FE8C0B762A
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\GBT-RKSJ-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	48193
Entropy (8bit):	4.364747070736022
Encrypted:	false
MD5:	0B0888CAEFA7A55550A9A1E1EB879C40
SHA1:	605FC3B0048C0C5691338A4F259935A614A2184F
SHA-256:	0EF0C91BEF96F9628C0882DCF88E2F7AB812B2D93823E1BED2D815AFF363AF7C
SHA-512:	579935853B564E5E5C6B319B849AD13E1CFEF157B245855A520D1194CD41E9E39EF6575B2F7690C300C37A32BC9EE1BBF903CBCBDC4C570DA5E07C5517917307
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\GBT-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2001
Entropy (8bit):	5.268608826582207
Encrypted:	false
MD5:	1EB6233CC7CB730213861DAE2F14893D
SHA1:	2552CD700D1A07DD4B650A12DCBAF3B1ACD0D8B8
SHA-256:	6B2F470A8934AA3B6A1B67A4BDBC16B4702C030EC69A07D7EB933478107CA70C
SHA-512:	74295A23C7C6F2850ADC9CF1EC1E94370AA5889FA18F775D9EE5ADCBB7B11E66904D60DC3185DA4093DB5407A9B56A1F868088CFC7CD27E72149020EB40924D9
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\GBTpc-EUC-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	48056
Entropy (8bit):	4.430595848031663
Encrypted:	false
MD5:	CD01770669F4F3F48DA30CE4F5092205
SHA1:	64916CAE49556D8466E2150DB955E47C175C2BCB
SHA-256:	21DB70EC42B7371BAB3A41E732AA00BE0D78D23179AA7F52E6DE3461BEAB7360
SHA-512:	3E3AB4439FC434CB4453935E4ECC5055D6C7496CBA4AC54BABD85B097077637CCC9374FB6650D33286BC33D32FD1DB185EBD77C060C5B0227A082593281BEF10
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\GBTpc-EUC-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2037
Entropy (8bit):	5.251249267784298
Encrypted:	false
MD5:	C10DCC7238E433F0F629A63619A46913
SHA1:	6F91AABD472AE5837FC59F3617506AD6D747BC14
SHA-256:	8AF22A9B1AEDC5CFEFEB02847FE326D6C3C0120D30FCF3D0AC40B423DC2ACC1D
SHA-512:	47F5A376552F9A321721B315BE90B06F150F7F39C95EAD6EE2FE0D8F382BF0B3995E6A297341899C75B95E18E05D752E564462D80EDC6E6C3E754C53AD8AD4E9
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\GBpc-EUC-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	3449
Entropy (8bit):	5.126107819902899
Encrypted:	false
MD5:	8D2AFA19131AD1EF393431D2EE2F9E51
SHA1:	76865C0DB702DC7444E72B17B86C15E0DA32B74D
SHA-256:	5D716B1CAC02431F1038B902A7A8F1F4A5CFE6253EF6E3A6B86520F6E7DF4802
SHA-512:	2C53484683E87A405CC600E57845AD7C8F1CD0E487226B6B83BCC4F17668E3676BAB3F84D10C55BEECB43FD40BFD8F0671F86F1562C2BAEA81686AFACAD1D406
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\GBpc-EUC-UCS2
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1312
Entropy (8bit):	5.136092293646785
Encrypted:	false
MD5:	FE8EFA99EB07745903BED6701BFF613D
SHA1:	F7BB53CDE9560A6F790E9B89BBD57FFAC743110C
SHA-256:	EA253A403CD6B7FA765FD3B9C610DAFF01F1D2D741AD152A45702C0422A3A940
SHA-512:	6969A76790C1273E9741280E8158D22CF044CF195B7A903ACC5F024EE8C294790DFDD27128EB8B8568A6FCE52C2B6B2E8BB967F0246C19EA7128FD1C2F0159D5
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\GBpc-EUC-UCS2C
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	148118
Entropy (8bit):	4.318570172075577
Encrypted:	false
MD5:	CB45532360760B263C661E9F2F45E985
SHA1:	362AB893E6EAC9A10F5735312C03D9CBC0250B4E
SHA-256:	C91D2366799BF13F683C08B1336400BF107AE7A896324F46CAF56DDB21C08032
SHA-512:	0B40B9833A69AE7F46105004DE23EF1D823BAFDF6364A76BAA72904CF23BE00F4D3FC3AF8E73CA79FAF72A8459D2E729B444EFA29D5A70AF2B629F106CD2F930
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\GBpc-EUC-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2029
Entropy (8bit):	5.241307995045708
Encrypted:	false
MD5:	5DE22AD7667E4AD4616C09833AF1C084
SHA1:	EAFC2219E1969243CC6F636BED5D48614646A279
SHA-256:	C0576219C0F6ECDC076237BD99815A9A6BC4B07DF4BE70B536F717E87D73F688
SHA-512:	910FEDCCFC9C06822AC4C777C03999AD31C0C5837F5AA1A83E7B75C3356D0044A9C8F38BD238EB6A7D244BB234D7CD7A8C70426200AAB5759440B92DFB51F81B
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	3960
Entropy (8bit):	5.027535287584444
Encrypted:	false
MD5:	5DAF0BCB9D3CB7C4F36EB8951A38B19A
SHA1:	335DF350C8B3BC538B3648B298EBD17A61CFF087
SHA-256:	6783CFE95CC4F9B439C47642E66CC3C725C52157C40590C36ACC23EE1E12872B
SHA-512:	3EBEEC56512254C8AD190DE5D7551F21993131B2C93E3A568D96CA4DC445F1CADE1322FBB84E16CDCA0AD36EBA86FA301F3C3BC38F9D33EF67903F1B5F52B457
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\HK-RKSJ-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	7247
Entropy (8bit):	4.812260355929699
Encrypted:	false
MD5:	8ACCD9976507100991C3D27333137FBA
SHA1:	CD74B3F41F86A20A6C0A3D5A494B458BD951FC4C
SHA-256:	E830DB83B9B9435FE97DDC9E8857A979D9A0C83C8892AF449D576FA99705150C
SHA-512:	F07E0BB6EF7D9D443A3553BE6294648C33D993C448D3EFAA5D2FF3DD7052E9E42CE3CD20FACC15FE9A7A6239501F09FD57CADC30FFE60BC44B688FAB517CFCA0
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\HKdla-B5-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	23221
Entropy (8bit):	4.501080988872886
Encrypted:	false
MD5:	D877EB7668CF410ECB6999F9B8035EDC
SHA1:	7DB9099D4D7D42D832DD507CA69565A4B7ABAAEC
SHA-256:	34A387BFEC7BE35DF2BEB73E82ECBC3C5498BC450EC5BE6E704CB0836543D4AC
SHA-512:	5F8C32B38C52F4607B8F4A5CEC2C29D2A52DBAD6B6F98AF646C9324C1A75FFF79204A4E92957C984AFB842D2122F930D2C752AA9F9C15CE7FBC04608DEED954F
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\HKdla-B5-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1849
Entropy (8bit):	5.2305927483462735
Encrypted:	false
MD5:	E4FC36EE40FDB0BF7AEC2EF8C9124797
SHA1:	4AA5039F7002EF4680687B0A5F3BA259C943A12A
SHA-256:	3570D662E197F182F8144D7D5473D3321DFD77025A4A87D9AC53B1199C0C5479
SHA-512:	D18F8638DED8B23AE9802D10C204C41BAEA54B435850F2B6926551B825B68C5E21C4A02E0F71FD3A7281AD073A45A76F04726AE9CA6137FC38D4BC39D5B5AF9B
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\HKdlb-B5-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	20763
Entropy (8bit):	4.535177510633614
Encrypted:	false
MD5:	3E04A03D09A36F56DF0CC910A0A9ACE1
SHA1:	5B8DF037D1D9FBAEE421722926D1AD4216AE9784
SHA-256:	D701F8B2FA673774C892ECC467F30E1373A38524AF5F4A0B060CCF294DD09170
SHA-512:	5B91E20B5955309E01C7DF909E76D4BCE553CD2C74DED06E8CC592D25800B0ADE301C427A2A65570CC3214424C26FC1FC7523837B590F1E0568D083FC06619D2
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\HKdlb-B5-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1849
Entropy (8bit):	5.2370377288261505
Encrypted:	false
MD5:	C488EBCBBB15E1E0642620E3AE127556
SHA1:	C1A49CE7F5D39AFC418F0CB2BF6E4C4DA48AE882
SHA-256:	369F949C834BADE0F075ED10D5E0C771AC0B5585FF64F748FB20F40B47C05314
SHA-512:	154913F14153416CF9DBF988F599CD2E45F48CAC5401EBEC4E239B592984B5B00E8E3E985F78F1E25A89450961A686BCAA94A8F32825B864EB8FBD9AF2DB3035
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\HKgccs-B5-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	13191
Entropy (8bit):	4.672889038225066
Encrypted:	false
MD5:	DCE9566889B72E2E4B2340917A6542B0
SHA1:	249E2AAE8AD97FDEA285237329A0E9E302F879FC
SHA-256:	5249D999FCE9C6719DA79CD0CDEAED8B6C277CDFB8B081E05AAAC9CC8AE68248
SHA-512:	A372E01F98AA4EFBAFB177111914A3E7E3C125AE8B1EC6D62BBAAF13577D814EC6FD530EB9C15E83B7B9812B2BF8EBDBD1700102B14BB8C98339D505F20DF91B
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\HKgccs-B5-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1855
Entropy (8bit):	5.229855085156943
Encrypted:	false
MD5:	45C50644BCCC5CC00C918BA1019062A5
SHA1:	BCFC28364205CF636C25E4E7B1047CDCA3E2B356
SHA-256:	CF6FFBB6516119A9D07C2D4618002E4CC94366F65DE41FA751313EE21C337D05
SHA-512:	FE459308274D85A13CEA330ECCD43BF127FF0CA57143654CBAEE11E89F2CB6ABFA7CE3541D7496912C254186A5044CDEEBC4360958310BB3A538A6E15B3A3B50
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\HKm314-B5-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	12995
Entropy (8bit):	4.650969116078927
Encrypted:	false
MD5:	33DDD5DFEDC3040F5F670C38A67EFDAB
SHA1:	87B4457CA64A94CB5218C8771BC73F8C89EFAB60
SHA-256:	0A7E50AD05CCA4A72BD54AF0C6503368762B9F3AD1B15C952869B51FCE7A04B9
SHA-512:	161E961C8AF55B61D5A047F838FD64B4DB120177F86848FBCC86AFD8638E9C7DFCD1D088F8426DCF9589F928F8F8CC1DEBC91EFFD802F620446BEA9964B81A5C
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\HKm314-B5-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1855
Entropy (8bit):	5.243762095055088
Encrypted:	false
MD5:	9477D269A88FDD9A3DB6C7B3A8D159BA
SHA1:	08D29E01D2F4E2E54ECABD3921E24EA80B96FDDE
SHA-256:	11DEADC70F31BBAD6B6AA1BA37C73302F438767CCD67506D1B5BB27C3899BC5E
SHA-512:	9D569D9071A59C55A1136147074F270F73202BC5B2BE4826D54AD3089C14B02B0DB92C11AFBA460CA65AB07D1DB4A26722A9F2E726B68FC358E11F8498C75E56
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\HKm471-B5-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	16115
Entropy (8bit):	4.590148111730892
Encrypted:	false
MD5:	8D6EB731D57DFF76452C7AB2F8FEECBE
SHA1:	5521858AD985621577D10DE3FE2E435612FF74F8
SHA-256:	23863BA069BEEE14AE023EAE65E9C6A5B12DB1011DFF94B925F5FCE2574FAEF2
SHA-512:	90D455EA7BCBBA1BF5815B02A7A4703B9AE913200E594FDCB3FE6B5E1B38A9CC828E195F51B11085B8313215247B250DCBC5DC43657C3BABBAAB6680B0CDBE6B
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\HKm471-B5-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1855
Entropy (8bit):	5.243449191320858
Encrypted:	false
MD5:	48E3B9D3AED6BFA660BFC0C7F3097533
SHA1:	848DD39D1F647723E05A302F7083D504D6E7B8D0
SHA-256:	3C1F7FB2FFE52CEE2D50F80BEB80E0E8E09D4CF9E33938EBB1FEF7205DF4BF10
SHA-512:	88768D2CACA911EA5A8B1CCE6B19084532EB92057298A1193CDFAF02EDAD295D55E670CA06A0B1AC21FEEF9AA79E7A96130FCE70E5F8DADE45010A28CE560783
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\HKscs-B5-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	23361
Entropy (8bit):	4.545930813211224
Encrypted:	false
MD5:	A3A096F60659D7BA1873663DB547D611
SHA1:	8B65ECCD4E4C45E14C12BAB9A577323E451B03AF
SHA-256:	A96A90AB20BE6C8281421538EE41BC9102C77C5AD3C3DEC12FAA72A80927DB57
SHA-512:	A8082443E8F51DB193A716559ABC2DA18B56E30AE69AC75AAE6EA63D35CA5DD79E78659221EBE39E4BED2CAE70D471D5BBE123504CCBCC44F4EA8FB269782DAE
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\HKscs-B5-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1870
Entropy (8bit):	5.2372878001750625
Encrypted:	false
MD5:	FAE19B4B55BC5421BA52DC5EAE88116F
SHA1:	3D634042407AA964E55D2D79681F065DA3900325
SHA-256:	02661B415B4B7D1AD3372A89229DDC529ED8C08019B37AA51524E108A66C571C
SHA-512:	D3A38ADF486A4B98FA6FD5A338965DC8DC85D9DB4D86BD64236E128E44770562304589F815973BFAB0FBA83E503BC3F27F8FFCDE8CD13B5ECB5C1B5A43A3B6F1
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Hankaku
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1728
Entropy (8bit):	5.175721091464519
Encrypted:	false
MD5:	70CFCF2A397B5E66235006510D13842A
SHA1:	1C6DC93672AA6F9DC53431A6B98458C8ADD1E278
SHA-256:	EB36804C03D95C99ED21A201E89B0989E16475039CCCF9DDA92B90762C70D1AA
SHA-512:	08F650F5A4329FDFB576DFF737BFE3C6CB4EE8A1A43FF3CBB2030492A0867BD6352B542AB1236F4CC1395EE0B6CC276D9937A1E26464C36EE617F4FF28C2BE9B
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Hiragana
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1700
Entropy (8bit):	5.150267734785117
Encrypted:	false
MD5:	0C7BD68571591597587D45BE4BD6BE83
SHA1:	720BC119ABDB6374B819485F65BD430BAB9F3399
SHA-256:	ED105696E456E50BCC69E24FD8EC30054B573EFD86456BD792FBB2E677C26E94
SHA-512:	4D8CC04A148C73D2C83301A478132DDA6E527E63DCDF62DE50BE7590CAC241A7B23C2C181968EDAA0E81C911A4D5FDCC17A66FEBDE0AFA81327B546BA1A61E36
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Hojo-EUC-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	3607
Entropy (8bit):	5.074818824254253
Encrypted:	false
MD5:	7891D09A7F1C4C40B4DCF99AEF399AA0
SHA1:	B7FF94DA1FE2C80B3E4AB303796BB105D7FFACA3
SHA-256:	231A9F6539A8F7D6FD38991D4A26E6A4FE6BA188457E5EF6CD3445BB2C20AEB1
SHA-512:	2748EB9399B17B92848571A20037764F3F20A38B1914C9C7232266A2C1E81A9F1A86B7B6E4B9BB42BEEF74FB7F24F07A66093DD358009BA7E47DDEB97A4D64C8
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Hojo-EUC-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1604
Entropy (8bit):	5.067539032712524
Encrypted:	false
MD5:	BF2D0EE5EC6AC3A48A0E3027935F2350
SHA1:	A83B71852143E42E0FA30E8BDE168C3AAEA15886
SHA-256:	A09B10C00934A7F96837C52F7B03DA1F9F4F32B5E64CF93798A066FD8E426BCF
SHA-512:	94D190BE8244C135C19AA3FBA4FF9D43EB20C4D73F7289661019D9F7EA15E78C4598F25BE00D8290AF34013204E6375D297B74DD5723B3C8CCEE4DC6B1994FB7
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Hojo-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	3257
Entropy (8bit):	5.114149491681241
Encrypted:	false
MD5:	182A922F10BDCA03E04AC1E39260CAD9
SHA1:	2A331DD3CFFE9045131D62367C1F40AB3EECA67D
SHA-256:	D726AB0B1F998E431139ED2E200A2838006CB1903F261723B5DD872A0DA2094B
SHA-512:	8A96A4C13A9C30ACDE1056E8C9468D662E25D22EE28F8FD9FE4996130CA26B8B0D38A2DE929D40527EC4FCB7A44BCC19C997DF918E2E5D2131F6C2FD8F100316
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Hojo-RKSJ-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	3288
Entropy (8bit):	5.1738961330346065
Encrypted:	false
MD5:	6460D20D45EF63AB0516A916B633ECDF
SHA1:	76E7101A0D347CFCEE49C84AEA79D62D8A433010
SHA-256:	67BBF77A1F1C849A3B3B920473EFB0F6540ECD1D05A45B54A79BC9E8F8FA2549
SHA-512:	15FAB8516A4ED991F27F522FD39D0DE1A0FF959B2C530E13AF566A09C79387FE443D57C8479DD8578EDC82BF9DF72CFF82316985EF06A5BF25706CC8A7633EC0
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Hojo-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1580
Entropy (8bit):	5.0496756098077356
Encrypted:	false
MD5:	A98D2728D5DD5723BB8CD07FAE60477D
SHA1:	812E21B865443DD6197BABC90D9ABB69E58564CC
SHA-256:	73B2C15C5001637361F8B683903D40E3DAA1223FFF1AD475647380FB5C34CB93
SHA-512:	5E9034AD78D760F7CE09A6E22783A812F2639455D533FCA73E47D0486EA081FD7C0D9465BD95CD093A61811612927A14F338AF4040FC7EE915F3CB5AAAAA4820
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Identity-UTF16-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	ASCII text, with CRLF line terminators
Size (bytes):	1332
Entropy (8bit):	5.131173186304104
Encrypted:	false
MD5:	27ACB628A1E99A5647698BDD272BB587
SHA1:	A44FA6CF7B3D98D35A86DF56E38D49EEFEA04689
SHA-256:	74DC663534D6CAF2E20E5947023B22713AA778C08888375D2E5F7018551C32CC
SHA-512:	50CE2E11EE266036144F6386805DFFC662F848E905F658F5567175A8031BE0A04F64CD60B66F4CF2A17083216E86D67882C857FF7E9413F8DFD5D871F2F16A0D
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Identity-UTF16-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	ASCII text, with CRLF line terminators
Size (bytes):	1332
Entropy (8bit):	5.130570692495238
Encrypted:	false
MD5:	2461E1E65FE6EF9224E420E003BCB76B
SHA1:	CA51F0839A47696920D82F90BB4E98E5895B92F6
SHA-256:	03AE3E020AC20227B2081D2FA6A012FA4CBB420604CB522D4423DC37F228CB16
SHA-512:	163BD968DA6286017861A00D1C3B0124A3908E915FFD9F4318560805F9F18409462ED20AEE949377EBEDB360EF85F2000B8E338FA397B877D7CA9375E9C8AE5C
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\KSC-EUC-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	11109
Entropy (8bit):	4.691221499895414
Encrypted:	false
MD5:	1337895384985AB270850AE10063C5AA
SHA1:	42816A7F3AF8D2765253EBFEF3BBAE9720B3D506
SHA-256:	7C7515909DB551ACD43A0598F15C6652209583EAE1D77782CE1C476F5026EB05
SHA-512:	BBE85C7DB365309A058457EEFF93697BC5F3F9AEA21A3444C30FF839290DED202AA90409CC934C6A50F369DA7BDAAE74E0F4A4F24D8CDAB3D523C08D3B2FDBA4
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\KSC-EUC-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1949
Entropy (8bit):	5.234813483184874
Encrypted:	false
MD5:	2EDBB430145D6FF8987300254BF2DE0A
SHA1:	E9C97DF2B4E633776D1B1523E0F13CCA96D0CF9C
SHA-256:	84D811F9FFB6005EE506F25CEF518B9DA9C3BC3891E9B2855D46E0C00B8E9DDA
SHA-512:	8529D50B21F21C7DD1188C07CAEC4E0A6958B29860CD2C948C35499CC58E171E45C11EE3AB2F473ADED5171D5187CA2A517CA278622DE474FFBDE35C4C6BFDD8
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\KSC-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	11012
Entropy (8bit):	4.5688867872737005
Encrypted:	false
MD5:	12B14DCD9711047F64BB6883F710CF0F
SHA1:	63B75A23F11C7A837D85CDC01497976CEF776721
SHA-256:	05DB9C2A12C75FFE403451D4FF33557CDFB6B1F4007030222BCBE938364E8B6F
SHA-512:	9F70782C6424D08CA0F441DEA533D631E34B727F5EAE48798F02ACBFA2ED3463792798C7A2DB5E800098F053291396FCBE97D035991FCB89D3141982BB541EA8
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\KSC-Johab-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	87414
Entropy (8bit):	4.365632592776579
Encrypted:	false
MD5:	8842FEB82D4AFF12990648F71D634903
SHA1:	EA1FC4B1EF8B3CEFA2D4736B4D8FDAD7F1B2600E
SHA-256:	E4591F6B3D818FFB50D9C0D82969576EE9B1669A12DD2B43AC551CA2EB836CE9
SHA-512:	35457AC7E24CB1C8B5CA1975B719BA242AEA400750E8AA0906C0FA8C509B02CA3F91B7B5289DF3CB996203F361AAB5F1B16942172AB62209EA73213DFBB4DB02
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\KSC-Johab-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1963
Entropy (8bit):	5.255030904354283
Encrypted:	false
MD5:	1BB722B811D7FFE87103ECF5D05A2686
SHA1:	7040F268F9EFF0CF3C663DDFDA926103DDB7FCC8
SHA-256:	7C40E8CAC63C64135FE36513F4C796AF4D73EFAB2E88341E9156FEE087118091
SHA-512:	98833E26076FE7F21C673022431B8E9EA27E721C3780579C7CC668D3A1D79F0139B75332650B666A62C7C44FD85588E4CF47A5D9C5C82EFBC17825C0FC48607B
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\KSC-RKSJ-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	11242
Entropy (8bit):	4.643667077691946
Encrypted:	false
MD5:	47FB4F18080859255C148D827B899749
SHA1:	A8715C96715D7BAF8D5DEB4DFA9F6F29DC7DD031
SHA-256:	1F476C1BCD77B667425AD69F1413B29B07BE62067D9F719B1C5AEEF073D1D2C7
SHA-512:	80E50E1C57C3A6E564A230A271F3368015522EED7AAF91FBF646EA1065DA62DFC320CAB812E0688E4A944EB16C9C09ACA6AD8B3D0B3763531FC7F1A838294891
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\KSC-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1925
Entropy (8bit):	5.26566442501378
Encrypted:	false
MD5:	BFE3CF0933206B2E903394E205CF4304
SHA1:	B88C4ECB5F48227A22FE6E077EE01EB455590A42
SHA-256:	2348CA9C77B0074EC0112BC97B5368EFF2D04AE05CEF58B4EEC50355571988AC
SHA-512:	7BD2EB08974C79B9F670BFED3E6215FE07DA7D275A8615C7BC4B6A3F910CFB43DE1E4AB33748E0333F1B9E92F3F786CC767FD2DEA0F17D0C053BC437F2700FCE
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\KSC2-RKSJ-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2225
Entropy (8bit):	5.245955519049
Encrypted:	false
MD5:	770555BB50CD56A5DB535FDDA910F260
SHA1:	FF2F45D66872B8C14D06CD2E5D1E30D216184696
SHA-256:	56A4C8EBE5BD1B4020879612745A219670423762FC6D236CE80894CF1973BD82
SHA-512:	1AD90656EAEB796A4BE816E13577B82ED76A8E70D1C50E377A7248B420B1A7B5FAE027B927F807D530C594178D6DB7C25A4CCAF9B721B4C986B49D4F818C0A75
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\KSCms-UHC-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	15535
Entropy (8bit):	4.621268590651476
Encrypted:	false
MD5:	3ACB9DD68C873E5B406BFDC0A93125AC
SHA1:	B63CACEF29D7780E211A76FA97DFD9A4C2EF8F7E
SHA-256:	4EC6B3B7C9DE462A87FAAA6220E063BA28C68681DA75A95E386767B2918DFC08
SHA-512:	18BBBCAE48E5FFAC72B8279EA5273AF470C7C3D2328B3F6BC9101FC1B72E446F3759410A199425C9824073A1C6EAEA9BE649807684252678AFE85E9B206D2774
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\KSCms-UHC-HW-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	15530
Entropy (8bit):	4.622260381071149
Encrypted:	false
MD5:	170324040C7709CB05778DD6396FDC9C
SHA1:	3DCAE2891C9CB7A6A4E57DDB513F79321B44D6AB
SHA-256:	6217EDA4DCC4158449897D29D94644BAC4E72EA4543BECBA50C0AFBF66F5D591
SHA-512:	5366F980049DB9F1C6A010F55B4990F62DAE5EADC7E8EBD6F9698B6FA5D72CE2DB81E78E740B0995910141A7FD6BDF1D333B6F9521D412E18BBAE18F478B0068
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\KSCms-UHC-HW-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1961
Entropy (8bit):	5.2487943579875465
Encrypted:	false
MD5:	F9EC144D1B6CAC272FC9D28D2DEF4B2B
SHA1:	1476709D171524DC2351C37A6A28D637D714C608
SHA-256:	89DE6CAFA14935EF91BE4CEEA1FE40B47F80FAE2F4A16B54986C1E799088F7B3
SHA-512:	9B3209033B87A3B2E576729E4EE9482724C0647105D182DB07EAD127C645ED8C58D7286C5C1853378CFDEAA0C9A45FA8A611C71BAB4EBCAB2E1AC42A0031E04A
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\KSCms-UHC-UCS2
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	189847
Entropy (8bit):	4.31583456460647
Encrypted:	false
MD5:	EC62E4706D898ED13F07D063E532BAC5
SHA1:	AF7DD8553BD77B958EA5BD93841B18EB41145FB5
SHA-256:	6952CFAC82E5825D203DDBF910E2FC2BB1E784BE2583D9FA2E3FE248A50FC1F7
SHA-512:	0D44A9B2B0B915607BA3A7098B9A36C38991359C9718C7E7264701DFB864BA7F92BFC97576A2D540E2A2835EAC3EC981650700A5A10AA4B056053729C186DDB9
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\KSCms-UHC-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1963
Entropy (8bit):	5.240082979986549
Encrypted:	false
MD5:	96BF9E31531C9BFBA9E4F6E9245EA925
SHA1:	C4B0837CA4626F2CB7A89806678E8226964D8166
SHA-256:	E1BB6EB6F35C112E2F54DA3C4876B2B6BF7ADA08A1CBA0C11A4B2E2D316E6E48
SHA-512:	BA0116101BA64C8AA0C9C575629B823D9052A5A2F8B545E94D5A6EBD993F6891228E3F00826EE9B8D88B7F94A068F838E6AC4BB63FF18A45D9AD2206CA0D8156
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\KSCpc-EUC-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	11982
Entropy (8bit):	4.678806061088719
Encrypted:	false
MD5:	0EFEE00F38DEFD746ACBD9B5FC8E14D9
SHA1:	DAA6EDE16E7723FB854600B514F1A64DFB867622
SHA-256:	40DD90203AE8B157C6FF4C7071518E75DCA6E5F8564BC969527E08CE65ACC635
SHA-512:	D1BC90CAF81F1B802E75F99141E6F73C2F90D5AAC7DB2C62A0A2836B3C59FEC2968E5340F815A7F82E3E877B8BC48F772AAEF77E2AF6C62F41C8BA592FBB2E24
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\KSCpc-EUC-UCS2
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	16328
Entropy (8bit):	4.457369179432482
Encrypted:	false
MD5:	EC7C9E766FB43B8E061F3C38C79DECC5
SHA1:	6FA2390F543A8A39589101BF9F96AD5CAE870FB0
SHA-256:	1EFD3F3F13BD05CA61BE140DA317139BE25A691E69E0C91A316E82B4D54E2A2F
SHA-512:	DF941F912783A44DE3FC23B4A52E440A746238454394D46B9052C599E5C4FF2C52C02E507E43175444B4A9F0A49397119E0ECB11BB8B1D45B30142B39B071865
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\KSCpc-EUC-UCS2C
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	156825
Entropy (8bit):	4.31295581467665
Encrypted:	false
MD5:	60FCEC24EEE50ED14C822303D79AAECB
SHA1:	937692A8113A3D103B404B1FDE25314F1203D96B
SHA-256:	A3B5F63883E82A05B7A6805EC39E2CAFB4DC7CB2311575CAF5F0E0DEC982300B
SHA-512:	E04F1A1AB9EFA83E82E558C6DBE5011D3A0447CB794A27F470D3042956D6655F49C24655DCDC1BB53091AE69D79DE51719E377801B755F730A68F50F50299234
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\KSCpc-EUC-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1961
Entropy (8bit):	5.236850201279202
Encrypted:	false
MD5:	6041245E60719C33461ED77590C070F7
SHA1:	C86BBB89566822723DE934F9A1BD47775DA2EEEB
SHA-256:	97BB89829F20AB73BE041B7A30560ED90DBB3C4ADE41BD60B48C8E7ED72B9056
SHA-512:	8ED61E5F7C95B59D5BF74F57CBDDDBC30DB9E355093A1C9185A79806B876A1CC57D1ABDC56104E9A851EBB151C1C09785F68FA78632423E2A806CAD07AB0406F
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Katakana
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1610
Entropy (8bit):	5.075539592749382
Encrypted:	false
MD5:	7A22CA67692AA2BF39FAA6C2F729EC5D
SHA1:	87B39EF7F51AFC2DACC6D6ABD23F466661D83FD3
SHA-256:	78C828243AE2A4DDCC4D44C52DADAB769EC80F37E3CB1760953C2A454450E2B0
SHA-512:	CCFD1FEBE5318D3F31089B1019FD5475E53886CEAFC1FEB8C9F192BAD589B8D4BB141A6E8A09376B7C8FC7E3706EF683F8D7926648D4906576B20DB0225BF161
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\NWP-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	16974
Entropy (8bit):	4.4798237372977985
Encrypted:	false
MD5:	D40687AA08D1343FE69A923CF8E838A9
SHA1:	A45FBD9C19B1BBCA7E3374FD9D077BE502A33ED9
SHA-256:	E1E9E1383243B344DA2332FC6CA6C3B877FD1967A4BD7525A88EA47109EE6D61
SHA-512:	D3BB272B1877F058271C70A5709295639E8A4D8F643D592FB44D78E7DEBAC1148B6C6C9E8AD3E15CC6490BE0E8631FAA27DBB202639835E08AEEA7A323AAFBBD
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\NWP-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2547
Entropy (8bit):	5.263924743453009
Encrypted:	false
MD5:	FEB38BB77F0327DACC23F63C2F60DEAC
SHA1:	442CF2FABFCB8DF8C9E61CC80405A3F7CB5EBA79
SHA-256:	DAC62AC66EEE519779E6237D4140C012F75C1E0D0FB41CD82A6306700DDB3528
SHA-512:	840E340707B30BFC2CD5ED41A771D8D3BB60F60AB2940CD48FC4BE33C24DFBDBBA0709C1E3FE855877B7A532BE470B6C153E2F3EE4E735F8452EE3ED27123980
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\RKSJ-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	4153
Entropy (8bit):	5.077166849228711
Encrypted:	false
MD5:	55B09FB8F6E642787FFA0A6D2A263385
SHA1:	ECD18DF103B54C90FBA9AC34962BE427DFA12A26
SHA-256:	DBB395F60BADE10D29792148F12E80D251D68917A6F4A4D5C1A8EF0422D03D95
SHA-512:	D4A5BFE4A75A8D70BA917B223BCD67BAE5E1CE7A38D981E8ED358A86432B297A6898C42975A6826F8FFA85404C9F823E661F2D03F2A9E26917E168D7C98E4571
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\RKSJ-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2153
Entropy (8bit):	5.320139721409299
Encrypted:	false
MD5:	2F9D994EC2595A1B318B8DE817A18161
SHA1:	896837F7A15F728C680DB3A99B7CBBCEE094DF19
SHA-256:	8D4CE431B52B22803A303443599AA43FE939981E64277C4FCF2A2D0E5B5DB8CB
SHA-512:	100D5DE0391F0A4005F4909859B9AAA8E73B6D43781BE2BFBA30671C4147CCADC2A1FEB6CEFCC719693EC6A8389B8ED2E2A56F5898225D3F2A22516E828BFD74
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\Roman
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1586
Entropy (8bit):	5.042207692223801
Encrypted:	false
MD5:	4111BB57E854AB9D2546F0AD6D42C72B
SHA1:	0C8D7709D3BA1706BE39EB5F7BA0EDD52515556F
SHA-256:	CB9C014F6DB249861F96B3B26E5F04F281A18FAEF55995CAD943806A1013769F
SHA-512:	6C7826217869F692DC3D86BB2AAB27B04FBFBCF91B000CCF18C295845A9A7F59043B367834FD3118AF7700ED2FF04313B2594BEEADD585C3B62AA78E7CDEAF80
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\TCVN-RKSJ-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2380
Entropy (8bit):	5.263520167564877
Encrypted:	false
MD5:	CBEEBABB26E591EE532B11CB73CFEC43
SHA1:	F211681F71D6718FE1FA60D25F0592717A4696F1
SHA-256:	5666ADC55D01CDF5D452B4C822A45DBAB4F62ED8586D328DA44D0756E7BC899C
SHA-512:	69EAB59F247C494D52B957A72F5A77BCA1E847FA710D6402F61BA1A4BBD821273D1511896C35CE2B5D0F49018EB895F2F41869325D5114B13AED56774437BC7F
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UCS2-90ms-RKSJ
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	155399
Entropy (8bit):	4.242856384939542
Encrypted:	false
MD5:	D56B9ADAFDE9ABD3DF6BF664588DC790
SHA1:	AA45AE16501D394DD637C3B9CB5E319A13B8DB06
SHA-256:	BD4D48DC7F1AC11E0721E02661D0BA5E5615D016E88BB7353999B3C7B47FEB5B
SHA-512:	DF0D423559A524123701F9A60860CF7388A40CE9A31E89595946BCD461D84FBFDA6E9C4227E40BF47247069053E721FE45194B3D07188FFCA3703EEE3D773374
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UCS2-90pv-RKSJ
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	148339
Entropy (8bit):	4.3318556264481884
Encrypted:	false
MD5:	EF1DA4664CEF8EE9C8CB9999838B905F
SHA1:	EB583ABEA39B4DD6F4DD15CBB217B82187C25E72
SHA-256:	169DD3B9FC04FC9AFFEE1C0C0DA39F2B8805A0C50D3267A1032D92B44524BE56
SHA-512:	8B416B52C79D43D89BEF5F71A09168EF2F6E9CE38E0F028C77042C3DB5D52C99E72974144BD846A9FA7282CF28ECA00FE7739554AE6DAFEDF78327D69BB3795E
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UCS2-B5pc
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	284931
Entropy (8bit):	4.3311065920001655
Encrypted:	false
MD5:	2AC4473268AA3883409239CC74451EF0
SHA1:	9800B2A2A93EBCD15A963459F06A0D0E5F3159B7
SHA-256:	C42AA41982385CABCD20CA0AE25258181102FBD3C259DCCFCA61F83CEA21A7FB
SHA-512:	C8F46DD07905FDA58F47D7F44486C7997E79A942B4C45FD0D63F7DE74F6AA30456DCBFAAD3A302ED512DEB560874B339D24EED8375326BBE5A9F35F53BC1244D
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UCS2-ETen-B5
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	299283
Entropy (8bit):	4.241902328503285
Encrypted:	false
MD5:	754B42D9E530CDEA90C79B6EE1BE0142
SHA1:	E7B850F968A0AD95B400A139C699D1226A0E29EE
SHA-256:	B71C0E4055409236AFA6ABFEEBC0283BEC048244EE4069EE1EC7DDD2B4502B2F
SHA-512:	78D47FF05FD5B7858116D12C247B5DD14A2FA149AE2ACA001EB47DB25029CF2AA86D1F88670AF0847604F52B19FDEF9BC57F262E3F1C7DF3091373B112E7A6B5
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UCS2-GBK-EUC
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	243835
Entropy (8bit):	4.336925781445846
Encrypted:	false
MD5:	FB9D6CD4449EC7478EE8AD1BD7465BF5
SHA1:	3D42495890E0F2ACC6B564EAA79FE020FDD2FC79
SHA-256:	66CDCAED3AA94525C59A82A39A93B96885883BFFADEA1E572464D559D21443A6
SHA-512:	259467113CDA70BA8D399E233BEF8A718F76BC6B977AC54C216BD53796A8003E7A7276031388E282F1F4430FC2FCD269B06341F2082A9442A65BBCCDEB767EB1
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UCS2-GBpc-EUC
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	197163
Entropy (8bit):	4.253314775166157
Encrypted:	false
MD5:	921010A894AC4AE64E56931D20148DB7
SHA1:	E4E8E22AD0F62F599E60495B1D38500482F25962
SHA-256:	6A584B8F4AF6ADFAC140E84A768BAD20B6DE1B836CB2A7A719EE4BAE3C460BAC
SHA-512:	A29419B27881898683A6B1A0FD8061CCBA943DB3AA80A111D693A637F23379D75EC14F7A1D59C6CECD87B3A0003910F0500480F22101EF1D885F22D04BABF02E
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UCS2-KSCms-UHC
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	196449
Entropy (8bit):	4.343952717366614
Encrypted:	false
MD5:	CBC0E418EED9C7439A0C20D1A37BE34A
SHA1:	FF6A67D158890D492ECED82DBB438A675FAA8BC7
SHA-256:	C484780400979E2781AC80FD1490D46F03939DCA4E5089C7B15155B3A7592CDD
SHA-512:	C2D65F2D78D9C8171F82CD25788FBF1D7FC22A532C9377D802F8D961FB397D2EAC06310BE0CD1D0815D023DEAFB97D43CB4930294F98F8099DA83182D28B78F8
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UCS2-KSCpc-EUC
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	153399
Entropy (8bit):	4.356654132376922
Encrypted:	false
MD5:	5488D7905B30905D38BDEABB03DFB1C0
SHA1:	FE7A1C6338C502B8AC0A0A3E9F27BAAADFD3CC73
SHA-256:	72A0ADA59B9A901B7DEF1F6E2DA0DF34DB8FBB863DBC54978A9A238E9301DA7B
SHA-512:	73BAF9A84B4D65A9BF8B3213681412F2EBD093C6AD3A2BA79641617B742145CCDDED0C2C2313B2D4BF15DE245845E22AF323C3FF56ADBE8637B0713F5F766AEB
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniCNS-UCS2-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	342160
Entropy (8bit):	4.2730542936682845
Encrypted:	false
MD5:	A21BCDD94A204F75C17D5E0F5324DBF9
SHA1:	9FA17AF19DE550B3BB9BD3E6BE28D968B8124898
SHA-256:	90E331882744A7B863D3E2DDD59F9E8C3B8EEA3C1CAF17CD6628476AB9B3F92A
SHA-512:	2831CE1222D9590939350E30A692CA513FE48BBD4B07E4F19BFD53C6A28F083BFF7817022EF91984344D6F60345A233AFC78DF53D0D88293504521CFEDA35ED0
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniCNS-UCS2-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1880
Entropy (8bit):	5.23473987487505
Encrypted:	false
MD5:	548AC5801DD3665ED90695A90FCD1008
SHA1:	BBDBC8DD7046ECDFA98BE6DD0CB06F9134A842FE
SHA-256:	6D6DA86BEFBD382B6708204EB6F6C73325374836210249A4954341E639C70F17
SHA-512:	3606B135DA8ECF1E10FFE1C374BACC608047AAF39B6EAB83480CAEC5439FA266A45C89BFD511CC19F2079B4564069CF44F3EB7E82F45AFB33E5E6EB92CCC2F97
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniCNS-UTF16-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	269545
Entropy (8bit):	4.313878529955596
Encrypted:	false
MD5:	CDB58A82BD5F49AB74D788995677A3CD
SHA1:	8721C57F3CFCCDC2F28C39E800EC9D4832986446
SHA-256:	90D351CE24BCF416F256D8EC6BB1AA2E19F970007B33E3D484D213C91FFC2BCB
SHA-512:	031287B64C5ED15A4CE0B0A4D226443F8589729B53E653FC54864C00007CD58602BED4A8B43F77B741384BE44E5BEEC05D5B6BDB70AB08EDD79751BF5107FBF8
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniCNS-UTF16-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1873
Entropy (8bit):	5.248167321456996
Encrypted:	false
MD5:	88922CA4806C9F2494AFFAAD63B325B0
SHA1:	5FB976D94332A71C57A940B3050E32D6DB1E217D
SHA-256:	865C477FB8E75544F84FEFE0D22233B59A5D760A32268B817267A8A7DF848FB0
SHA-512:	93040D44544C7C80B7C5D21DADAFD02B76C4E835F90416CA44A89E05C9A67978CA609B8A94B785962DB01749874DB73219377F79D86B72FEF97391D228ECA3A6
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniCNS-UTF32-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	340635
Entropy (8bit):	3.9595464078940044
Encrypted:	false
MD5:	CA5F895FCEA65214B3E9393F062BF409
SHA1:	13D19511E6F668E355055930D438328A2506FF7C
SHA-256:	ECB75434485C5BDE7F0FFF816E9A9027C26B918C42EFA9D68F9ED60C53C6C55F
SHA-512:	D054D0651EC4EE9B500614D9CAEE31848AE1D7DFB77FF022F7248268FCC118D8E681A65BF1AD35BD4B692F96A7F422D466ECA72BE5151E6B4430FF5B47FAFFE8
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniCNS-UTF32-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1953
Entropy (8bit):	5.22078975065784
Encrypted:	false
MD5:	27DED79324EDC1D91AD067EFD39C83AE
SHA1:	3F5C079F0F88C3D4AEB9A2D56353EDF45A19A230
SHA-256:	2530C99DD6E959E0E26FEFE04F9C2E9DF9C68F07B9DBBF26591F11F48119189F
SHA-512:	05FF1DEE19F46F9CED7C6FEF46ECFDAEAF4D89CA7DD73AF4B999FBF2D882BD93FB36602A1BE1EBBED0586350495154E7D09D9A3367F48A7014B8B05B3CF3A627
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniCNS-UTF8-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	306259
Entropy (8bit):	4.320683223546382
Encrypted:	false
MD5:	3F97CDFA4A0420DE437A56338CDCA577
SHA1:	AC2B017CB10BFB11FEE27D81B564B098908069EE
SHA-256:	A18C59FC24278F0688A89E5A4B4C0263A659A08C78F2397EF99CB8FC07CD5250
SHA-512:	9787BC975BC8B369A852FE800ACD77CDD5F9435F5C57CCB58B54BE601DA62E0D0C47871B3B0B6A4DD08E0D85B2DE1267D6E8129162E9569CF10D0A5918160B7F
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniCNS-UTF8-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1909
Entropy (8bit):	5.250621973359895
Encrypted:	false
MD5:	9BCB3CA19921A043EDF33EA7162F1C0A
SHA1:	E35443909118DAA63E5751E0A6E4B9929D062D53
SHA-256:	05F13B6E5511B0D058790FB1A439951B549F9B3417D754B2F20B77E49849DB21
SHA-512:	1F05564F6897A6773AE9A25EF8844543505F96F6C279510AE3D89847167C281DAB47CDFBECB8FF82D46B121B22169EF10F4852481DE7FA28551B2EAA430C99C3
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniGB-UCS2-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	287523
Entropy (8bit):	4.274529765590965
Encrypted:	false
MD5:	17828A744C2BC343722EA7E77D68098B
SHA1:	11EF2E024640356B169C14DE676BC987709D540E
SHA-256:	2EE34445E6C81BA43B65E7DB0A837D4CCCBF0EC5BD4AFF30C43D0E24DB97A2E9
SHA-512:	59DEE1E69477C99313FF5E614126AA8808240B61022613455210F397FF9E14EB30C7EB9CB0848A697DA2B0A44EFBD25B6FD1D549EDCB0B9F75C4A639BFF75EE7
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniGB-UCS2-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2087
Entropy (8bit):	5.299857168721032
Encrypted:	false
MD5:	5CFBE2410539165271422E4F51667859
SHA1:	70B370CDA595AD66B5E608A1E560444AB4D24E1B
SHA-256:	7748F9522328CE8BD1A84C005D0A654FF34D7F1AE2DE03B9E2A58960FA4FE404
SHA-512:	1CF16BBF3E91A555E487C2857F72EF3E85B81F9B42B58030981CFE5EE6164AADBF46D727097C98E37610377489A350607B15C936BA0ABF4E1EC3AA6356E7CF83
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniGB-UTF16-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	213047
Entropy (8bit):	4.300935683079113
Encrypted:	false
MD5:	6FF86A3E70BFDDE6D5837C4BE19FF648
SHA1:	8DEB27FE8EA61CCE895CA39AA940B0C1EC9C2573
SHA-256:	4CD9CDE766C87866C0D30872560FC86F4DAB63D1E4A5C19CF014ADD24544FFD4
SHA-512:	F52F1AD56A0D07A3850A793EA7361E1E11EC36704EF5CF0366C69FE2749B8335886D5004568EB0E1C182A2DF05340B2C99AD49FC9396A7F45C5EC11076DBB993
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniGB-UTF16-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1984
Entropy (8bit):	5.304679598394721
Encrypted:	false
MD5:	6415FB66C2D9DB6949609FDA991FB109
SHA1:	4E12757DE14BE2BCB32618873C8BF5BA6B6E3D42
SHA-256:	B1C52178C72F804E817D90189E056E8A9AAFB37C39F49E1DACFFBE5697D8D80F
SHA-512:	3495FAD3942B9283FBCC11CB54C6A30181EC4DCF181143E08FE3137348E9ABE436460A472BCC0912C0EB600D0626041086555DDA4D10F46FFB420DFC09A25559
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniGB-UTF32-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	280925
Entropy (8bit):	3.917742695097352
Encrypted:	false
MD5:	1FC6D775C745C1508700379D1018AC7F
SHA1:	C839360A53A57D5234105F845D051AFD3022BAF9
SHA-256:	19644C394963B370B8B6762917CDE581A7D014EF1B947B45E310974F5E5AD710
SHA-512:	63C3F68C2023272C72AC18E5562F1803D142B04301CBE40F08D1778F3A2649B6C89390ADB93DEA630DF5224D538A19CF2E3541C0ACAC9053410D520C4F7D9F9F
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniGB-UTF32-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2100
Entropy (8bit):	5.257978580583889
Encrypted:	false
MD5:	B038969B37A41102A5B7E80B11C79112
SHA1:	68818481A869E954B487748D0E532323CF70F53F
SHA-256:	C098CA7B76F9FC64A790A27953B5948BFFF3B367BB29084074B4658B8D320CFC
SHA-512:	C609D7CCDA06AB6D5920119F05C918CE0EC970C8B01AFD56B3667E90A6AFD5D49771B9FB96C066066EA7105243444FA54F3CF0AFE50B49E89F548E57062FA17C
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniGB-UTF8-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	251083
Entropy (8bit):	4.301239921561059
Encrypted:	false
MD5:	3AC73F1FFE446A826609E78450FE5FC6
SHA1:	B26F7082FAC26B79E2ACBECF1594393AF679E997
SHA-256:	89FD580160CD53576353B4053B169B48F529097BFCB9D281D944E641E3D8245A
SHA-512:	7B3AFF56BD33F075D6A47E443C6CB2203041B9547EDA8D39C98C2094468A9EBC0073BE8342A5911A5E77422C595D2B0D759724381A8D81ED130B8623D74A55FE
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniGB-UTF8-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2038
Entropy (8bit):	5.302193247585131
Encrypted:	false
MD5:	70CF18BBA600CB04C6CF4A912C1C204A
SHA1:	472F6E4B61B6CFCD9D659519888BC19C15906078
SHA-256:	8C8B88D93B9A08CB10422A925A51B63EBAD0A71FABBFA00C81B6FFDD77E2DEFE
SHA-512:	C0DFD48795439795838C1C65297AF055CFF231E22090257585F63750FF75E992ACADB30B4943BA6EF7B744D3A02E222D706E67DF7F82128807840AAB22296FB0
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniHojo-UCS2-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	86847
Entropy (8bit):	4.328125749969227
Encrypted:	false
MD5:	1EEB47AC4A2FCC3BFCC40B4D712D0C4A
SHA1:	2E0BFFA4B518BA2E318385158321C557503073A9
SHA-256:	5C8DAF2603CB2EE7EF2FB53208AEA16C35A3818D088EEAC7064422135EEAABE4
SHA-512:	1D097FBDACD758F5629D7D7D79447624141092CADE20F54CFE58A852E81AD2EB7E87CAA0F90489B659DEA03404B4FFDBD51A2B9D70105DFD9405ABF423A26E3A
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniHojo-UCS2-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1608
Entropy (8bit):	5.069327749525256
Encrypted:	false
MD5:	716A16A6ECF309608479B6068CDB0FF1
SHA1:	AB59746868DAD5097A3EC724F2CC3B4D39FDA35E
SHA-256:	39B186E8A87636048C7676507845D315C57088BA0BF48717AC3696F00AB579F1
SHA-512:	2991B1B5D04C875B700D2E53E1FB2F07EC45B9010BD642F4ACED2C151B5C2783E537FFE43628C2CCA1D0C4417935D81968750E5FDFA18ADA5BDC206A9F7C4265
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniHojo-UTF16-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	66235
Entropy (8bit):	4.371822873277456
Encrypted:	false
MD5:	F330E2F653AB4CDB4D63A533CDAEB129
SHA1:	3B7C4EC513238F1E45A6A9329DA3A6E056A5BDD6
SHA-256:	5EB4D18531D032C7F50441948111D7CBC99B9FF973C49B659BD8E1223B4B98C9
SHA-512:	945F4B059671760D8B8B239923281FED4DECFB6127C5384A265F9CEEE265CF722C5A242B0AB4B6E68FB867015AFF3B9681AC912807486FDC3B979E671A483AF4
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniHojo-UTF16-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1614
Entropy (8bit):	5.094709891221763
Encrypted:	false
MD5:	05B11D93A9E9E18E3898FA5526047B08
SHA1:	3AE1ED46A76B7238DEBE30373E35260F581DB11B
SHA-256:	8613A96C03843EBACAD2013FEAB80FA4B617B076CE5A1445DB589EFB06FA9A8A
SHA-512:	4FA77A45E2C8885AB05BA728E1AF6B19EF22F12668C24F6D373C8BB5419215CE20A473D6B83114E53A7BA2CF7A3D8139FCAB60A99957272E32C59DEB8D7E8B25
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniHojo-UTF32-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	88102
Entropy (8bit):	3.951114023197564
Encrypted:	false
MD5:	6440AA23E53A388D4494122FA805A012
SHA1:	32E8F1B166DA0C2671FE9B50EDA4E5CF169B64F2
SHA-256:	A7EF0F22AB5D04D6943DD3B9770B5212AD91858D8C5B7AA9CDD13907D37D14A0
SHA-512:	33DFD945762947EF1C4972C0AEEA6B2309811B987DAAE47DB38890D0B911467D659C0AC56C55F03C6AB3B4DF1159FDC6D5962A4097B9DD9F650C10753CDAA5E7
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniHojo-UTF32-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1614
Entropy (8bit):	5.08912616606313
Encrypted:	false
MD5:	43C807718E44DF53B52F05488A53A27E
SHA1:	18EA92B89062918D3D495A76742F0A00006C8B67
SHA-256:	FFB88786C9E3E13645DBED0CBC3CE29D9625AC00A74E339CBEB637ADF819BBCC
SHA-512:	FBCC13AD27740D94A73856F96E52076D440D90C134073C6DD7ED1310DC5516498700F87231854844223F3422E5A6D8141DE50EF3B45068920BB3B674A4FFF491
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniHojo-UTF8-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	77011
Entropy (8bit):	4.365401914050422
Encrypted:	false
MD5:	4C890657940DD3573EA4B449B6751625
SHA1:	1D7E599B763CC6472855600B95BA831B3A10F725
SHA-256:	03A49209B271944EA4F47EEE7C0358F5F5E93F849200901D14CEC2E9AFDA4AE6
SHA-512:	BCE12A7A59C96CD89FA9415477492CBF783A2D21D9436D9A578FCF5583AE0F8B859CC099FD2D1B5EE8A379EAFB89BD4F963E3A334968E1F0EEA5E7C003AD11C8
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniHojo-UTF8-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1610
Entropy (8bit):	5.08924320560147
Encrypted:	false
MD5:	0723E1E38A149B32860552CA89BAF2B7
SHA1:	303D4A8FBFF31B61ECB4F7F7BA92B4C8BCEF12CE
SHA-256:	25225AEA8375D0D2E3DF9A9EF095DC8D14BDD1276ADEE4245D55BD9280E411BB
SHA-512:	4E2B36F2D23B3BC3A122AFA9307DD5FB70F305559C4822048005AB8F86E4168AC395DACCE4710A57690CAC38EBC00EF592FDD1F684EE5E163DAC7CE805BF0B59
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniJIS-UCS2-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	176286
Entropy (8bit):	4.292461634127076
Encrypted:	false
MD5:	615A0C6182605775509FE68203D70A4E
SHA1:	2ACAA80C03657AFCD3C725D73BCA33CEB4052160
SHA-256:	59C21B6B6A4AF76787238D13BD2925FB38DB31AD8A86FBA96195CCD259924223
SHA-512:	694C4BA6793445E0DF646FFB8BE6E19B3A29E57B34F142573BF1F09C46339E1DD184B0BD06F99009E5851C9A924BA69CD049018EA9D135E188B8DB9FC388FEFB
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniJIS-UCS2-HW-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1720
Entropy (8bit):	5.165407367060148
Encrypted:	false
MD5:	025D3DAEFA97018454B6F3F2EA74549D
SHA1:	7310EF874D4F9ECF2676427566A80AA2DCDCE7F9
SHA-256:	7AA8935D45A8649C3F5A498C1C408B377578D93551AD1D343230323A8561D50C
SHA-512:	457889D801F746251AF02FC35B81F0C3DFDA8055466FC0E479FAE32D2A24027442A1FABD75E0952D0DF974885701C30F00B5E86D878B1162FBDF5C907AF265A5
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniJIS-UCS2-HW-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	5689
Entropy (8bit):	4.8983217052529415
Encrypted:	false
MD5:	84A4E59679528CB8542AC56A02EAB587
SHA1:	0925783B0D02F68BCA3AC743E04687BBA0106638
SHA-256:	CDC9E3BD5558C28E0A29D65E8F2A2518A812D447F6445FC0E4C4EA8F18A26FCD
SHA-512:	D4B863062ECDDBB37E21FAED9B75CB5263D5AF4A84A9A5A34E26BE62ADEA2C647E8559080DD0CC955D9873E7FA06A748845CA0920F4511BF15E4C3F6B5DA00F1
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniJIS-UCS2-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	5603
Entropy (8bit):	4.897660713556138
Encrypted:	false
MD5:	AA61A597F117286D4378B9D5E8C16C58
SHA1:	7A1E922DA4388C39462CE7A243BFA1470B183EC9
SHA-256:	0F796C64E7F4D2E87741FEBA9439CCA05DE8FB63FB3BDDA4A7F7FE909DC65024
SHA-512:	0CB1BA5FD7D955553A1A723601201528F7DEBF20D74E970162A336FE1C9DD8CC95B97DDC393BFD7BDA11BF7894882D63BB07EECA36FB012A8D30586D311DB125
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniJIS-UTF16-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	199855
Entropy (8bit):	4.305611813573853
Encrypted:	false
MD5:	F9A777F29B47578C00BB021824B8521D
SHA1:	10972960EAE2E95E1B14913F69AEE92B0BBBF919
SHA-256:	8344C1E921F752BD2E3744E02812F991201AB047C85CA7BA76C964F3D2ECCCE9
SHA-512:	E83F253E51A0027DA18EA97BA495D2CC1D5C7F1E5448BFD11E2CB4B7373AD81E6EC6ED070816FF5AC8AEAB134ED6B2FF4E110858A6D1A18C98BF27662F35BF35
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniJIS-UTF16-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	4811
Entropy (8bit):	5.035060306800504
Encrypted:	false
MD5:	B11291E3A91DAA915DFCDF41EC40B922
SHA1:	AAF761BED9271E78828543BEADB57EA11B10BC78
SHA-256:	4AFF86274E7A296D8325687EE5CB55981F81172DCACBA3B7440401F804680BF8
SHA-512:	483E934A139EA324DBD0EBEB6E153103D8BD5ECDB7D83B6AFAFC4DF775FED37109688A9823ED0AF07BD97C6E92AA6474472E0C209291C8F923F829EA0F3469C7
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniJIS-UTF32-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	256849
Entropy (8bit):	3.95902410786955
Encrypted:	false
MD5:	492C550DF29AB3A9C2BD1146BD27CF8B
SHA1:	6019080305D2F974ADAFAA743F2EFAE98EC7D8DD
SHA-256:	1189889C10E5F53E9AF64E01AB4E6B7313525BD085813263E4BEF71C58412712
SHA-512:	7B2BA33E274C469C83AF9B5B8E59A7BDD63B81AB075FEE23CBFCFB969749C2776F4EEB36B27D919F476AB6CACA2786CD5EDD0A77D19818F06884A60983091552
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniJIS-UTF32-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	5819
Entropy (8bit):	4.698209865078146
Encrypted:	false
MD5:	4E9E42C38250131493181B614C3CCFBB
SHA1:	E985977B0A348481C747A27115797874AE140FF4
SHA-256:	33BECCB583CCE75366FAFDCEA5999D7DDD37F8E6DF3BFDE32948D0B09E429128
SHA-512:	089D41B6241AC73CE89B1F80C6A7BA469841A69B80F41BD8106B061586D600CDC76EB5B6464496581D3F65B73FF52F89661162E92CB23FAD786D3EEEB08B0FAC
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniJIS-UTF8-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	227939
Entropy (8bit):	4.326682048893798
Encrypted:	false
MD5:	257741ACCC203D379C5CE9B534CF1A93
SHA1:	77D44CFC7EA65175A0276F0EC6D349E3F8B96102
SHA-256:	F4FE395F4C45581761DAD7AC3753F516A9C2AACBF1D9DB463E8E6D717C3EB267
SHA-512:	CDB0F0D7A1E760D699B68F0388CFC1EC734D99650D40A4B8600C9452A4CBA7B40B981D8B047A82F8DB6CE458ECE90A927FFC6015B8A4AE6E9DCE1FAD893D5A6A
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniJIS-UTF8-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	5325
Entropy (8bit):	5.013568019242206
Encrypted:	false
MD5:	861CA65BA600B8F6210575A72E8EC803
SHA1:	1698DE2109EA15F61D68C175D4C802CA97475059
SHA-256:	DEBDFCE54A5E0860E476565B0AE76DE17F182DFECFC294A385D7FAB60875A035
SHA-512:	78D548ECAABDBB55FDE6582338D3C72B2562DC90D850EDCB23C30F2434629616DFBC3D9ACA9A3EE9BA34DABA1839FC64EFE8C858C16A2432A259304935039F67
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniJIS2004-UTF16-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	199938
Entropy (8bit):	4.305567972151814
Encrypted:	false
MD5:	CE0F93F189F12F910099058598592699
SHA1:	337B2C1ECE2BA92D2F77FD2FF3AEBFBC4A44DA67
SHA-256:	E09D628EBC0D74641CACF09E319A55FEA82BE767DBFC8C7605413EE58651C277
SHA-512:	7EE595F8A7BDE3011838FAE622EA7D314797BD489F9998EFE57851D2E94E166AC91A19DA3ECA08EBE7EAD654F96E0D258CF18CFE9CC1E2CD657A28495F3BD085
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniJIS2004-UTF16-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	4835
Entropy (8bit):	5.03387344930008
Encrypted:	false
MD5:	B0A04A62D045DA3A327AB19063B7DCD1
SHA1:	7CD22F0343A413822D33710E67A82AADF511FEC8
SHA-256:	51B42F68392B205A64A7754E589A324EAAA8FBE897F580E1A2017DECA775DEC5
SHA-512:	04D89188352C8FE73BD79172AC3797CE1D666501AAC8B41F006469B4070B77AFC5C8DA237EA3DDD732CCCF4A109109B22B57AE991512FFF0310DECD8DCBD4FC8
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniJIS2004-UTF32-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	256932
Entropy (8bit):	3.9589157587122905
Encrypted:	false
MD5:	D04A25104BB9F4968152017A081759A7
SHA1:	CEABC2FDB076ED91D45C4ADB03822D2CA5902684
SHA-256:	9A9732B2D6D039366D7C59F6072C2AF3413DC543A74F7A3663D27942DE674F74
SHA-512:	ABBBCB606EDA85873C49FA30BCD3C0475B41D30C247D50E02AC9E192EB364D1340FA577EC85F3D0479AC99A6997EFBA1BDF6DD20219874F6093D7E7877237414
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniJIS2004-UTF32-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	5843
Entropy (8bit):	4.6939564142070775
Encrypted:	false
MD5:	124B4C4D5DD50326120D96DFE28A34F7
SHA1:	139A32AA3E336510AA1135A02D3D454036BF1C1F
SHA-256:	229C3F8F3B6B02B00072C1F60EE9DDD57F01BB7965D13F4D09ECE342D99F8179
SHA-512:	C793FDF4A11DFAA75D2BA9FE083BB586FC7C2F1B6315106F21BC25B5EA3F106F1DACEC0FBDD8B9390302006398BA035F29EFA4BDAEE17A86E819F9D787B1F6E2
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniJIS2004-UTF8-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	228020
Entropy (8bit):	4.32665640510134
Encrypted:	false
MD5:	636AB1CB8ECF60ABE52350F9C712F213
SHA1:	BC17406A586B87516C26F4373CAA75BAF8112A0F
SHA-256:	C067901B9FB7BBCEDA80C3E99EFE8409BFFE013F64BCF465E757D848E9004726
SHA-512:	2EE67CDAEC4F0205F6687D2BD25E1471E1D8F6F70B60FDEEBD96D55A81AC4E7FE7AD12E0EF1736ACE8B9D8AF191762D79FFD00CE0785FCDD3629414FF7F9311D
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniJIS2004-UTF8-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	5347
Entropy (8bit):	5.014526648366378
Encrypted:	false
MD5:	66B835C486DD66BEE0CD8F776EEDC05B
SHA1:	DAEBDFFA6065824A928115844C0DBEEA46A6A396
SHA-256:	21631C9450B54A8E1153458658892083653129C29C9C8EE97D2C36EDBB2C53D6
SHA-512:	A6ACA9F83CBC0CADB3013C6D30FE23C3428097A31A020F559756E8E8B6500FF107155B9D8D50DB1E89489C71C2719E8F76370E38FCE2C0D6FD9DC52DA5636661
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniJISPro-UCS2-HW-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	5835
Entropy (8bit):	4.89630082807334
Encrypted:	false
MD5:	0594AFF523D6B39C6A1D193326E4D624
SHA1:	45E3A25CD1E83A137284041D0BB73E474A9F3AC5
SHA-256:	58CBA2D02913D3340B9CC0925B5FF9F5C4F2D7E64D1D9B7FD8518C18874D93D4
SHA-512:	D6EF6A9F12B3BEBF99165B7BA5FF27440DD663F87038E2666B75EAFEFA71E46DF91DC948E611E0906398E29B46B378BB601D39A68B1E94DDB6E69F5B6077F1F4
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniJISPro-UCS2-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	5717
Entropy (8bit):	4.891421146685588
Encrypted:	false
MD5:	D34CF2291744B0934BBB62BC3EBA7D06
SHA1:	F9B52611B33FF025E24B9CF6B8FCCB7D4AD3CDAB
SHA-256:	9FB5979F7676F8B5D0CC9A0603DCFEF594BA7368BA587B262D1C347ACE9BCF9C
SHA-512:	348B3278946D1969D547D30403D4126254BA78645EE49B65F5AB6672913CD2951EA5C97BA9F4E7DDB4246660E0493334562DCBAA93D7BEDA99EE4B9331FF3A67
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniJISPro-UTF8-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	6570
Entropy (8bit):	4.890599361251587
Encrypted:	false
MD5:	31CFDEE82045A9910BA5A01B04F6BCB5
SHA1:	52DDE58A6EA04B8460E4D192D063C82BB524893F
SHA-256:	0D763E78C4734334ECADEC982F7C5CF9CC8581C5FB24BCB2936CC3DA0A2BDC36
SHA-512:	B6584CD1F303F30A0C508123F599F9760FAF6A5DBA6F6B58934DC32AEAFDFAA6ABCFC82843E3048E02699ACC57F1E5D7D28584EC7653A694C87EF12A4AA6DD87
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniJISX0213-UTF32-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	256833
Entropy (8bit):	3.959333334346598
Encrypted:	false
MD5:	8C5050A99A16AC81AB7B5D96F6A663E0
SHA1:	7A437CC3906EF09EAA0B158323222E3F7A6126CA
SHA-256:	3BF27F5E74CD00E3BCBD590ECFB7AF2E3F1A146182ADB01EE504A78BBD87928B
SHA-512:	469929289DA6109B9FF237F4F6DE3903AF46551C99CFA458E6504E453F3282D8568A3BF24FD87C890D13C0DC4D16D0D7182B62CCA2BFA747E5517D9097E2AFD3
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniJISX0213-UTF32-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	5871
Entropy (8bit):	4.700954274194678
Encrypted:	false
MD5:	E53FDB5A54FD6B4C55A75E725AEB2013
SHA1:	C2994730C1BA45427F9B76E22086DE22ACF34A97
SHA-256:	D8869BF12C60D778F2DC2B1C792346ABF8624C1733EF4C419FE7ACE8517CAC87
SHA-512:	FF78BA5E26B73ED61AFF0F71D077E852B18AB41A56071B0525D46D25601EE5C4802054F385E7C2ECEB120552BED7B3850AAE4890E308D3E327A0F05A4D3FBC0C
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniJISX02132004-UTF32-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	256916
Entropy (8bit):	3.959223602670921
Encrypted:	false
MD5:	881EC12DE7E46F0E8058934CA6F53150
SHA1:	DD4EBA67FBC5E1478ADE73C79FB900608D0ECFEB
SHA-256:	2F7FDE6BFDDE8D6C0CA818113E6A9EC4461CCD693B069583EB27F7FCEC66B6CA
SHA-512:	B245948082949224F92661E1D4A0FA06A9A020B2A6C59A331F0E51A25181ECFA5041DC7003A0D0EBCB3DA6C1DCD576D244637986A13F359F2F78D65D34F34F6F
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniJISX02132004-UTF32-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	5895
Entropy (8bit):	4.696113221815391
Encrypted:	false
MD5:	0A253F23F56451C5E78C06FD216E0759
SHA1:	6AC91F90062AF8DA43334A0F66378576BD5DCCE6
SHA-256:	62236B7C432490AB120DC7A7CBFADBB05D0F000934610E7FAC7C107BED2897B3
SHA-512:	6193635C7873C796B62953BDE3AF5DB353F33804A5DABD790CD417AA8700515A934FF7FF566586B35258F64D5317D43DE16BC0768ECD9A89EBFD7F12CE447375
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniKS-UCS2-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	173553
Entropy (8bit):	4.326073472806407
Encrypted:	false
MD5:	450D18A9109EF8FC9384B169AEDFC6CE
SHA1:	1EB525408D2B66E03F05341E9EE32AD26EC4FED8
SHA-256:	632B8EBD573A5FFCA327EE862627749390F1B364C489050E51FC9A0281E1E26E
SHA-512:	0E4952BF5ADBD9B9C9DFDE5BB50B2DE3532C7F70BC746639450EADA5378DAB62093A024E265DD527BFDFE952ECA5A35781129F54BB78143436A36ABCDFAB39F4
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniKS-UCS2-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1990
Entropy (8bit):	5.267738684297793
Encrypted:	false
MD5:	5E6017C34BAD0ED4ED6D863F4E610DB3
SHA1:	8643AD2916789650DB80B14AEEFDFB6D4B8617B5
SHA-256:	6CE58FBF05D3ED04C857AA8B4A2090EFF603524341C284120B2D0DD4A5B9FBE3
SHA-512:	4D6E194C3D1150E3D2B2A920E75C9A05393EFEA36E002780CEDA04486201D1DDA6E5DA0E0917A1FC9487CDA453B58ED721B1E5E190202AB94BC9D837524038A8
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniKS-UTF16-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	130616
Entropy (8bit):	4.365299194736789
Encrypted:	false
MD5:	E3CA61D5BB51D6F0376780D1E7709054
SHA1:	56B4FD151AA40F675D35648F57BE95884D6C7121
SHA-256:	0AC59E206A315364622D32C14C9179D52F2C6EB933A11E6841D21608C0B045E6
SHA-512:	2DCA25A1F66A10279A5D7409C664B41824A2F3AD8FF9FD24C583EDF1BA49C1F2B7D97136A8A18A2BA3A8DF28417AD70645BD8E8CB9C6D79D39DB44CBBF77A652
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniKS-UTF16-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1948
Entropy (8bit):	5.275259786163365
Encrypted:	false
MD5:	6ABAC6E643B224B565A1C2E777A76A7A
SHA1:	DE8B52B2F36F2ED8E2DD029DF19952015A7ED91A
SHA-256:	DB39A76D5644B8F2DFE92A75206EAA7A2ACBE12CBAF590B3CA01DCCAFEED35FD
SHA-512:	ED449E831974AE7B6CC9D1614A20632CF2D8D3F8C6177AC1C88A053BF89ECA9350170C958EC8668D7F713C80747EEF9D4A22B866D2284C828FE6C584DCC32673
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniKS-UTF32-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	172674
Entropy (8bit):	3.9649020199656326
Encrypted:	false
MD5:	79C921E6C42C39E5D3B0888F575C117B
SHA1:	83E9744973779D448288BA405A7AAB9A122FD766
SHA-256:	E978B70F56BAB9CC5F0339AE40D15AC00D52CBB34C974985BD5253DEB4697BA7
SHA-512:	2A255CD269EA8B911D95C13610F7F5E5623F5EAD623F9C4FC3EFE75E406E423DB3D28B08B36B01DC57D3C515271FC6ACEF3A81AC92E9D27C6F874B19F4569039
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniKS-UTF32-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2048
Entropy (8bit):	5.231780978518259
Encrypted:	false
MD5:	F51260C496E29835FB17F0F940FDCEF1
SHA1:	7AF35BFFF56937FA3F943B6264A8EAFAE35894B0
SHA-256:	661659D6B1B0F1F9C5D7E1094EE7652220BBB8A57E7CC4A89AEE9CBC6E436144
SHA-512:	DA246CE2E9C154B8DB47C6C94DC0B402FAE1CCFFC86A3E4ACBB16A02CECFCCEC6566D1AE7273A15A83AF9DF8E0D68FB5A659954F2ECDDE5332D48870AB7DC436
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniKS-UTF8-H
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	153615
Entropy (8bit):	4.358920314658463
Encrypted:	false
MD5:	33FA542449D4AB409ECE865144F12B41
SHA1:	9E88E3D093414906C860D779E80C11242A30535F
SHA-256:	B5BA115433903DD5AD2EBED4BBAF10CAE3A4C1728A18A627768B681271FE5B26
SHA-512:	8613C8AB410AD3695F0F42618BC71AB91DF4F887673C878903C58F61E770C75CFC9050397DEC0621A036AF55BD2C5BE00B1D1A4BCCE45FE896C92D4B21489D69
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\UniKS-UTF8-V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	1994
Entropy (8bit):	5.262431056770368
Encrypted:	false
MD5:	269E18E1B882086190C678AD22644549
SHA1:	DABFB2D9019E58EFD69C0B24B30B4038120EA1E6
SHA-256:	8E6B0B6AAC36BF56125D96912264B3133FDD45511FFE026A8007A5C2A9E6DD89
SHA-512:	973C0367076EAD3777978C31D58D85E27FA93A8C9CD0A25A24574289A965FD6A53C8A3C7254D7F59C51399CD253FC03D16938D5001AA71BB6B58C1D27F5619DB
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\V
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2123
Entropy (8bit):	5.290168664613937
Encrypted:	false
MD5:	AF8AFDA03115FA1ECE89B52AFEEB809B
SHA1:	36F2FA666F4B6675B083542403B62BF746FF1B80
SHA-256:	D2CB0C90F343BB642F1ADB3D2B81EE61255E6A5B9348C0327165196665E93087
SHA-512:	7C98FC2B2A23255B126A2D43BE880A7919ED16D11888122C0BE0576AE07E5195A098E19B126A238CA4A200065472D9A12C14C9221C50419FBE2DF76E9D681B4F
Malicious:	false

C:\Program Files\PDFescape Desktop\resources\CMap\WP-Symbol
Process:	C:\Windows\System32\msiexec.exe
File Type:	PostScript document text conforming DSC level 3.0
Size (bytes):	2017
Entropy (8bit):	5.260388468147182
Encrypted:	false
MD5:	6BE2621EC3B73A3112D38E493BF70A5D
SHA1:	2A623AE026437DD6D84E025A0DA16375BC62F699
SHA-256:	B611EF849EAC1F851120CFFA386E324C021742FAED938F6D23EBBCF5D3C03B80
SHA-512:	B2C8E28C980684EC46DA34D8BE481B987EC334C74A948D3F4724BC04BBBAD2D2DC535F315E1B12BDEA50B1EA2783BC7258A5D668014F7FC8F0AB44E68270DD48
Malicious:	false

C:\System Volume Information\SPP\OnlineMetadataCache\{b8a4bf50-5f14-47a1-b675-770b43fb88c1}_OnDiskSnapshotProp
Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Size (bytes):	1640
Entropy (8bit):	3.7942182451899105
Encrypted:	false
MD5:	3570183F8D599627B9F99C408636BB87
SHA1:	5EF75C8908107B81E4E1EFBC9AF2E723EAE55E72
SHA-256:	C015DC48E2BC32E40382EDDFC931301F1AC37456C515CEC598A725D0EE1E5978
SHA-512:	C527088DAFC4D66ACB01E2154157BF553229939B5D929D784A6703F6FAAAD15A15B555A6030B78397D8F7D2B0CAA9FAB4AAED9149E0B2029D46F417A3FF0BA66
Malicious:	false

C:\System Volume Information\SPP\metadata-2
Process:	C:\Windows\System32\msiexec.exe
File Type:	SysEx File - Twister
Size (bytes):	8695656
Entropy (8bit):	3.671765504008917
Encrypted:	false
MD5:	D3C7626A331776BDDFA242290F108AA4
SHA1:	BDDA1ADBCCD8B3292689CA845CBA9C59C157DF3F
SHA-256:	423750238B63A00CECAFB4BED298884D7FA23E09C8A94B27D97389BAD0661A75
SHA-512:	E9B31AF26518D018F2384C842B5C2E1F24A8DE74B1FE70A238F283856F5941674398444D796B9058F77EB1CE3D46B785E4C896E695D259AFA2EA07DA6BF5B1C6
Malicious:	false

C:\System Volume Information\SPP\snapshot-2
Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Size (bytes):	1640
Entropy (8bit):	3.7942182451899105
Encrypted:	false
MD5:	3570183F8D599627B9F99C408636BB87
SHA1:	5EF75C8908107B81E4E1EFBC9AF2E723EAE55E72
SHA-256:	C015DC48E2BC32E40382EDDFC931301F1AC37456C515CEC598A725D0EE1E5978
SHA-512:	C527088DAFC4D66ACB01E2154157BF553229939B5D929D784A6703F6FAAAD15A15B555A6030B78397D8F7D2B0CAA9FAB4AAED9149E0B2029D46F417A3FF0BA66
Malicious:	false

C:\Users\user~1\AppData\Local\Temp\tmp2C70.tmp
Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Size (bytes):	12128040
Entropy (8bit):	7.072499339872984
Encrypted:	false
MD5:	7AE3CF85CEFD9B22BC615C579C64C78D
SHA1:	D5C6605E0DB98B82C8B68377BE05CB93C0F75354
SHA-256:	30FE86F3DDE314088C30C938EF11491BEF15FA1093139F13ADD7D232AF0E00AD
SHA-512:	A2C9B7FE5866C92F58D378103B8ED00DEE9072A0921EB8EA684CD1B1B919C67B463B178FC9698A1D5E5F3FA5F712065128C18262790F107AC829A38781850CEF
Malicious:	false

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GOPT6FQ2\PDFescape_Desktop_Installer_3.0.25.584[1].exe
Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Size (bytes):	12128040
Entropy (8bit):	7.072499339872984
Encrypted:	false
MD5:	7AE3CF85CEFD9B22BC615C579C64C78D
SHA1:	D5C6605E0DB98B82C8B68377BE05CB93C0F75354
SHA-256:	30FE86F3DDE314088C30C938EF11491BEF15FA1093139F13ADD7D232AF0E00AD
SHA-512:	A2C9B7FE5866C92F58D378103B8ED00DEE9072A0921EB8EA684CD1B1B919C67B463B178FC9698A1D5E5F3FA5F712065128C18262790F107AC829A38781850CEF
Malicious:	false

C:\Windows\Installer\51df1b.msi
Process:	C:\Windows\System32\msiexec.exe
File Type:	2
Size (bytes):	5918720
Entropy (8bit):	7.614219642054197
Encrypted:	false
MD5:	0AE326BF4B644C91F155C3D0BA23881F
SHA1:	FDB4F63AFED7DF811F88119C2D67B489C862A07F
SHA-256:	A69A40E9F57F029C056D817FE5CE2B3A1099235ECBB0BCC33207C9CFF5E8FFD0
SHA-512:	9E7B2B25BF76D2F9267765CA71DFF664B0A882F7545830DDDAEE242A3F81041848811DCC72AB2F262DD75F314A7924D2F6E87C143CCFC47187C8C13D8AB0790D
Malicious:	false

C:\Windows\Installer\51df1e.msi
Process:	C:\Windows\System32\msiexec.exe
File Type:	2
Size (bytes):	5918720
Entropy (8bit):	7.614219642054197
Encrypted:	false
MD5:	0AE326BF4B644C91F155C3D0BA23881F
SHA1:	FDB4F63AFED7DF811F88119C2D67B489C862A07F
SHA-256:	A69A40E9F57F029C056D817FE5CE2B3A1099235ECBB0BCC33207C9CFF5E8FFD0
SHA-512:	9E7B2B25BF76D2F9267765CA71DFF664B0A882F7545830DDDAEE242A3F81041848811DCC72AB2F262DD75F314A7924D2F6E87C143CCFC47187C8C13D8AB0790D
Malicious:	false

C:\Windows\Installer\MSIB0F.tmp
Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Size (bytes):	1495040
Entropy (8bit):	7.345857183478222
Encrypted:	false
MD5:	BD4C6C27F6AC138BC4510AC37612D69D
SHA1:	3A18C46002F3D29CD6432C04D50E0F38B1856D78
SHA-256:	BBB4EEAC7BAB3105F66D2ECAF54A7BDF5FAF51314B07C15CB315761C78088C4C
SHA-512:	2267B321B68C2DC783612E8F57FA63CCAAD24BDC3AC8E8ABF5AE4AECAC6AD5B59CF3D9984C0406E9594F68DA7B051A33747C8459F4685583679EF33A52C4EF28
Malicious:	false

C:\Windows\Installer\MSIE65E.tmp
Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Size (bytes):	1739142
Entropy (8bit):	7.059896446420154
Encrypted:	false
MD5:	59FC12CA8D488CFACDA98312A3CEA3BA
SHA1:	FDDF8FEBDA9AF20B7907A874161413863B72474D
SHA-256:	781316A9729E2D299776CAE5A4E2EFB5CEE828322D561A1D8D3E6E66CC0F75AB
SHA-512:	139DC24E7BB8E057D120957B6B92AE1847AB65B2A91204424E3893CFDB59F1F8288A1F25A65661B9F44BFE7D99898A7AD8456C8F6D454FEDA02938C99C817117
Malicious:	false

C:\Windows\Installer\{B52074CE-AD76-4FB0-A18E-750A76508F5E}\asian_icon
Process:	C:\Windows\System32\msiexec.exe
File Type:	MS Windows icon resource - 2 icons, 32x32, 256-colors
Size (bytes):	5430
Entropy (8bit):	2.7935461201627065
Encrypted:	false
MD5:	A6AE24B4C87C0E040853076E5880BD61
SHA1:	C73E6BE8BEB7A5228EBE9A5ED6BD6BC75B575EAD
SHA-256:	DE8139F169820CE675730A08DC43CBE52102FDA085C3B5A4FBE6D8AEEB781D9C
SHA-512:	E60120C5DE2C2F0A0B7D386986477D94DADFDEA06F6723013F125D0F6116CA5AF195286AB103118244863A1FDB8CD49A464FCB2B770DC21C3FF4079F9B6978E5
Malicious:	false

C:\Windows\Installer\{B52074CE-AD76-4FB0-A18E-750A76508F5E}\business_icon
Process:	C:\Windows\System32\msiexec.exe
File Type:	MS Windows icon resource - 2 icons, 32x32, 256-colors
Size (bytes):	5430
Entropy (8bit):	3.455108054254757
Encrypted:	false
MD5:	5CF2CF97464D3C6D6F68D689350E93BA
SHA1:	A3357EBE436EC046F18B9A7EA7E3FFF4E12778F5
SHA-256:	3928CD94D42C43256F1A1ECA345F0B4D1B5A80F8192047BC47E51EE95D564A7D
SHA-512:	8680C3502AC16B16ACF41453C8F1E4C4C0974ABF196D564A5EDC91FC56D8A8887129EC444E007C1033F9E972EC0427E66F3042F282ACB58576904F4CB3B14E69
Malicious:	false

C:\Windows\Installer\{B52074CE-AD76-4FB0-A18E-750A76508F5E}\convert_icon
Process:	C:\Windows\System32\msiexec.exe
File Type:	MS Windows icon resource - 2 icons, 32x32, 256-colors
Size (bytes):	5430
Entropy (8bit):	2.5098252332943107
Encrypted:	false
MD5:	C9C675EAB901EEA96A9851B15F8CEDBF
SHA1:	C94F96571841687095FDCF9F35A6A82BDA265574
SHA-256:	6D7137B5CF2E47D33C103FCD64B62B803EA46256C2233E5ADD7E9182B74D2EB1
SHA-512:	092F4A71D37CB43C829645AB8E5303651CBE1BAEAF1C79A4040EEC89D4532654B415B8E8D0A42FCDE18F7606FDC55ABCBA5F798CC8E839A0FDFBE12E7C91766E
Malicious:	false

C:\Windows\Installer\{B52074CE-AD76-4FB0-A18E-750A76508F5E}\create_icon
Process:	C:\Windows\System32\msiexec.exe
File Type:	MS Windows icon resource - 2 icons, 32x32, 256-colors
Size (bytes):	5430
Entropy (8bit):	2.7136514639317353
Encrypted:	false
MD5:	CB5E823548D126C3CB619C366AFEA166
SHA1:	E3E58D4E2FFA536B50D395C5F8824F4993E5A34F
SHA-256:	9B666B4B40760CD7CAEEDD12854B7ED36F690F0E9BBC1C78DDDE3A349311690C
SHA-512:	70D6B5DCAAF8B9DD7CB71C9A477A738A68AFB4F2E6110F23CEDA9DB2F43DEEA662C4C0486AEF9730D07F30C947E83E6C1C5C8C3E22642A55801DE3CBDA70AD5B
Malicious:	false

C:\Windows\Installer\{B52074CE-AD76-4FB0-A18E-750A76508F5E}\edit_icon
Process:	C:\Windows\System32\msiexec.exe
File Type:	MS Windows icon resource - 2 icons, 32x32, 256-colors
Size (bytes):	5430
Entropy (8bit):	2.636700546695164
Encrypted:	false
MD5:	8FA02747758971640D7963E2322FB2D2
SHA1:	B3DDA90B7CF0C1E44FF6C42E5E16D186CE73130C
SHA-256:	C81E0940E2AF2ADB1B0D791016615E528BA9AEB1E57D2EBAA1BD2F0B4125665A
SHA-512:	EA7A749EB365A950BB1AC8C92A86B2F3CBF066D05340F66462414A7E2C954F548412DFF90FD8AB3F2560CF8547D81F0010F825074EE442D0E7C4CB7A6B6FF919
Malicious:	false

C:\Windows\Installer\{B52074CE-AD76-4FB0-A18E-750A76508F5E}\enterprise_icon
Process:	C:\Windows\System32\msiexec.exe
File Type:	MS Windows icon resource - 3 icons, 16x16, 256-colors
Size (bytes):	15086
Entropy (8bit):	2.843565672700102
Encrypted:	false
MD5:	8509FE677E29239E33B3E67F824A9817
SHA1:	ECAC0C5587F9E713BB2E1C8D9AA62CB63CD4AB1A
SHA-256:	7273A9F16BD14EDA22FF1C40254A057C622C844D08CDDFEE7D2F4F40C82466B7
SHA-512:	C484201C03F1CD62B8899F40F16C41EA75BD80D0D56054C40E13BD3A07E27AA7A6A281487272120E94C155A7B3A5C71808093DBB4DD525096EB52FDEC057A18D
Malicious:	false

C:\Windows\Installer\{B52074CE-AD76-4FB0-A18E-750A76508F5E}\forms_icon
Process:	C:\Windows\System32\msiexec.exe
File Type:	MS Windows icon resource - 2 icons, 32x32, 256-colors
Size (bytes):	5430
Entropy (8bit):	2.6564981050759364
Encrypted:	false
MD5:	263385A959670C4AB535E44163CB4D08
SHA1:	55F898DF67565CC63AE0A7F9367BE38C6B24DAC6
SHA-256:	C9DC5E45D5A1C2138EE8160C6D8E144DD41E3589BE6DE3CB8DD9CAD619A78025
SHA-512:	C441F0F9D492A7FC914C6583C25EB3742217364DC752767AC76D06A6F70EFBBC7FBD809CABB3F07BC6B4869895FC6436CAAD6C97F8C84899B9C3807736C36A49
Malicious:	false

C:\Windows\Installer\{B52074CE-AD76-4FB0-A18E-750A76508F5E}\insert_icon
Process:	C:\Windows\System32\msiexec.exe
File Type:	MS Windows icon resource - 2 icons, 32x32, 256-colors
Size (bytes):	5430
Entropy (8bit):	2.4791650228626674
Encrypted:	false
MD5:	26E12ACD48CFFA243BADF1E1C8B9DE25
SHA1:	8D2C2CFE135A0D86830759EDD5C298E67042E202
SHA-256:	275AF7130A5EF3755203390E14CF79B08BCB7B4CFBA8197CFF67DCF58026346F
SHA-512:	C340C99C7EEDC988C8CB9EF6BBFA79BB5DF47863395AE1D15D238819E3C16294145263E6798804566223341AE8F6E02033A7864DC9696128AED5AB07DB04CAC6
Malicious:	false

C:\Windows\Installer\{B52074CE-AD76-4FB0-A18E-750A76508F5E}\install_icon
Process:	C:\Windows\System32\msiexec.exe
File Type:	MS Windows icon resource - 3 icons, 48x48, 256-colors
Size (bytes):	15086
Entropy (8bit):	2.845310458704127
Encrypted:	false
MD5:	DBD08C723280AA76EE98DAAB31A5EDD2
SHA1:	7A4130EBCD2431B83D85DD1F97DE7802AB5F048E
SHA-256:	637238CF2285F1A039784DD3FBDBB9519B685423B6E9E8843D64A9B5958821FF
SHA-512:	0CA27CF0A816CBDE0B20672F6231B434E88571CD0331B4FB210ED8FD8E0A2D5B712D83F9F26748BBE57333D4A15A86204EC1D2A51F4DC2B10E0C87F7DAB4A2AD
Malicious:	false

C:\Windows\Installer\{B52074CE-AD76-4FB0-A18E-750A76508F5E}\main_icon
Process:	C:\Windows\System32\msiexec.exe
File Type:	MS Windows icon resource - 6 icons, 256-colors
Size (bytes):	102134
Entropy (8bit):	2.3955999931321195
Encrypted:	false
MD5:	1F8B46E37598939B8B567CE0F881EBFC
SHA1:	AA6AA0D248121D94A8BFC7261F4E9F88F77BC152
SHA-256:	E3FF1DE5F99B0E4060528E07E2EDC5B0EF8A966EC9FF490E5199B203D6C31621
SHA-512:	1FE061B9A2A3D4AB0055967AA89F9F0BDDD18C732A1AC769B1950AA94F08F4DCA78FC5BADA1D694F12F0B216ABF0A461471C7A6A5D2BFAFE433A070300F8FA2A
Malicious:	false

C:\Windows\Installer\{B52074CE-AD76-4FB0-A18E-750A76508F5E}\ocr_icon
Process:	C:\Windows\System32\msiexec.exe
File Type:	MS Windows icon resource - 2 icons, 32x32, 256-colors
Size (bytes):	5430
Entropy (8bit):	3.433821579385858
Encrypted:	false
MD5:	904428A07FC8026CF3B0E59F74E4EAAD
SHA1:	0B009C92B8BF3FF4B49648D071B37F94DDD73EA7
SHA-256:	1617DB00722F80BBC85D38F3546888C6489248D9C9172C39BA4A66F45604B861
SHA-512:	BDBBFA85EAB8F46DC8E12E0FBE6CEF5B420ECDC2BE4F2ECAD70F5C648C04AF6CAEF4713F88BAD06952A9719690F570AE43C02047EDD5E82805AAFA7059E531A7
Malicious:	false

C:\Windows\Installer\{B52074CE-AD76-4FB0-A18E-750A76508F5E}\review_icon
Process:	C:\Windows\System32\msiexec.exe
File Type:	MS Windows icon resource - 2 icons, 32x32, 256-colors
Size (bytes):	5430
Entropy (8bit):	2.417739069291157
Encrypted:	false
MD5:	CB077693BB0C9FEA66208965DB093244
SHA1:	551AB742E69ED35F6A745CE017FD5B2B09B22878
SHA-256:	4BBD8A79F305EACE6333FC2F0404055E4C80B6289271614F7902FD4903D0C6EA
SHA-512:	CACC9E4E4EC4E0E02519D224B1B7B456E2976226925C8E2A363F71F5FFB4C7E5968298BBFF5C1C4F0FD8384926F1192E8DF0760527A4AC46F5F223251C010B5D
Malicious:	false

C:\Windows\Installer\{B52074CE-AD76-4FB0-A18E-750A76508F5E}\secure_icon
Process:	C:\Windows\System32\msiexec.exe
File Type:	MS Windows icon resource - 2 icons, 32x32, 256-colors
Size (bytes):	5430
Entropy (8bit):	2.698257836453698
Encrypted:	false
MD5:	E10BABFA8727F13BD3CB340DD2244A3B
SHA1:	F48F312D2C7E8330F2551401E09BC0ECF908F593
SHA-256:	F1467C6EAE7AA0CCE2DAD32FEB3C51D5EA6CEE20AD0D73FF28F6CFDE9A62CCA9
SHA-512:	53CAC8ADC3777BC427969F56515C41C14D857D13EE22B29305E58F9E2EA8ED1EF2DCB29F92209E012A0FD9636745345370CE8442A8F6BFB3F002B6989A9C8139
Malicious:	false

C:\Windows\Installer\{B52074CE-AD76-4FB0-A18E-750A76508F5E}\uninstall_icon
Process:	C:\Windows\System32\msiexec.exe
File Type:	MS Windows icon resource - 3 icons, 48x48, 256-colors
Size (bytes):	15086
Entropy (8bit):	2.895897549072265
Encrypted:	false
MD5:	BA4E9AA901DF9CADE2D112285EECC1A8
SHA1:	12EA7A43D4D3F1EE68D292601E6EE0826D3292B5
SHA-256:	FE1CB6B5D59BF80E07805C9AB66E0A28920FE6FD02C39B8289AEB0A48224B58E
SHA-512:	702456D7482641DDE74326BE6D885C3A9C2961C8A97DF4C024C12DFD8B77B4A6138781B7A89625CC8CD11DEBCF7D6F4A527390C41F981376894726AB1B47152D
Malicious:	false

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen_service.log
Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	ASCII text, with CRLF line terminators
Size (bytes):	226
Entropy (8bit):	5.065950245092174
Encrypted:	false
MD5:	E94DF1A8AC41D6DC1DD2FE7614B3D058
SHA1:	167D9378C8E7CE444C7C57AF3FED5A02810B88BC
SHA-256:	611BB63E37BA78D41D2DE3343750DF2052C7F5C93422C9EC8D189E69E9FA3630
SHA-512:	06BEEFCFF74A1F329A9CCB8224368F1AC7F2865D339816DE5AE48AB57438AAD6709B6678AEAE1BB4E9B9D87F20281C4F6667824AAAA8FF7A88F02E582522F7EB
Malicious:	false

C:\Windows\System32\drivers\etc\hosts
Process:	C:\Windows\System32\msiexec.exe
File Type:	ASCII text, with CRLF, CR line terminators
Size (bytes):	139
Entropy (8bit):	4.236160434770634
Encrypted:	false
MD5:	306647043715E282887F6238FD573564
SHA1:	C16C11FF207786F481E5A248D454DDC26B55DF89
SHA-256:	584199D7D5164C89AE375E7167A37A67CEBF038E711D55F0F20B9E2739D9CCB3
SHA-512:	F83EE1F83D4E0D72D72AFB99B20CE09799A6B88DB8634ECB4B56E81C77D2F92ED9F85FF925154C2524377101C7421B9BC47B79E0AE50F2421C2146435BE96C01
Malicious:	true

C:\Windows\System32\xbox-service.exe
Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Size (bytes):	990720
Entropy (8bit):	7.69040624914226
Encrypted:	false
MD5:	3E1B6D4FDD4DD9E328D4D65C0C436008
SHA1:	E707B51E76BC33E68F81108D4B21709BCBF4DCB6
SHA-256:	FCF64FC09FAE0B0E1C01945176FCE222BE216844EDE0E477B4053C9456FF023E
SHA-512:	807CACF49F4F82FB4FC9C13FEEF2A67BAFE856652165AC63F86DC1D51669F909F07C19CD698063D25F9F375DCDD06C3FB522D9E8B0ACD77912DC3EB1BFE9A0B9
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%, Browse

C:\Windows\Temp\tmp112D.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp11AC.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp12A0.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp168D.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp17F0.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp1843.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp19F5.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp1A67.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp1AA6.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp1C4C.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp1C8B.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp1E22.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp1E90.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp1F07.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp2179.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp2334.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp236E.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp2548.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp25C5.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp274D.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp2803.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp28B4.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp29AF.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp29C9.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp2B8F.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp2CDD.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp2ECF.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp2EF0.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp3097.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp310E.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp3141.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp32B9.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp32C5.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp3347.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp3508.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp352D.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp375E.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp3819.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp39BC.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp3ABC.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp3B08.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp3B72.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp3D5D.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp3F13.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp40C6.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp4101.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp424.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp4344.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp4367.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp437.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp44A2.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp44FB.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp4614.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp46F2.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp47A1.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp4A7A.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp4A7D.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp4C9E.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp4CD2.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp4E74.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp4E98.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp504B.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp504E.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp5376.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp53A7.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp553C.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp558F.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp56D4.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp577F.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp5830.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp5865.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp5936.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp59D3.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp5A06.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp5B69.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp5C3.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp5EA.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp5F18.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp5F81.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp5FA0.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp61F7.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp62CE.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp6333.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp6399.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp666D.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp66B.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp66C7.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp6753.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp67B6.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp68D0.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp6967.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp6B9A.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp6DD3.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp6DF1.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp6E3B.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp6EE7.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp7015.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp70CC.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp722A.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp746D.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp75FD.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp7633.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp76CD.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp77C1.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp77E2.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp7809.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp792A.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp79F7.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp7B7C.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp7BAD.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp7CBD.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp7D93.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp7EF0.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp80A7.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp821.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp82B4.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp83AF.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp8438.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp84E8.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp8616.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp86B.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp86BD.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp86C9.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp87AE.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp8910.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp89B2.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp8AD6.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp8B9F.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp8CBC.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp8DA0.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp8F51.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp90BE.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp92.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp9240.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp9289.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp945F.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp9574.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp9644.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp97EE.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp97F3.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp9A7F.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp9AA3.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp9AB4.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp9BB4.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp9DB8.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmp9FBD.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpA04C.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpA1F0.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpA226.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpA237.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpA2DE.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpA32.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpA3B7.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpA554.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpA57D.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpA749.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpA8C0.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpA947.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpAABD.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpAAFE.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpACE1.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpAD83.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpAEA7.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpB043.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpB082.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpB167.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpB407.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpB47A.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpB570.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpB65A.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpB65F.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpB806.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpB830.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpBA1A.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpBA83.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpBC58.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpBD36.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpBD8F.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpBE1F.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpBEDE.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpBFE2.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpC081.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpC111.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpC12E.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpC237.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpC590.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpC6BF.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpC7B7.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpC821.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpC8C4.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpC9AB.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpC9BB.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpC9F7.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpCB72.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpCC59.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpCE5F.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpCFE9.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpD20D.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpD37E.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpD4DD.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpD52.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpD554.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpD72A.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpD787.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpD94.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpDA0E.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpDB32.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpDBC4.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpDCC8.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpDECD.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpE100.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpE2BB.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpE2C5.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpE2D6.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpE48D.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpE58A.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpE6EC.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpEAA8.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpEB39.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpEC8D.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpED2E.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpEE44.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpEF03.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpF09.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpF16D.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpF375.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpF425.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpF5E7.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpF629.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpF75A.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpFB37.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpFB6A.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpFC0.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpFCCF.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpFD6F.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpFED3.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\Temp\tmpFF35.tmp
Process:	C:\Windows\System32\xbox-service.exe
File Type:	Zip archive data, at least v2.0 to extract
Size (bytes):	677169
Entropy (8bit):	7.999759342846989
Encrypted:	true
MD5:	7462FD06E182A1BC55C5702249BC022E
SHA1:	DFD19BAAAC3CBE014071E6446BDE528C7AE0F7ED
SHA-256:	E013852EBDE4901EBB6BAB6C2933AB791FA06E235FEFC27D10BC99E67C9592E0
SHA-512:	A08050563D2B99B11F70F9F73C513B2A7667ED4CAA5640DE104CDE78B3D5C7526B20D7F7082DC9401B7BDDCBA93E31F760D4549C2F9AE3B2B37B123D4863821E
Malicious:	false

C:\Windows\pagefile.sys
Process:	C:\Windows\System32\xbox-service.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Size (bytes):	133174272
Entropy (8bit):	6.30071031058287
Encrypted:	false
MD5:	06E4CD3544FFEC1D5AF68E77A0E02CD9
SHA1:	B3BAC39CC59060D425CEC5CD34CA85B69F5C11C1
SHA-256:	3E15BBFABACF7A62B08A6380783FD2E1F7F1604C3141F1EB4315E06481FBC671
SHA-512:	365994082D0837FB8C26E43DCBD6A732CA6A48026B95E759AE0E5292D2CC28A39BA26FA24D59C11C43117909E3DDDEA5B043432F90C71AAC72CC56376EBC4F92
Malicious:	false

\samr
Process:	C:\Windows\System32\VSSVC.exe
File Type:	Hitachi SH big-endian COFF object, not stripped
Size (bytes):	264264
Entropy (8bit):	4.055727656337136
Encrypted:	false
MD5:	F0E2E80948CB631338E538129BB60964
SHA1:	AE48925C3D419B00ED93CF332CA9E5DC4F25D752
SHA-256:	B23E915952364C9177FDDAD4E38BE262C2411C5F1E266F565F4F6A4398519B35
SHA-512:	CACE5C5BBAD058ADECADEFF4F6A72D01DFEA1D1043ED9EECBB77FC386586E1F8CC14F0CC7FD11EAE90D1DE6DDB7CBE51701AD704CC53B2FD20A268C2AFC12599
Malicious:	false

Contacted Domains/Contacted IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
pdfedesktopmsi.b-cdn.net	82.102.16.18	true	false	0%, virustotal, Browse	high
cdn.lulusoft.com	64.15.159.203	true	false	0%, virustotal, Browse	unknown
partner1.lulusoft.com	198.72.111.203	true	false	0%, virustotal, Browse	unknown
download-desktop-msi.pdfescape.com	unknown	unknown	false	0%, virustotal, Browse	high
download-desktop.pdfescape.com	unknown	unknown	false		high

Contacted URLs

Name	Process
http://download-desktop-msi.pdfescape.com/pdfescape3/glamour/PDFescape_Desktop_Installer_3.0.25.584.exe	C:\Windows\System32\msiexec.exe
http://cdn.lulusoft.com/download/pdfescape/pdfescape1/glamour	C:\Windows\System32\msiexec.exe
http://download-desktop.pdfescape.com/module/glamour	C:\Windows\System32\msiexec.exe

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Country	ASN	ASN Name	Malicious
198.72.111.203	Canada	32613	IWEB-AS-iWebTechnologiesIncCA	false
64.15.159.203	Canada	32613	IWEB-AS-iWebTechnologiesIncCA	false
82.102.16.18	Malta	20952	VENUS-INTERNET-ASGB	false

Private

IP
192.168.1.13
192.168.1.255

Static File Info

General
File type:	2
Entropy (8bit):	7.614219642054197
TrID:	Microsoft Windows Installer (638509/1) 98.53% Generic OLE2 / Multistream Compound File (8008/1) 1.24% Java Script embedded in Visual Basic Script (1500/0) 0.23%
File name:	pdfescape-desktop-asian-and-extended.msi
File size:	5918720
MD5:	0ae326bf4b644c91f155c3d0ba23881f
SHA1:	fdb4f63afed7df811f88119c2d67b489c862a07f
SHA256:	a69a40e9f57f029c056d817fe5ce2b3a1099235ecbb0bcc33207c9cff5e8ffd0
SHA512:	9e7b2b25bf76d2f9267765ca71dff664b0a882f7545830dddaee242a3f81041848811dcc72ab2f262dd75f314a7924d2f6e87c143ccfc47187c8c13d8ab0790d
File Content Preview:	........................>......................................................................................................................................................................................................................................

File Icon

Static OLE Info

General
Document Type:	OLE
Number of OLE Files:	1

OLE File "pdfescape-desktop-asian-and-extended.msi"

Indicators
Has Summary Info:	True
Application Name:	Windows Installer XML Toolset (3.8.1128.0)
Encrypted Document:	False
Contains Word Document Stream:	False
Contains Workbook/Book Stream:	False
Contains PowerPoint Document Stream:	False
Contains Visio Document Stream:	False
Contains ObjectPool Stream:	False
Flash Objects Count:	0
Contains VBA Macros:	True

Summary
Code Page:	1252
Title:	Installation Database
Subject:	PDFescape Desktop Asian Fonts Pack
Author:	Red Software
Keywords:	Installer
Comments:	This installer database contains the logic and data required to install PDFescape Desktop Asian Fonts Pack.
Template:	x64;1033
Revion Number:	{B419B734-CAF5-477C-8F2D-D642BB955957}
Create Time:	2018-01-30 18:13:18
Last Saved Time:	2018-01-30 18:13:18
Number of Pages:	200
Number of Words:	2
Creating Application:	Windows Installer XML Toolset (3.8.1128.0)
Security:	2

Streams

Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 580

General
Stream Path:	\x5SummaryInformation
File Type:	data
Stream Size:	580
Entropy:	4.71702914008
Base64 Encoded:	True
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . l . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I n s t a l l a t i o n D a t a b a s e . . . . . . . # . . . P D F e s c a p e D e s k t o p A s i a n F o n t s P a c k . . . . . .
Data Raw:	fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 14 02 00 00 0e 00 00 00 01 00 00 00 78 00 00 00 02 00 00 00 80 00 00 00 03 00 00 00 a0 00 00 00 04 00 00 00 cc 00 00 00 05 00 00 00 e4 00 00 00 06 00 00 00 f8 00 00 00 07 00 00 00 6c 01 00 00 09 00 00 00 80 01 00 00 0c 00 00 00 b0 01 00 00

Stream Path: \x16678\x14437\x16830\x16740, File Type: Microsoft Cabinet archive data, 3551059 bytes, 239 files, Stream Size: 3551059

General
Stream Path:	\x16678\x14437\x16830\x16740
File Type:	Microsoft Cabinet archive data, 3551059 bytes, 239 files
Stream Size:	3551059
Entropy:	7.99711909812
Base64 Encoded:	True
Data ASCII:	M S C F . . . . S / 6 . . . . . , . . . . . . . . . . . . . . . . . . . . = . . V . . . . 8 . . . . . . . . . J . . . _ 7 8 _ E U C _ H . 8 B 5 A B A 8 B _ D 9 0 9 _ 4 8 4 3 _ A 0 C 8 _ F 8 D 4 E F F B 0 9 E 6 . a . . . . 8 . . . . . J . . . _ 7 8 _ E U C _ V . 8 B 5 A B A 8 B _ D 9 0 9 _ 4 8 4 3 _ A 0 C 8 _ F 8 D 4 E F F B 0 9 E 6 . . 7 . . f @ . . . . . J . . . _ 7 8 _ H . 8 B 5 A B A 8 B _ D 9 0 9 _ 4 8 4 3 _ A 0 C 8 _ F 8 D 4 E F F B 0 9 E 6 . & 8 . . . w . . . . . J . . . _ 7 8 _ R K S J _ H .
Data Raw:	4d 53 43 46 00 00 00 00 53 2f 36 00 00 00 00 00 2c 00 00 00 00 00 00 00 03 01 01 00 ef 00 00 00 00 00 00 00 ba 3d 00 00 56 01 01 00 05 38 00 00 00 00 00 00 00 00 ee 4a 85 10 20 00 5f 37 38 5f 45 55 43 5f 48 2e 38 42 35 41 42 41 38 42 5f 44 39 30 39 5f 34 38 34 33 5f 41 30 43 38 5f 46 38 44 34 45 46 46 42 30 39 45 36 00 61 08 00 00 05 38 00 00 00 00 ee 4a 85 10 20 00 5f 37 38 5f 45

Stream Path: \x16786\x17522\x16702\x17206\x17508\x17215\x17574\x18481, File Type: MS Windows icon resource - 2 icons, 32x32, 256-colors, Stream Size: 5430

General
Stream Path:	\x16786\x17522\x16702\x17206\x17508\x17215\x17574\x18481
File Type:	MS Windows icon resource - 2 icons, 32x32, 256-colors
Stream Size:	5430
Entropy:	2.79354612016
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . & . . . . . . . . . . h . . . . . . . ( . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	00 00 01 00 02 00 20 20 00 00 01 00 20 00 a8 10 00 00 26 00 00 00 10 10 00 00 01 00 20 00 68 04 00 00 ce 10 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 80 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: \x16786\x17522\x16766\x17848\x17516\x17832\x18422\x16812\x17522, File Type: MS Windows icon resource - 2 icons, 32x32, 256-colors, Stream Size: 5430

General
Stream Path:	\x16786\x17522\x16766\x17848\x17516\x17832\x18422\x16812\x17522
File Type:	MS Windows icon resource - 2 icons, 32x32, 256-colors
Stream Size:	5430
Entropy:	3.45510805425
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . & . . . . . . . . . . h . . . . . . . ( . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M . . .
Data Raw:	00 00 01 00 02 00 20 20 00 00 01 00 20 00 a8 10 00 00 26 00 00 00 10 10 00 00 01 00 20 00 68 04 00 00 ce 10 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 80 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff

Stream Path: \x16786\x17522\x16830\x16949\x17892\x18408\x16812\x17522, File Type: MS Windows icon resource - 2 icons, 32x32, 256-colors, Stream Size: 5430

General
Stream Path:	\x16786\x17522\x16830\x16949\x17892\x18408\x16812\x17522
File Type:	MS Windows icon resource - 2 icons, 32x32, 256-colors
Stream Size:	5430
Entropy:	2.71365146393
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . & . . . . . . . . . . h . . . . . . . ( . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . Y Y Y . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	00 00 01 00 02 00 20 20 00 00 01 00 20 00 a8 10 00 00 26 00 00 00 10 10 00 00 01 00 20 00 68 04 00 00 ce 10 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 80 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: \x16786\x17522\x16830\x17522\x16953\x17909\x17215\x17574\x18481, File Type: MS Windows icon resource - 2 icons, 32x32, 256-colors, Stream Size: 5430

General
Stream Path:	\x16786\x17522\x16830\x17522\x16953\x17909\x17215\x17574\x18481
File Type:	MS Windows icon resource - 2 icons, 32x32, 256-colors
Stream Size:	5430
Entropy:	2.50982523329
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . & . . . . . . . . . . h . . . . . . . ( . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	00 00 01 00 02 00 20 20 00 00 01 00 20 00 a8 10 00 00 26 00 00 00 10 10 00 00 01 00 20 00 68 04 00 00 ce 10 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 80 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: \x16786\x17522\x16958\x17191\x18423\x16812\x17522, File Type: MS Windows icon resource - 2 icons, 32x32, 256-colors, Stream Size: 5430

General
Stream Path:	\x16786\x17522\x16958\x17191\x18423\x16812\x17522
File Type:	MS Windows icon resource - 2 icons, 32x32, 256-colors
Stream Size:	5430
Entropy:	2.6367005467
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . & . . . . . . . . . . h . . . . . . . ( . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	00 00 01 00 02 00 20 20 00 00 01 00 20 00 a8 10 00 00 26 00 00 00 10 10 00 00 01 00 20 00 68 04 00 00 ce 10 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 80 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: \x16786\x17522\x16958\x17905\x17768\x17779\x17836\x18408\x16812\x17522, File Type: MS Windows icon resource - 3 icons, 16x16, 256-colors, Stream Size: 15086

General
Stream Path:	\x16786\x17522\x16958\x17905\x17768\x17779\x17836\x18408\x16812\x17522
File Type:	MS Windows icon resource - 3 icons, 16x16, 256-colors
Stream Size:	15086
Entropy:	2.8435656727
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . h . . . 6 . . . . . . . . . . . . . . . . 0 0 . . . . . . % . . F . . . ( . . . . . . . . . . . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M . . . M . . . M . . . M . . . M . . . M . . . M . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	00 00 01 00 03 00 10 10 00 00 01 00 20 00 68 04 00 00 36 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 9e 04 00 00 30 30 00 00 01 00 20 00 a8 25 00 00 46 15 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff

Stream Path: \x16786\x17522\x17022\x17778\x17840\x17215\x17574\x18481, File Type: MS Windows icon resource - 2 icons, 32x32, 256-colors, Stream Size: 5430

General
Stream Path:	\x16786\x17522\x17022\x17778\x17840\x17215\x17574\x18481
File Type:	MS Windows icon resource - 2 icons, 32x32, 256-colors
Stream Size:	5430
Entropy:	2.65649810508
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . & . . . . . . . . . . h . . . . . . . ( . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	00 00 01 00 02 00 20 20 00 00 01 00 20 00 a8 10 00 00 26 00 00 00 10 10 00 00 01 00 20 00 68 04 00 00 ce 10 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 80 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: \x16786\x17522\x17214\x17841\x16695\x17391\x17215\x17574\x18481, File Type: MS Windows icon resource - 3 icons, 48x48, 256-colors, Stream Size: 15086

General
Stream Path:	\x16786\x17522\x17214\x17841\x16695\x17391\x17215\x17574\x18481
File Type:	MS Windows icon resource - 3 icons, 48x48, 256-colors
Stream Size:	15086
Entropy:	2.8453104587
Base64 Encoded:	False
Data ASCII:	. . . . . . 0 0 . . . . . . % . . 6 . . . . . . . . . . . . . % . . . . . . . . . h . . . . 6 . . ( . . . 0 . . . ` . . . . . . . . . . . % . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ^ . . . ^ . . Z ^ . . . ^ . . . ^ . . . ^ . . . ^ . . . ^ .
Data Raw:	00 00 01 00 03 00 30 30 00 00 01 00 20 00 a8 25 00 00 36 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 de 25 00 00 10 10 00 00 01 00 20 00 68 04 00 00 86 36 00 00 28 00 00 00 30 00 00 00 60 00 00 00 01 00 20 00 00 00 00 00 80 25 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: \x16786\x17522\x17214\x17841\x17768\x18423\x16812\x17522, File Type: MS Windows icon resource - 2 icons, 32x32, 256-colors, Stream Size: 5430

General
Stream Path:	\x16786\x17522\x17214\x17841\x17768\x18423\x16812\x17522
File Type:	MS Windows icon resource - 2 icons, 32x32, 256-colors
Stream Size:	5430
Entropy:	2.47916502286
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . & . . . . . . . . . . h . . . . . . . ( . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	00 00 01 00 02 00 20 20 00 00 01 00 20 00 a8 10 00 00 26 00 00 00 10 10 00 00 01 00 20 00 68 04 00 00 ce 10 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 80 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: \x16786\x17522\x17470\x17188\x18417\x16812\x17522, File Type: MS Windows icon resource - 6 icons, 256-colors, Stream Size: 102134

General
Stream Path:	\x16786\x17522\x17470\x17188\x18417\x16812\x17522
File Type:	MS Windows icon resource - 6 icons, 256-colors
Stream Size:	102134
Entropy:	2.39559999313
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . ( . . . f . . . @ @ . . . . . ( B . . . . . . 0 0 . . . . . . % . . . J . . . . . . . . . . . ^ p . . . . . . . . . . . . . . . . . . . . . . . . h . . . . . . . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	00 00 01 00 06 00 80 80 00 00 01 00 20 00 28 08 01 00 66 00 00 00 40 40 00 00 01 00 20 00 28 42 00 00 8e 08 01 00 30 30 00 00 01 00 20 00 a8 25 00 00 b6 4a 01 00 20 20 00 00 01 00 20 00 a8 10 00 00 5e 70 01 00 18 18 00 00 01 00 20 00 88 09 00 00 06 81 01 00 10 10 00 00 01 00 20 00 68 04 00 00 8e 8a 01 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 20 00 00 00 00 00 00 08 01 00 00 00

Stream Path: \x16786\x17522\x17598\x17766\x17215\x17574\x18481, File Type: MS Windows icon resource - 2 icons, 32x32, 256-colors, Stream Size: 5430

General
Stream Path:	\x16786\x17522\x17598\x17766\x17215\x17574\x18481
File Type:	MS Windows icon resource - 2 icons, 32x32, 256-colors
Stream Size:	5430
Entropy:	3.43382157939
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . & . . . . . . . . . . h . . . . . . . ( . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . { . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	00 00 01 00 02 00 20 20 00 00 01 00 20 00 a8 10 00 00 26 00 00 00 10 10 00 00 01 00 20 00 68 04 00 00 ce 10 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 80 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: \x16786\x17522\x17790\x18024\x16940\x18426\x16812\x17522, File Type: MS Windows icon resource - 2 icons, 32x32, 256-colors, Stream Size: 5430

General
Stream Path:	\x16786\x17522\x17790\x18024\x16940\x18426\x16812\x17522
File Type:	MS Windows icon resource - 2 icons, 32x32, 256-colors
Stream Size:	5430
Entropy:	2.41773906929
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . & . . . . . . . . . . h . . . . . . . ( . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O O O . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	00 00 01 00 02 00 20 20 00 00 01 00 20 00 a8 10 00 00 26 00 00 00 10 10 00 00 01 00 20 00 68 04 00 00 ce 10 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 80 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: \x16786\x17522\x17854\x16808\x17784\x18408\x16812\x17522, File Type: MS Windows icon resource - 2 icons, 32x32, 256-colors, Stream Size: 5430

General
Stream Path:	\x16786\x17522\x17854\x16808\x17784\x18408\x16812\x17522
File Type:	MS Windows icon resource - 2 icons, 32x32, 256-colors
Stream Size:	5430
Entropy:	2.69825783645
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . & . . . . . . . . . . h . . . . . . . ( . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . O O O . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	00 00 01 00 02 00 20 20 00 00 01 00 20 00 a8 10 00 00 26 00 00 00 10 10 00 00 01 00 20 00 68 04 00 00 ce 10 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 80 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: \x16786\x17522\x17982\x17201\x17841\x16695\x17391\x17215\x17574\x18481, File Type: MS Windows icon resource - 3 icons, 48x48, 256-colors, Stream Size: 15086

General
Stream Path:	\x16786\x17522\x17982\x17201\x17841\x16695\x17391\x17215\x17574\x18481
File Type:	MS Windows icon resource - 3 icons, 48x48, 256-colors
Stream Size:	15086
Entropy:	2.89589754907
Base64 Encoded:	False
Data ASCII:	. . . . . . 0 0 . . . . . . % . . 6 . . . . . . . . . . . . . % . . . . . . . . . h . . . . 6 . . ( . . . 0 . . . ` . . . . . . . . . . . % . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . F . Z . F . . . F . . . F . . . F . . . F . . . F
Data Raw:	00 00 01 00 03 00 30 30 00 00 01 00 20 00 a8 25 00 00 36 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 de 25 00 00 10 10 00 00 01 00 20 00 68 04 00 00 86 36 00 00 28 00 00 00 30 00 00 00 60 00 00 00 01 00 20 00 00 00 00 00 80 25 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: \x17163\x16689\x18229\x15806\x17206\x17163\x18353\x15048\x14981\x14987\x15048\x15231\x14345\x18377\x14852\x14532\x15039\x15104\x18376\x14863\x14605\x15310\x15055\x14912\x14734, File Type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows, Stream Size: 1495040

General
Stream Path:	\x17163\x16689\x18229\x15806\x17206\x17163\x18353\x15048\x14981\x14987\x15048\x15231\x14345\x18377\x14852\x14532\x15039\x15104\x18376\x14863\x14605\x15310\x15055\x14912\x14734
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Stream Size:	1495040
Entropy:	7.34585718348
Base64 Encoded:	True
Data ASCII:	M Z . . . . . . . . . . . . . . . . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . L . ! T h i s p r o g r a m c a n n o t b e r u n i n D O S m o d e . . . . $ . . . . . . . . . < . . . R . . . R . . . R . 4 . . . . . R . 4 . . . . . R . 4 . . . . . R . . . . . . . R . . . Q . . . R . e . W . . . R . . . W . . . R . . . V . . . R . . . . . . . R . . . S . . . R . . . [ . . . R . . . R . . . R . . . . . . . R . . . . . . . R .
Data Raw:	4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00

Stream Path: \x17163\x16689\x18229\x16446\x18156\x15518\x15103\x17648\x15103\x17508\x16945\x18485, File Type: PC bitmap, Windows 3.x format, 493 x 58 x 24, Stream Size: 85896

General
Stream Path:	\x17163\x16689\x18229\x16446\x18156\x15518\x15103\x17648\x15103\x17508\x16945\x18485
File Type:	PC bitmap, Windows 3.x format, 493 x 58 x 24
Stream Size:	85896
Entropy:	0.608479752065
Base64 Encoded:	False
Data ASCII:	B M . O . . . . . . 6 . . . ( . . . . . . . : . . . . . . . . . . . R O . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	42 4d 88 4f 01 00 00 00 00 00 36 00 00 00 28 00 00 00 ed 01 00 00 3a 00 00 00 01 00 18 00 00 00 00 00 52 4f 01 00 12 0b 00 00 12 0b 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff

Stream Path: \x17163\x16689\x18229\x16446\x18156\x15518\x15103\x17648\x15231\x16684\x17583\x18474, File Type: PC bitmap, Windows 3.x format, 164 x 312 x 24, Stream Size: 153560

General
Stream Path:	\x17163\x16689\x18229\x16446\x18156\x15518\x15103\x17648\x15231\x16684\x17583\x18474
File Type:	PC bitmap, Windows 3.x format, 164 x 312 x 24
Stream Size:	153560
Entropy:	1.14320739466
Base64 Encoded:	False
Data ASCII:	B M . W . . . . . . 6 . . . ( . . . . . . . 8 . . . . . . . . . . . . W . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	42 4d d8 57 02 00 00 00 00 00 36 00 00 00 28 00 00 00 a4 00 00 00 38 01 00 00 01 00 18 00 00 00 00 00 a2 57 02 00 12 0b 00 00 12 0b 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff

Stream Path: \x17163\x16689\x18229\x16446\x18156\x15518\x15103\x17648\x15871\x18088, File Type: MS Windows icon resource - 2 icons, 32x32, 256-colors, Stream Size: 5430

General
Stream Path:	\x17163\x16689\x18229\x16446\x18156\x15518\x15103\x17648\x15871\x18088
File Type:	MS Windows icon resource - 2 icons, 32x32, 256-colors
Stream Size:	5430
Entropy:	2.05085873405
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . & . . . . . . . . . . h . . . . . . . ( . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	00 00 01 00 02 00 20 20 00 00 01 00 20 00 a8 10 00 00 26 00 00 00 10 10 00 00 01 00 20 00 68 04 00 00 ce 10 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 80 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: \x17163\x16689\x18229\x16446\x18156\x15518\x15103\x17648\x16319\x18483, File Type: MS Windows icon resource - 1 icon, Stream Size: 1150

General
Stream Path:	\x17163\x16689\x18229\x16446\x18156\x15518\x15103\x17648\x16319\x18483
File Type:	MS Windows icon resource - 1 icon
Stream Size:	1150
Entropy:	2.11703700263
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . h . . . . . . . ( . . . . . . . . . . . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . y . F . y . F . y . F . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . y . F . y . F . y . F . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	00 00 01 00 01 00 10 10 00 00 01 00 20 00 68 04 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: \x17163\x16689\x18229\x16446\x18156\x15518\x15551\x17574\x15295\x16827\x16687\x18480, File Type: MS Windows icon resource - 2 icons, 48x48, 256-colors, Stream Size: 13942

General
Stream Path:	\x17163\x16689\x18229\x16446\x18156\x15518\x15551\x17574\x15295\x16827\x16687\x18480
File Type:	MS Windows icon resource - 2 icons, 48x48, 256-colors
Stream Size:	13942
Entropy:	2.41911251703
Base64 Encoded:	True
Data ASCII:	. . . . . . 0 0 . . . . . . % . . & . . . . . . . . . . . . . % . . ( . . . 0 . . . ` . . . . . . . . . . . % . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	00 00 01 00 02 00 30 30 00 00 01 00 20 00 a8 25 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 ce 25 00 00 28 00 00 00 30 00 00 00 60 00 00 00 01 00 20 00 00 00 00 00 80 25 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: \x17163\x16689\x18229\x16446\x18156\x15518\x15551\x17574\x15551\x17009\x18482, File Type: MS Windows icon resource - 2 icons, 48x48, 256-colors, Stream Size: 13942

General
Stream Path:	\x17163\x16689\x18229\x16446\x18156\x15518\x15551\x17574\x15551\x17009\x18482
File Type:	MS Windows icon resource - 2 icons, 48x48, 256-colors
Stream Size:	13942
Entropy:	2.48370041619
Base64 Encoded:	True
Data ASCII:	. . . . . . 0 0 . . . . . . % . . & . . . . . . . . . . . . . % . . ( . . . 0 . . . ` . . . . . . . . . . . % . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	00 00 01 00 02 00 30 30 00 00 01 00 20 00 a8 25 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 ce 25 00 00 28 00 00 00 30 00 00 00 60 00 00 00 01 00 20 00 00 00 00 00 80 25 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: \x17163\x16689\x18229\x16446\x18156\x15518\x17184\x16827\x18468, File Type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, Stream Size: 66048

General
Stream Path:	\x17163\x16689\x18229\x16446\x18156\x15518\x17184\x16827\x18468
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Stream Size:	66048
Entropy:	6.2421498
Base64 Encoded:	True
Data ASCII:	M Z . . . . . . . . . . . . . . . . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . L . ! T h i s p r o g r a m c a n n o t b e r u n i n D O S m o d e . . . . $ . . . . . . . . . . . . j . . . j . . . j . . . 8 . . . j . . . 8 . . . j . . . . . . . j . . . j . . . j . . . 8 . . . j . . . 8 . . . j . . . 8 . . . j . . . 8 . . . j . . R i c h . j . . . . . . . . . . P E . . L . . . . . ; J . . . . . . . . . . . ! . . . . . . . .
Data Raw:	4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00

Stream Path: \x17163\x16689\x18229\x16830\x17458\x17395\x17896\x18408\x16812\x17522, File Type: MS Windows icon resource - 2 icons, 48x48, 256-colors, Stream Size: 13942

General
Stream Path:	\x17163\x16689\x18229\x16830\x17458\x17395\x17896\x18408\x16812\x17522
File Type:	MS Windows icon resource - 2 icons, 48x48, 256-colors
Stream Size:	13942
Entropy:	2.84353689347
Base64 Encoded:	False
Data ASCII:	. . . . . . 0 0 . . . . . . % . . & . . . . . . . . . . . . . % . . ( . . . 0 . . . ` . . . . . . . . . . . % . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	00 00 01 00 02 00 30 30 00 00 01 00 20 00 a8 25 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 ce 25 00 00 28 00 00 00 30 00 00 00 60 00 00 00 01 00 20 00 00 00 00 00 80 25 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: \x17163\x16689\x18229\x16830\x17848\x17591\x18416\x16812\x17522, File Type: MS Windows icon resource - 2 icons, 48x48, 256-colors, Stream Size: 13942

General
Stream Path:	\x17163\x16689\x18229\x16830\x17848\x17591\x18416\x16812\x17522
File Type:	MS Windows icon resource - 2 icons, 48x48, 256-colors
Stream Size:	13942
Entropy:	2.67707470797
Base64 Encoded:	False
Data ASCII:	. . . . . . 0 0 . . . . . . % . . & . . . . . . . . . . . . . % . . ( . . . 0 . . . ` . . . . . . . . . . . % . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	00 00 01 00 02 00 30 30 00 00 01 00 20 00 a8 25 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 ce 25 00 00 28 00 00 00 30 00 00 00 60 00 00 00 01 00 20 00 00 00 00 00 80 25 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: \x17163\x16689\x18229\x17790\x17448\x18034\x18408\x16812\x17522, File Type: MS Windows icon resource - 2 icons, 48x48, 256-colors, Stream Size: 13942

General
Stream Path:	\x17163\x16689\x18229\x17790\x17448\x18034\x18408\x16812\x17522
File Type:	MS Windows icon resource - 2 icons, 48x48, 256-colors
Stream Size:	13942
Entropy:	2.89618762097
Base64 Encoded:	True
Data ASCII:	. . . . . . 0 0 . . . . . . % . . & . . . . . . . . . . . . . % . . ( . . . 0 . . . ` . . . . . . . . . . . % . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	00 00 01 00 02 00 30 30 00 00 01 00 20 00 a8 25 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 ce 25 00 00 28 00 00 00 30 00 00 00 60 00 00 00 01 00 20 00 00 00 00 00 80 25 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: \x17163\x16689\x18229\x17790\x17640\x17188\x18421\x16812\x17522, File Type: MS Windows icon resource - 2 icons, 48x48, 256-colors, Stream Size: 13942

General
Stream Path:	\x17163\x16689\x18229\x17790\x17640\x17188\x18421\x16812\x17522
File Type:	MS Windows icon resource - 2 icons, 48x48, 256-colors
Stream Size:	13942
Entropy:	2.85634402403
Base64 Encoded:	True
Data ASCII:	. . . . . . 0 0 . . . . . . % . . & . . . . . . . . . . . . . % . . ( . . . 0 . . . ` . . . . . . . . . . . % . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	00 00 01 00 02 00 30 30 00 00 01 00 20 00 a8 25 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 ce 25 00 00 28 00 00 00 30 00 00 00 60 00 00 00 01 00 20 00 00 00 00 00 80 25 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: \x18496\x15167\x17394\x17464\x17841, File Type: data, Stream Size: 1184

General
Stream Path:	\x18496\x15167\x17394\x17464\x17841
File Type:	data
Stream Size:	1184
Entropy:	5.00296479385
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . " . " . " . ) . ) . ) . * . * . * . + . + . / . / . 0 . 0 . 4 . 4 . 4 . 4 . 4 . 4 . 4 . 4 . 4 . 4 . 4 . 4 . 6 . 6 . 6 . 6 . 6 . 6 . 6 . 6 . 6 . 6 . I . I . I . I . P . P . P . P . P . P . Y . Y . Y . Y . Y . s . s . s . y . y . y . y . ~ . ~ . ~ . ~ . ~ . ~ . ~ . ~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	07 00 07 00 07 00 07 00 07 00 07 00 07 00 07 00 07 00 07 00 22 00 22 00 22 00 29 00 29 00 29 00 2a 00 2a 00 2a 00 2b 00 2b 00 2f 00 2f 00 30 00 30 00 34 00 34 00 34 00 34 00 34 00 34 00 34 00 34 00 34 00 34 00 34 00 34 00 36 00 36 00 36 00 36 00 36 00 36 00 36 00 36 00 36 00 36 00 49 00 49 00 49 00 49 00 50 00 50 00 50 00 50 00 50 00 50 00 59 00 59 00 59 00 59 00 59 00 73 00 73 00

Stream Path: \x18496\x15518\x16925\x17915, File Type: data, Stream Size: 204

General
Stream Path:	\x18496\x15518\x16925\x17915
File Type:	data
Stream Size:	204
Entropy:	4.32693828433
Base64 Encoded:	False
Data ASCII:	) . * . + . , . - . . . 0 . 2 . 4 . 6 . 8 . : . < . > . @ . B . D . F . H . J . L . N . P . R . T . V . X . Z . \\ . ^ . ` . b . d . f . h . j . l . n . p . r . t . v . x . z . \| . ~ . . . . . . . . . . . . . * . + . , . - . / . 1 . 3 . 5 . 7 . 9 . ; . = . ? . A . C . E . G . I . K . M . O . Q . S . U . W . Y . [ . ] . _ . a . c . e . g . i . k . m . o . q . s . u . w . y . { . } . . . . . . . . . . . . .
Data Raw:	29 02 2a 02 2b 02 2c 02 2d 02 2e 02 30 02 32 02 34 02 36 02 38 02 3a 02 3c 02 3e 02 40 02 42 02 44 02 46 02 48 02 4a 02 4c 02 4e 02 50 02 52 02 54 02 56 02 58 02 5a 02 5c 02 5e 02 60 02 62 02 64 02 66 02 68 02 6a 02 6c 02 6e 02 70 02 72 02 74 02 76 02 78 02 7a 02 7c 02 7e 02 80 02 82 02 84 02 86 02 88 02 00 00 2a 02 2b 02 2c 02 2d 02 2f 02 31 02 33 02 35 02 37 02 39 02 3b 02 3d 02

Stream Path: \x18496\x16191\x17783\x17516\x15210\x17892\x18468, File Type: ASCII text, with very long lines, with CRLF line terminators, Stream Size: 148903

General
Stream Path:	\x18496\x16191\x17783\x17516\x15210\x17892\x18468
File Type:	ASCII text, with very long lines, with CRLF line terminators
Stream Size:	148903
Entropy:	5.37727993351
Base64 Encoded:	True
Data ASCII:	N a m e T a b l e T y p e C o l u m n V a l u e _ V a l i d a t i o n N P r o p e r t y I d _ S u m m a r y I n f o r m a t i o n D e s c r i p t i o n S e t C a t e g o r y K e y C o l u m n M a x V a l u e N u l l a b l e K e y T a b l e M i n V a l u e I d e n t i f i e r N a m e o f t a b l e N a m e o f c o l u m n Y ; N W h e t h e r t h e c o l u m n i s n u l l a b l e Y M i n i m u m v a l u e a l l o w e d M a x i m u m v a l u e a l l o w e d F o r f o r e i g n k e y
Data Raw:	4e 61 6d 65 54 61 62 6c 65 54 79 70 65 43 6f 6c 75 6d 6e 56 61 6c 75 65 5f 56 61 6c 69 64 61 74 69 6f 6e 4e 50 72 6f 70 65 72 74 79 49 64 5f 53 75 6d 6d 61 72 79 49 6e 66 6f 72 6d 61 74 69 6f 6e 44 65 73 63 72 69 70 74 69 6f 6e 53 65 74 43 61 74 65 67 6f 72 79 4b 65 79 43 6f 6c 75 6d 6e 4d 61 78 56 61 6c 75 65 4e 75 6c 6c 61 62 6c 65 4b 65 79 54 61 62 6c 65 4d 69 6e 56 61 6c 75 65

Stream Path: \x18496\x16191\x17783\x17516\x15978\x17586\x18479, File Type: data, Stream Size: 4732

General
Stream Path:	\x18496\x16191\x17783\x17516\x15978\x17586\x18479
File Type:	data
Stream Size:	4732
Entropy:	3.40314735276
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . _ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 . . . . . . . . . . . . . . . . . . . D . . . . . . . . . 6 . . . $ . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . B . . . . . . . . . . . . . . . o . . . . . . . . . . . . . . . ' . . . . . . . . . . . . . . . . . . . ( . . . . . . . * . . . . . " . . . . . . . . . 5 . . . d . . . . . . . . . . . X . . . V . . . . . . . / . . . . . . .
Data Raw:	e4 04 00 00 04 00 04 00 05 00 02 00 00 00 00 00 04 00 04 00 06 00 02 00 05 00 09 00 0b 00 15 00 01 00 5f 00 0a 00 01 00 13 00 02 00 0b 00 14 00 03 00 02 00 08 00 02 00 09 00 02 00 08 00 02 00 08 00 02 00 08 00 02 00 08 00 02 00 0a 00 33 00 0d 00 01 00 0e 00 01 00 03 00 01 00 1e 00 01 00 01 00 44 00 15 00 01 00 15 00 01 00 36 00 01 00 24 00 01 00 f5 00 01 00 0f 00 01 00 04 00 60 00

Stream Path: \x18496\x16255\x16740\x16943\x18486, File Type: data, Stream Size: 62

General
Stream Path:	\x18496\x16255\x16740\x16943\x18486
File Type:	data
Stream Size:	62
Entropy:	3.80682776102
Base64 Encoded:	False
Data ASCII:	. . " . ) . * . + . / . 0 . 4 . 6 . I . P . Y . s . y . ~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	07 00 22 00 29 00 2a 00 2b 00 2f 00 30 00 34 00 36 00 49 00 50 00 59 00 73 00 79 00 7e 00 8d 00 90 00 9d 00 a0 00 a1 00 a2 00 a5 00 ab 00 b9 00 c2 00 cc 00 d0 00 8c 02 82 04 85 04 94 04

Stream Path: \x18496\x16383\x17380\x16876\x17892\x17580\x18481, File Type: data, Stream Size: 3720

General
Stream Path:	\x18496\x16383\x17380\x16876\x17892\x17580\x18481
File Type:	data
Stream Size:	3720
Entropy:	2.57042140165
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . " . " . " . ) . ) . ) . * . * . * . + . + . / . / . 0 . 0 . 4 . 4 . 4 . 4 . 4 . 4 . 4 . 4 . 4 . 4 . 4 . 4 . 6 . 6 . 6 . 6 . 6 . 6 . 6 . 6 . 6 . 6 . I . I . I . I . P . P . P . P . P . P . Y . Y . Y . Y . Y . s . s . s . y . y . y . y . ~ . ~ . ~ . ~ . ~ . ~ . ~ . ~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	07 00 07 00 07 00 07 00 07 00 07 00 07 00 07 00 07 00 07 00 0a 00 0a 00 22 00 22 00 22 00 29 00 29 00 29 00 2a 00 2a 00 2a 00 2b 00 2b 00 2f 00 2f 00 30 00 30 00 34 00 34 00 34 00 34 00 34 00 34 00 34 00 34 00 34 00 34 00 34 00 34 00 36 00 36 00 36 00 36 00 36 00 36 00 36 00 36 00 36 00 36 00 49 00 49 00 49 00 49 00 50 00 50 00 50 00 50 00 50 00 50 00 59 00 59 00 59 00 59 00 59 00

Stream Path: \x18496\x16661\x17528\x17126\x17548\x16881\x17900\x17580\x18481, File Type: data, Stream Size: 8

General
Stream Path:	\x18496\x16661\x17528\x17126\x17548\x16881\x17900\x17580\x18481
File Type:	data
Stream Size:	8
Entropy:	2.0
Base64 Encoded:	False
Data ASCII:	. . . . . . . .
Data Raw:	0a 02 0c 02 0b 02 0d 02

Stream Path: \x18496\x16667\x17191\x15090\x17912\x17591\x18481, File Type: data, Stream Size: 36

General
Stream Path:	\x18496\x16667\x17191\x15090\x17912\x17591\x18481
File Type:	data
Stream Size:	36
Entropy:	3.25962222552
Base64 Encoded:	False
Data ASCII:	# . # . . . . . . $ . . . . . . . . . ' . ' . . . . . # . % . . . . .
Data Raw:	23 01 23 01 01 80 02 80 20 02 24 02 00 80 00 80 00 80 14 80 27 81 27 81 10 80 18 80 23 02 25 02 00 00 00 00

Stream Path: \x18496\x16786\x17522, File Type: MS Windows COFF PowerPC object file, Stream Size: 56

General
Stream Path:	\x18496\x16786\x17522
File Type:	MS Windows COFF PowerPC object file
Stream Size:	56
Entropy:	2.45183873051
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	f0 01 f1 01 f2 01 f3 01 f4 01 f5 01 f6 01 f7 01 f8 01 f9 01 fa 01 fb 01 fc 01 fd 01 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00

Stream Path: \x18496\x16842\x17200\x15281\x16955\x17958\x16951\x16924\x17972\x17512\x16934, File Type: dBase IV DBT of \342.DBF, blocks size 14745824, next free block index 14614750, Stream Size: 48

General
Stream Path:	\x18496\x16842\x17200\x15281\x16955\x17958\x16951\x16924\x17972\x17512\x16934
File Type:	dBase IV DBT of \342.DBF, blocks size 14745824, next free block index 14614750
Stream Size:	48
Entropy:	3.11008776073
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . < . . . . .
Data Raw:	de 00 df 00 e0 00 e1 00 e2 00 e3 00 e4 00 e5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 83 84 83 e8 83 78 85 dc 85 3c 8f a0 8f c8 99

Stream Path: \x18496\x16842\x17200\x16305\x16146\x17704\x16952\x16817\x18472, File Type: dBase IV DBT of \347.DBF, blocks size 15073504, next free block index 14614750, Stream Size: 42

General
Stream Path:	\x18496\x16842\x17200\x16305\x16146\x17704\x16952\x16817\x18472
File Type:	dBase IV DBT of \347.DBF, blocks size 15073504, next free block index 14614750
Stream Size:	42
Entropy:	2.92211644938
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	de 00 df 00 e0 00 e6 00 e7 00 e8 00 e9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 83 84 83 e8 83 fd 7f fe 7f ff 7f 14 85

Stream Path: \x18496\x16842\x17913\x18126\x16808\x17912\x16168\x17704\x16952\x16817\x18472, File Type: dBase IV DBT of \345.DBF, blocks size 14811361, next free block index 14680286, Stream Size: 42

General
Stream Path:	\x18496\x16842\x17913\x18126\x16808\x17912\x16168\x17704\x16952\x16817\x18472
File Type:	dBase IV DBT of \345.DBF, blocks size 14811361, next free block index 14680286
Stream Size:	42
Entropy:	2.9135675273
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . .
Data Raw:	de 00 e0 00 e1 00 e2 00 e5 00 ea 00 eb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 83 e8 83 78 85 dc 85 c8 99 9c 98 00 99

Stream Path: \x18496\x16911\x17892\x17784\x15144\x17458\x17587\x16945\x17905\x18486, File Type: data, Stream Size: 4

General
Stream Path:	\x18496\x16911\x17892\x17784\x15144\x17458\x17587\x16945\x17905\x18486
File Type:	data
Stream Size:	4
Entropy:	2.0
Base64 Encoded:	False
Data ASCII:	. . . .
Data Raw:	ec 01 99 02

Stream Path: \x18496\x16911\x17892\x17784\x18472, File Type: data, Stream Size: 32

General
Stream Path:	\x18496\x16911\x17892\x17784\x18472
File Type:	data
Stream Size:	32
Entropy:	2.35845859334
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	ec 01 ed 01 ed 01 00 00 ee 01 ef 01 00 00 00 00 02 80 01 80 01 80 01 80 00 00 00 00 00 80 00 80

Stream Path: \x18496\x16918\x17191\x18468, File Type: MIPSEB Ucode, Stream Size: 14

General
Stream Path:	\x18496\x16918\x17191\x18468
File Type:	MIPSEB Ucode
Stream Size:	14
Entropy:	1.95021206491
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . .
Data Raw:	01 80 ef 00 00 80 00 00 0e 02 00 00 00 00

Stream Path: \x18496\x16925\x17915\x17884\x17404\x18472, File Type: data, Stream Size: 36

General
Stream Path:	\x18496\x16925\x17915\x17884\x17404\x18472
File Type:	data
Stream Size:	36
Entropy:	2.6070177096
Base64 Encoded:	False
Data ASCII:	. . ' . ( . & . & . & . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	1c 02 27 02 28 02 26 02 26 02 26 02 08 80 0c 80 09 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 80

Stream Path: \x18496\x17100\x16808\x15086\x18162, File Type: data, Stream Size: 8

General
Stream Path:	\x18496\x17100\x16808\x15086\x18162
File Type:	data
Stream Size:	8
Entropy:	1.75
Base64 Encoded:	False
Data ASCII:	. . . . . . . .
Data Raw:	f7 00 f9 00 f8 00 f8 00

Stream Path: \x18496\x17163\x16689\x18229, File Type: data, Stream Size: 48

General
Stream Path:	\x18496\x17163\x16689\x18229
File Type:	data
Stream Size:	48
Entropy:	2.5211817716
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	ec 00 ed 00 ee 00 ef 00 f0 00 f1 00 f2 00 f3 00 f4 00 f5 00 f6 00 9b 04 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00

Stream Path: \x18496\x17165\x16949\x17894\x17778\x18492, File Type: data, Stream Size: 36

General
Stream Path:	\x18496\x17165\x16949\x17894\x17778\x18492
File Type:	data
Stream Size:	36
Entropy:	3.31240374024
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	e4 01 e5 01 e7 01 90 02 92 02 94 02 e5 01 e7 01 00 00 94 02 90 02 e4 01 e6 01 e8 01 e9 01 93 02 91 02 e8 01

Stream Path: \x18496\x17165\x17380\x17074, File Type: data, Stream Size: 396

General
Stream Path:	\x18496\x17165\x17380\x17074
File Type:	data
Stream Size:	396
Entropy:	3.84953512266
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . % . , . 0 . I . O . T . [ . _ . c . r . . . . . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . 2 . r . r . r . . . r . r . r . . . r . r . . . r . r . r . r . r . r . r . . . . . . . i . . . . . . . U . . . . . U . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ' . . . . . . . . . . . . . . .
Data Raw:	e6 00 e7 00 e8 00 fa 00 14 01 20 01 25 01 2c 01 30 01 49 01 4f 01 54 01 5b 01 5f 01 63 01 72 01 91 01 a3 01 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 32 80 72 81 72 81 72 81 0e 81 72 81 72 81 72 81 04 81 72 81 72 81

Stream Path: \x18496\x17167\x16943, File Type: data, Stream Size: 4780

General
Stream Path:	\x18496\x17167\x16943
File Type:	data
Stream Size:	4780
Entropy:	4.37162316074
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . " . $ . & . ( . * . , . . . 0 . 2 . 4 . 6 . 8 . : . < . > . @ . B . D . F . H . J . L . N . P . R . T . V . X . Z . \\ . ^ . ` . b . d . f . h . j . l . n . p . r . t . v . x . z . \| . ~ . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	9a 02 9c 02 9e 02 a0 02 a2 02 a4 02 a6 02 a8 02 aa 02 ac 02 ae 02 b0 02 b2 02 b4 02 b6 02 b8 02 ba 02 bc 02 be 02 c0 02 c2 02 c4 02 c6 02 c8 02 ca 02 cc 02 ce 02 d0 02 d2 02 d4 02 d6 02 d8 02 da 02 dc 02 de 02 e0 02 e2 02 e4 02 e6 02 e8 02 ea 02 ec 02 ee 02 f0 02 f2 02 f4 02 f6 02 f8 02 fa 02 fc 02 fe 02 00 03 02 03 04 03 06 03 08 03 0a 03 0c 03 0e 03 10 03 12 03 14 03 16 03 18 03

Stream Path: \x18496\x17490\x17910\x17380\x15279\x16955\x17958\x16951\x16924\x17972\x17512\x16934, File Type: data, Stream Size: 126

General
Stream Path:	\x18496\x17490\x17910\x17380\x15279\x16955\x17958\x16951\x16924\x17972\x17512\x16934
File Type:	data
Stream Size:	126
Entropy:	4.09746075485
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . d . . . . . @ . . . p . . . y . . . . .
Data Raw:	de 00 df 00 e0 00 e1 00 e2 00 e4 00 e5 00 ea 00 eb 00 df 01 fe 01 ff 01 00 02 01 02 02 02 03 02 04 02 05 02 06 02 95 02 97 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 96 02 20 83 84 83 e8 83 78 85 dc 85 a0 8f c8 99 9c 98 00 99 e9 83 19 80 64 80 bc 82 b0 84 40 86 08 87 70 97 d4 97 79 85 ac 8d a1 8f

Stream Path: \x18496\x17490\x17910\x17380\x16303\x16146\x17704\x16952\x16817\x18472, File Type: data, Stream Size: 114

General
Stream Path:	\x18496\x17490\x17910\x17380\x16303\x16146\x17704\x16952\x16817\x18472
File Type:	data
Stream Size:	114
Entropy:	4.18100318521
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . % . 0 . I . _ . c . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 . . . . . . . . . . . . . . . d . . . . . 2 .
Data Raw:	de 00 df 00 e0 00 e6 00 e7 00 e8 00 e9 00 25 01 30 01 49 01 5f 01 63 01 a3 01 df 01 fe 01 ff 01 00 02 01 02 07 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 02 af 01 b7 01 09 02 00 00 00 00 00 00 00 00 00 00 00 00 20 83 84 83 e8 83 fd 7f fe 7f ff 7f 14 85 31 80 13 85 10 85 11 85 12 85 0f 85 e9 83 19 80 64 80 bc 82 b0 84 32 80

Stream Path: \x18496\x17548\x17648\x17522\x17512\x18487, File Type: data, Stream Size: 12

General
Stream Path:	\x18496\x17548\x17648\x17522\x17512\x18487
File Type:	data
Stream Size:	12
Entropy:	2.79248125036
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . .
Data Raw:	99 02 9c 04 92 02 00 81 00 00 9a 02

Stream Path: \x18496\x17548\x17905\x17589\x15151\x17522\x17191\x17207\x17522, File Type: data, Stream Size: 536

General
Stream Path:	\x18496\x17548\x17905\x17589\x15151\x17522\x17191\x17207\x17522
File Type:	data
Stream Size:	536
Entropy:	3.71848945283
Base64 Encoded:	False
Data ASCII:	. . . . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . I . I . _ . _ . _ . _ . c . c . c . c . c . c . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . . . . . . . . . . . . . . . . . . . l . o . 1 . 3 . 5 . 7 . 9 . ; . = . ? . A . C . J . L . . . . . a . a . J . J . J . L . L . L . . . . . . . J . J . J . L . L . L . s . s . s . u . u . u . v . v . v . y . y . z . z . \| . \| . } . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	e8 00 e8 00 30 01 30 01 30 01 30 01 30 01 30 01 30 01 30 01 30 01 30 01 49 01 49 01 5f 01 5f 01 5f 01 5f 01 63 01 63 01 63 01 63 01 63 01 63 01 72 01 72 01 72 01 72 01 72 01 72 01 72 01 72 01 72 01 72 01 72 01 72 01 72 01 72 01 72 01 72 01 72 01 72 01 72 01 72 01 72 01 72 01 72 01 72 01 72 01 72 01 72 01 72 01 72 01 72 01 72 01 72 01 72 01 72 01 91 01 91 01 91 01 91 01 91 01 91 01

Stream Path: \x18496\x17548\x17905\x17589\x15279\x16953\x17905, File Type: data, Stream Size: 1404

General
Stream Path:	\x18496\x17548\x17905\x17589\x15279\x16953\x17905
File Type:	data
Stream Size:	1404
Entropy:	4.03699124921
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . % . , . , . 0 . I . I . I . I . I . I . I . I . I . I . I . I . I . O . T . T . T . [ . _ . _ . _ . c . c . c . c . c . c . c . c . c . c . c . c . c . c . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . r . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	e6 00 e7 00 e8 00 fa 00 fa 00 fa 00 fa 00 fa 00 fa 00 fa 00 14 01 14 01 14 01 20 01 20 01 20 01 25 01 2c 01 2c 01 30 01 49 01 49 01 49 01 49 01 49 01 49 01 49 01 49 01 49 01 49 01 49 01 49 01 49 01 4f 01 54 01 54 01 54 01 5b 01 5f 01 5f 01 5f 01 63 01 63 01 63 01 63 01 63 01 63 01 63 01 63 01 63 01 63 01 63 01 63 01 63 01 63 01 72 01 72 01 72 01 72 01 72 01 72 01 72 01 72 01 72 01

Stream Path: \x18496\x17548\x17905\x17589\x18479, File Type: data, Stream Size: 4628

General
Stream Path:	\x18496\x17548\x17905\x17589\x18479
File Type:	data
Stream Size:	4628
Entropy:	4.05248077064
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . % . % . % . % . % . % . % . % . % . , . , . , . , . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . I . I . I . I . I . I . I . I . O . O . O . T . T . T . T . T . T . T . T . T . [ . [ . [ . [ . [ . [ . [ . [ . _ . _ . _ . _ . _ . _ . _ . _ . c . c . c . c . c . c . c . c .
Data Raw:	e6 00 e6 00 e6 00 e6 00 e6 00 e6 00 e6 00 e7 00 e7 00 e7 00 e7 00 e7 00 e7 00 e7 00 e8 00 e8 00 e8 00 e8 00 e8 00 e8 00 e8 00 e8 00 e8 00 fa 00 fa 00 fa 00 fa 00 fa 00 fa 00 fa 00 fa 00 fa 00 14 01 14 01 14 01 14 01 14 01 14 01 14 01 14 01 14 01 14 01 20 01 20 01 20 01 20 01 20 01 20 01 20 01 20 01 20 01 20 01 25 01 25 01 25 01 25 01 25 01 25 01 25 01 25 01 25 01 2c 01 2c 01 2c 01

Stream Path: \x18496\x17558\x17959\x16943\x17180\x17514\x17892\x17784\x18472, File Type: data, Stream Size: 6

General
Stream Path:	\x18496\x17558\x17959\x16943\x17180\x17514\x17892\x17784\x18472
File Type:	data
Stream Size:	6
Entropy:	2.25162916739
Base64 Encoded:	False
Data ASCII:	. . . . . .
Data Raw:	8f 02 09 84 8e 02

Stream Path: \x18496\x17558\x17959\x16943\x17548\x17648\x17522\x17512\x17847, File Type: data, Stream Size: 6

General
Stream Path:	\x18496\x17558\x17959\x16943\x17548\x17648\x17522\x17512\x17847
File Type:	data
Stream Size:	6
Entropy:	2.25162916739
Base64 Encoded:	False
Data ASCII:	. . . . . .
Data Raw:	99 02 8f 02 09 84

Stream Path: \x18496\x17630\x17770\x16868\x18472, File Type: ARC archive data, uncompressed, Stream Size: 32

General
Stream Path:	\x18496\x17630\x17770\x16868\x18472
File Type:	ARC archive data, uncompressed
Stream Size:	32
Entropy:	2.1983911108
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	1a 02 1a 02 00 00 19 02 19 02 00 00 00 00 00 00 01 00 00 80 02 00 00 80 00 00 00 00 8a 02 8b 02

Stream Path: \x18496\x17753\x17650\x17768\x18231, File Type: data, Stream Size: 56

General
Stream Path:	\x18496\x17753\x17650\x17768\x18231
File Type:	data
Stream Size:	56
Entropy:	3.94238060245
Base64 Encoded:	False
Data ASCII:	. . # . . . . . . . . . . . . . . . . . . . . . . . ! . . . . . . . . . . . . . . . . . . . . . . . . . . " .
Data Raw:	d1 00 23 01 ab 01 c0 01 0f 02 10 02 12 02 14 02 16 02 18 02 1b 02 1d 02 1f 02 21 02 1a 02 20 02 f8 00 f8 00 fb 01 11 02 13 02 15 02 17 02 19 02 1c 02 1e 02 fa 00 22 02

Stream Path: \x18496\x17814\x15340\x17388\x15464\x17828\x18475, File Type: data, Stream Size: 4780

General
Stream Path:	\x18496\x17814\x15340\x17388\x15464\x17828\x18475
File Type:	data
Stream Size:	4780
Entropy:	7.60560673541
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . " . $ . & . ( . * . , . . . 0 . 2 . 4 . 6 . 8 . : . < . > . @ . B . D . F . H . J . L . N . P . R . T . V . X . Z . \\ . ^ . ` . b . d . f . h . j . l . n . p . r . t . v . x . z . \| . ~ . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	9a 02 9c 02 9e 02 a0 02 a2 02 a4 02 a6 02 a8 02 aa 02 ac 02 ae 02 b0 02 b2 02 b4 02 b6 02 b8 02 ba 02 bc 02 be 02 c0 02 c2 02 c4 02 c6 02 c8 02 ca 02 cc 02 ce 02 d0 02 d2 02 d4 02 d6 02 d8 02 da 02 dc 02 de 02 e0 02 e2 02 e4 02 e6 02 e8 02 ea 02 ec 02 ee 02 f0 02 f2 02 f4 02 f6 02 f8 02 fa 02 fc 02 fe 02 00 03 02 03 04 03 06 03 08 03 0a 03 0c 03 0e 03 10 03 12 03 14 03 16 03 18 03

Stream Path: \x18496\x17932\x17910\x17458\x16778\x17207\x17522, File Type: data, Stream Size: 36

General
Stream Path:	\x18496\x17932\x17910\x17458\x16778\x17207\x17522
File Type:	data
Stream Size:	36
Entropy:	3.34449842338
Base64 Encoded:	False
Data ASCII:	. . . . . . A . 3 . A . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	da 01 df 01 97 02 41 80 33 80 41 84 ec 00 e0 01 9b 04 e2 01 e1 01 9d 04 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: \x18496\x17998\x17512\x15799\x17636\x17203\x17073, File Type: data, Stream Size: 32

General
Stream Path:	\x18496\x17998\x17512\x15799\x17636\x17203\x17073
File Type:	data
Stream Size:	32
Entropy:	2.76201589562
Base64 Encoded:	False
Data ASCII:	% . % . 0 . 0 . * . + . + . E . * . + . + . . . . . . . . . . .
Data Raw:	25 01 25 01 30 01 30 01 2a 01 2b 01 2b 01 45 01 2a 01 2b 01 2b 01 ea 01 1f 00 1f 00 1f 00 eb 01

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 30, 2018 13:22:51.086455107 CEST	60171	3702	192.168.1.13	239.255.255.250
Jul 30, 2018 13:22:51.086467981 CEST	60171	3702	192.168.1.13	239.255.255.250
Jul 30, 2018 13:22:51.098881006 CEST	49186	5357	192.168.1.13	192.168.1.65
Jul 30, 2018 13:22:51.286025047 CEST	60171	3702	192.168.1.13	239.255.255.250
Jul 30, 2018 13:22:51.286036015 CEST	60171	3702	192.168.1.13	239.255.255.250
Jul 30, 2018 13:22:53.646048069 CEST	3702	61961	192.168.1.13	192.168.1.65
Jul 30, 2018 13:22:53.673592091 CEST	3702	63417	192.168.1.13	192.168.1.65
Jul 30, 2018 13:22:53.771148920 CEST	3702	63417	192.168.1.13	192.168.1.65
Jul 30, 2018 13:22:53.786199093 CEST	3702	61961	192.168.1.13	192.168.1.65
Jul 30, 2018 13:22:54.084621906 CEST	60171	3702	192.168.1.13	239.255.255.250
Jul 30, 2018 13:22:54.084634066 CEST	60171	3702	192.168.1.13	239.255.255.250
Jul 30, 2018 13:22:54.208456993 CEST	60171	3702	192.168.1.13	239.255.255.250
Jul 30, 2018 13:22:54.208470106 CEST	60171	3702	192.168.1.13	239.255.255.250
Jul 30, 2018 13:22:58.802534103 CEST	3702	57881	192.168.1.13	192.168.1.65
Jul 30, 2018 13:22:58.896260023 CEST	3702	57881	192.168.1.13	192.168.1.65
Jul 30, 2018 13:23:37.737744093 CEST	62130	53	192.168.1.13	8.8.8.8
Jul 30, 2018 13:23:37.764336109 CEST	53	62130	8.8.8.8	192.168.1.13
Jul 30, 2018 13:23:37.778023005 CEST	49188	80	192.168.1.13	198.72.111.203
Jul 30, 2018 13:23:37.887083054 CEST	80	49188	198.72.111.203	192.168.1.13
Jul 30, 2018 13:23:37.887176037 CEST	49188	80	192.168.1.13	198.72.111.203
Jul 30, 2018 13:23:37.888092041 CEST	49188	80	192.168.1.13	198.72.111.203
Jul 30, 2018 13:23:38.000849962 CEST	80	49188	198.72.111.203	192.168.1.13
Jul 30, 2018 13:23:38.000942945 CEST	49188	80	192.168.1.13	198.72.111.203
Jul 30, 2018 13:23:38.331739902 CEST	60535	53	192.168.1.13	8.8.8.8
Jul 30, 2018 13:23:38.343214989 CEST	53	60535	8.8.8.8	192.168.1.13
Jul 30, 2018 13:23:38.345664024 CEST	49189	80	192.168.1.13	64.15.159.203
Jul 30, 2018 13:23:38.454580069 CEST	80	49189	64.15.159.203	192.168.1.13
Jul 30, 2018 13:23:38.454699993 CEST	49189	80	192.168.1.13	64.15.159.203
Jul 30, 2018 13:23:38.455684900 CEST	49189	80	192.168.1.13	64.15.159.203
Jul 30, 2018 13:23:38.578457117 CEST	80	49189	64.15.159.203	192.168.1.13
Jul 30, 2018 13:23:38.578572035 CEST	49189	80	192.168.1.13	64.15.159.203
Jul 30, 2018 13:23:38.592550993 CEST	51725	53	192.168.1.13	8.8.8.8
Jul 30, 2018 13:23:38.625911951 CEST	53	51725	8.8.8.8	192.168.1.13
Jul 30, 2018 13:23:38.628616095 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.650161028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.650469065 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.651240110 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.672733068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.677699089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.678363085 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.678669930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.678735971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.678761959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.678785086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.678802013 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.678807974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.678848982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.678880930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.678904057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.678925037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.679166079 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.685201883 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.700069904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.700120926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.700169086 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.700536966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.700579882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.700609922 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.700645924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.700645924 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.700692892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.700807095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.700902939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.700941086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.700978994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.701013088 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.701018095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.701054096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.701087952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.701122046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.701154947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.701189041 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.701225996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.701262951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.701296091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.701387882 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.703237057 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.721921921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.721971035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.722095013 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.722441912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.722491026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.722512960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.722522020 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.722548962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.722584963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.722876072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.722944021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.723041058 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.723041058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.723102093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.723157883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.723205090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.723220110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.723253965 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.723289013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.723324060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.723366022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.723401070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.723412991 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.723436117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.723472118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.723506927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.723546982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.723582029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.723618984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.723654032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.723699093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.723715067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.723752022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.723788023 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.723788023 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.723824024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.723860025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.723896980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.723932981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.723968029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.724004030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.724039078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.724075079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.724111080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.724145889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.724179029 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.724617004 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.726664066 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.743777990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.743837118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.743874073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.743941069 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.744215965 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.744282007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.744317055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.744366884 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.744823933 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.745748997 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.745820045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.745857954 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.745915890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.745982885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.746006966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.746114969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.746150970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.746175051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.746208906 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.746218920 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.746242046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.746278048 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.746300936 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.746318102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.746355057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.746387959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.746422052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.746458054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.746493101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.746527910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.746562958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.746742964 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.747277021 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.748248100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.748310089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.748358965 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.748408079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.748476028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.748512983 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.748512983 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.748568058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.748614073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.748647928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.748681068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.748713970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.748747110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.748776913 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.748809099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.748842955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.748874903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.748908043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.748910904 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.748940945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.748977900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.749013901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.749048948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.749083996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.749119043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.749154091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.749188900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.749223948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.749259949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.749294996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.749313116 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.749330997 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.749366045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.749401093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.749434948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.749706984 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.759655952 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.762923956 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.768907070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.769009113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.769026041 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.769071102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.769109964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.769150972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.769191980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.769191980 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.769231081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.769268990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.769304037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.769340038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.769377947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.769414902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.769445896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.769478083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.769510031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.769541025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.769577026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.769613028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.769649982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.769648075 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.770215034 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.771076918 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.771092892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.771127939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.771151066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.771159887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.771173954 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.771665096 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.776729107 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.781379938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.781435966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.781502008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.781755924 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.784809113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.784938097 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.785056114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.785147905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.785231113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.785310030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.785382986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.785384893 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.785449028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.785520077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.785592079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.785665035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.785742998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.785770893 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.785819054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.785892963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.785965919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.786040068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.786117077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.786133051 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.786192894 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.786267996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.786340952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.786417961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.786498070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.786509037 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.786571980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.786647081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.786720037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.786801100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.786879063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.786900997 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.786955118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.787050962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.787127972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.787204981 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.798511028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.798649073 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.798652887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.798751116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.798815966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.798901081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.798990965 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.799047947 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.799119949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.799160004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.799204111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.799262047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.799313068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.799520016 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.799540043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.799591064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.799634933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.799685001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.799705982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.799747944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.799787045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.799829960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.799870968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.799910069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.799949884 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.799988031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.800023079 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.800029039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.800075054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.800113916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.800153017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.800192118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.800240993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.800286055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.800328016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.800370932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.800379038 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.800419092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.800466061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.800512075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.800559044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.800609112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.800653934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.800699949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.800734997 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.800746918 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.800793886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.800839901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.800887108 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.800930977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.800982952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.801028967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.801074982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.801120996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.801165104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.801178932 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.801208973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.801259041 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.801301956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.801347971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.801393986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.801441908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.801490068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.801537037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.801564932 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.801585913 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.801635027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.801686049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.801709890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.801755905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.801808119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.801851988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.801897049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.801942110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.801948071 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.801992893 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.802036047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.802078962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.802131891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.802159071 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.802206039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.802257061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.802280903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.802318096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.802357912 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.802366972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.802412987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.802483082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.802501917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.802547932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.802598000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.802623034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.802670002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.802701950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.802726984 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.803112030 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.803270102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.803318024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.803373098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.803406954 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.803456068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.803492069 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.803493977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.803531885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.803564072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.803596973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.803632021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.803855896 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.808881044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.808932066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.808984995 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.808981895 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.809043884 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.809103012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.809158087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.809211969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.809262991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.809298038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.809331894 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.809386969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.809443951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.809457064 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.809499025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.809551954 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.809586048 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.809618950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.809652090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.809684038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.809721947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.809758902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.809789896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.809819937 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.809848070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.809880018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.809910059 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.809911013 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.809941053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.809973955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.810007095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.810045004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.810077906 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.810110092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.810143948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.810177088 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.810210943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.810242891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.810276031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.810309887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.810342073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.810375929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.810411930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.810446024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.810483932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.810522079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.810558081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.810594082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.810627937 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.810662031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.810702085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.810741901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.810775042 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.810805082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.810837984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.810868979 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.810900927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.810933113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.810961008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.811017990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.811053038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.811345100 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.811433077 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.820218086 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.824506044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.824577093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.824619055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.824654102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.824687004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.824719906 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.824760914 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.825215101 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.825700998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.825772047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.825815916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.825854063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.825902939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.825951099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.825973034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.825989008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.826014042 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.826450109 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.837146997 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.841981888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.842058897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.842108965 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.842111111 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.842158079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.842210054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.842252016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.842309952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.842346907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.842398882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.842452049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.842473030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.842488050 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.842510939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.842554092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.842591047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.842638016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.842662096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.842684031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.842720985 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.842752934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.842791080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.842825890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.842875957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.842889071 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.842904091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.842947960 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.842992067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.843056917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.843111038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.843132973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.843154907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.843199968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.843250036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.843305111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.843343019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.843375921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.843406916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.843437910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.843470097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.843482971 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.843502998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.843592882 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.844048023 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.858840942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.858906984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.858964920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.859041929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.859081030 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.859108925 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.859179974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.859216928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.859253883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.859333038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.859365940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.859395981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.859436989 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.859452009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.859491110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.859540939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.859579086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.859617949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.859654903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.859714031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.859761000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.859816074 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.859869003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.859921932 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.859926939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.859987974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.860043049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.860081911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.860120058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.860178947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.860232115 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.860362053 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.860441923 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.860490084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.860569000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.860634089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.860675097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.860717058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.860750914 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.860785961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.860822916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.860862017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.860894918 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.860929012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.860965014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.861004114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.861013889 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.861041069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.861078024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.861114025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.861150980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.861190081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.861223936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.861258030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.861294031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.861331940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.861367941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.861401081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.861402035 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.861437082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.861474991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.861514091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.861552000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.861572027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.861610889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.861648083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.861685038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.861727953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.861762047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.861767054 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.861798048 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.861840963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.861879110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.861916065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.861955881 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.861989975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.862026930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.862066031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.862102032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.862128019 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.862135887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.862169981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.862221003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.862276077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.862310886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.862344027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.862379074 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.862416983 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.862453938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.862488985 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.862523079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.862528086 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.862567902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.862608910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.862626076 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.862668037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.862687111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.862728119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.862775087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.862809896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.862843990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.862880945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.862922907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.862965107 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.862967968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.863025904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.863068104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.863106966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.863145113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.863183022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.863218069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.863256931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.863292933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.863331079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.863367081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.863404036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.863414049 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.863445044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.863487005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.863523960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.863558054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.863591909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.863631010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.863673925 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.863711119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.863729000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.863764048 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.863775015 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.863799095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.863843918 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.863859892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.863898993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.863915920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.863949060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.863984108 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.864018917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.864401102 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.865127087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.865171909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.865221977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.865231991 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.865263939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.865302086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.865341902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.865376949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.865410089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.865447998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.865618944 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.922413111 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.931431055 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.944284916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.944466114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.944519043 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.944593906 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.944725990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.944801092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.944981098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.945084095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.945111036 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.945183039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.945254087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.945286036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.945344925 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.945396900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.945437908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.945497036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.945523977 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.945558071 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.945643902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.945887089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.945935011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.945981026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.946011066 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.946026087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.946309090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.946357965 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.946460009 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.946614981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.946664095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.946708918 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.946753025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.946939945 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.947058916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.947108984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.947154045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.947205067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.947249889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.947294950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.947345972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.947382927 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.947391033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.947612047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.947657108 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.947700024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.947746038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.947789907 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.947797060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.947843075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.947886944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.947931051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.947976112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.948019981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.948062897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.948107004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.948149920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.948153019 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.948194981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.948240042 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.948283911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.948328018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.948371887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.948421955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.948466063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.948509932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.948553085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.948569059 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.948597908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.948642015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.948684931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.948729992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.948961973 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.949105024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.949150085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.949193954 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.949237108 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.949280977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.949361086 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.949479103 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.949523926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.949567080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.949613094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.949641943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.949723005 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.949767113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.949795008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.949821949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.950016975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.950062037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.950105906 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.950134039 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.950150013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.950197935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.950292110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.950326920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.950402021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.950474977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.950509071 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.950521946 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.950567007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.950611115 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.950654984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.950706005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.950756073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.950799942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.950844049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.950887918 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.950889111 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.950932026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.950975895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.951056004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.951102972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.951147079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.951190948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.951234102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.951277971 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.951287031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.951329947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.951374054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.951417923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.951462984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.951509953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.951538086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.951585054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.951628923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.951654911 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.951673031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.951720953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.951764107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.951807976 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.951860905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.951910019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.951958895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.952003002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.952044964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.952048063 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.952511072 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.953382015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.953479052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.953486919 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.953542948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.953604937 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.953659058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.953725100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.953804970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.953865051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.953901052 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.953922987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.954005003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.954067945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.954112053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.954159021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.954235077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.954293966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.954322100 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.954355001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.954437017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.954493046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.954535961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.954595089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.954653025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.954760075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.954785109 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.954824924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.954859018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.954878092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.954895973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.954957962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.955081940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.955127001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.955188036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.955244064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.955250025 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.955281019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.955327034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.955349922 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.955375910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.955399990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.955424070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.955655098 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.955710888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.955748081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.955846071 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.955882072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.955918074 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.955954075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.956007957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.956037045 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.956162930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.956188917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.956248999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.956295967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.956331015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.956361055 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.956367970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.956404924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.956448078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.956471920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.956496000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.956705093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.956721067 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.956805944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.956837893 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.956938028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.956967115 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.957019091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.957036972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.957076073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.957103968 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.957118034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.957200050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.957415104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.957473040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.957494020 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.957643032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.957686901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.957778931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.957828045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.957856894 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.957896948 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.957930088 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.957993984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.958015919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.958028078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.958036900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.958046913 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.958064079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.958106041 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.958154917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.958175898 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.958213091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.958254099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.958270073 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.958298922 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.958542109 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.958583117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.958622932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.958631992 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.958666086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.958705902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.958745956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.958785057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.958826065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.958869934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.958920002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.958936930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.958975077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.959038973 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.959054947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.959096909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.959139109 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.959184885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.959213018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.959240913 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.959269047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.959297895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.959326029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.959353924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.959382057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.959409952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.959439039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.959466934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.959486008 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.959494114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.959522009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.959549904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.959578037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.959605932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.959634066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.959667921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.959696054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.959723949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.959753036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.959780931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.959808111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.959836006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.959863901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.959892035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.959919930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.959924936 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.959952116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.959980011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.960007906 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.960036993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.960064888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.960093975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.960122108 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.960150003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.960182905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.960211992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.960241079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.960268974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.960297108 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.960328102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.960355997 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.960355043 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.960383892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.960412979 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.960441113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.960469007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.960494041 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.960521936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.960550070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.960577965 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.960606098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.960633993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.960661888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.960690022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.960716963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.960745096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.960773945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.960802078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.960829020 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.960835934 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.960860968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.960889101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.960916996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.960943937 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.960972071 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.961000919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.961040974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.961081982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.961138010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.961179018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.961220026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.961311102 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:38.983108044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:38.983288050 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.019404888 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.022929907 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.041295052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.041403055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.041510105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.041579008 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.041593075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.041670084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.041775942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.041805029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.041913033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.041964054 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.041990042 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.042063951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.042156935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.042217016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.042288065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.042373896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.042414904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.042458057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.042499065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.042498112 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.042540073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.042582035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.042620897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.042665005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.042706013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.042747974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.042790890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.042828083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.042861938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.042896986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.042931080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.042968988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.043026924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.043065071 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.043107033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.043127060 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.043147087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.043189049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.043230057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.043278933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.043323994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.043375015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.043399096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.043447971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.043483019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.043514967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.043548107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.043580055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.043584108 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.043613911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.043646097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.043678999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.043711901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.043742895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.043778896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.043811083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.043840885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.043873072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.043909073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.043941021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.043975115 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.044008017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.044022083 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.044042110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.044075012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.044106960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.044140100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.044171095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.044210911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.044226885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.044264078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.044300079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.044322968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.044346094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.044378042 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.044413090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.044444084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.044476032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.044512033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.044517994 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.044543028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.044593096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.044634104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.044681072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.044719934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.044769049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.044815063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.044864893 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.044898033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.044934034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.044986963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.045041084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.045044899 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.045095921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.045149088 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.045202017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.045257092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.045312881 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.045367002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.045418978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.045470953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.045517921 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.045528889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.045615911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.045666933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.045727015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.045789957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.045850992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.045890093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.045969963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.046008110 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.046026945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.046070099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.046125889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.046143055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.046190977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.046230078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.046272993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.046304941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.046356916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.046396971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.046439886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.046462059 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.046492100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.046528101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.046559095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.046592951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.046639919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.046664000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.046703100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.046755075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.046801090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.046839952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.046860933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.046910048 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.046915054 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.046947956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.046972036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.047041893 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.047065020 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.047091007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.047132015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.047168016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.047214985 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.047236919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.047282934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.047328949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.047354937 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.047359943 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.047398090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.047432899 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.047485113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.047513008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.047549009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.047579050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.047601938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.047622919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.047677994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.047704935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.047745943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.047786951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.047810078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.047858953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.047894955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.047925949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.047951937 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.047970057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.047998905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048037052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048079014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048108101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048147917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048171997 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048197985 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048234940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048271894 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048288107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048297882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048315048 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048338890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048362017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048384905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048407078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048437119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048460007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048485994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048521996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048538923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048547029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048552990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048566103 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048585892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048609018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048616886 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.048631907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048654079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048686028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048722982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048746109 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048772097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048803091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048824072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048845053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048865080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048902988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048916101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048923016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048929930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048954010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.048986912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049016953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049030066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049037933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049057007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049077988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049098969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049119949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049140930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049160957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049181938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049202919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049232006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049257994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049279928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049299955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049333096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049365044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049386978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049412966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049431086 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.049446106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049457073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049488068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049498081 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.049504042 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049529076 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049566031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049586058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049618006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049643040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049664021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049686909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049717903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049741030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049762011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049793005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049824953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049846888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049873114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049901009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049922943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049943924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049972057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.049998045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050019026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050040007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050066948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050072908 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.050096989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050121069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050142050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050173998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050198078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050219059 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050241947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050273895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050296068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050317049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050347090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050379038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050400972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050426960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050457001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050477982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050498962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050528049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050554037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050575972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050585985 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.050595999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050627947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050652027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050673962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050695896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050729990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050757885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050779104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050810099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050833941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050854921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050877094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050908089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050929070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050950050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.050976038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.051031113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.051059961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.051081896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.051105022 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.051114082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.051140070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.051161051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.051184893 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.051215887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.051239014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.051256895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.051280022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.051311016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.051332951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.051353931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.051384926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.051417112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.051440001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.051464081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.051498890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.051536083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.051573038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.051599026 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.051611900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.051649094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.051683903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.051719904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.051755905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.051796913 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.051830053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.051865101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.051898003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.051920891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.051942110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.051960945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.051980972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.052002907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.052023888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.052045107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.052057981 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.052067041 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.052088022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.052108049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.052125931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.052146912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.052171946 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.052201986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.052233934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.052258968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.052279949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.052301884 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.052335024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.052390099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.052400112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.052417994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.052452087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.052485943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.052525997 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.052541971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.052580118 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.052608013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.052639961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.052640915 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.052675009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.052706957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.052745104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.052778006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.052802086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.052834988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.052860975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.052887917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.052917957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.052947044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.052973032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.052995920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.053024054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.053056002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.053415060 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.053468943 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.053517103 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.053566933 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.053615093 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.053659916 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.053702116 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.053742886 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.053785086 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.053824902 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.053865910 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.053905010 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.053944111 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.053982973 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.054028988 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.054069042 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.054112911 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.054163933 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.054205894 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.054246902 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.074681044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.074840069 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.074968100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.075046062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.075126886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.075153112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.075191021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.075222969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.075249910 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.075311899 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.075311899 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.075362921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.075381994 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.075401068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.075437069 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.075467110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.075525999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.075571060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.075608015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.075658083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.075701952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.075753927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.075790882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.075824976 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.075860977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.075896025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.075961113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.075958014 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.075995922 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.076011896 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.076030016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.076047897 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.076067924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.076092958 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.076122046 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.076148987 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.076195002 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.076224089 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.076260090 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.076297045 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.076353073 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.076412916 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.076463938 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.076510906 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.077343941 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.077405930 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.077459097 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.077500105 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.077538967 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.077590942 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.096487045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.096848011 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.097646952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.097701073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.097744942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.097800016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.097837925 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.097836018 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.097872019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.097902060 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.097908020 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.097942114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.097954988 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.097976923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.098011017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.098047018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.098500967 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.098557949 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.098592997 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.098629951 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.098663092 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.098707914 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.098742962 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.098779917 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.172549009 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.194461107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.194516897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.194582939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.194626093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.194677114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.194732904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.194782972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.194822073 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.194825888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.194885015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.194922924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.194976091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.195059061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.195128918 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.195147991 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.195163965 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.195214987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.195266962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.195318937 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.195367098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.195400953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.195471048 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.195511103 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.195564032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.195602894 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.195616961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.195672989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.195728064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.195785999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.195838928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.195909977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.195966005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.196026087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.196039915 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.196083069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.196142912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.196198940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.196253061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.196330070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.196378946 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.196436882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.196446896 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.196492910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.196551085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.196611881 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.196645021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.196695089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.196748018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.196813107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.196831942 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.196847916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.196912050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.196945906 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.197004080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.197052956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.197105885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.197160006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.197211027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.197215080 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.197256088 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.197309017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.197348118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.197386026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.197426081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.197458982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.197496891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.197530031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.197577000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.197597027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.197602034 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.197630882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.197689056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.197721958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.197762966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.197799921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.197835922 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.197876930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.197910070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.197973967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.197989941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.198025942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.198040962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.198069096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.198080063 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.198103905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.198137045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.198168993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.198199987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.198230982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.198261976 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.198295116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.198328018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.198359966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.198390961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.198425055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.198456049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.198488951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.198514938 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.198520899 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.198553085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.198585987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.198620081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.198652029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.198683023 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.198714018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.198744059 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.198776960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.198812008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.198844910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.198875904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.198906898 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.198921919 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.198936939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.198971033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.199023008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.199057102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.199095011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.199131966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.199166059 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.199198008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.199229956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.199263096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.199295044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.199327946 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.199330091 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.199358940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.199392080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.199425936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.199456930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.199490070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.199523926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.199559927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.199594021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.199628115 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.199661970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.199697971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.199733019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.199769020 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.199785948 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.199805021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.199841022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.199877024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.199913025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.199947119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.199984074 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.200020075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.200053930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.200086117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.200123072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.200158119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.200192928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.200227022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.200254917 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.200273037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.200289011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.200321913 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.200355053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.200390100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.200432062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.200452089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.200511932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.200556993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.200592995 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.200625896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.200663090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.200686932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.200689077 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.200722933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.200757980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.200792074 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.200824976 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.200860977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.200896978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.200942039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.200957060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.200990915 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.201026917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.201060057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.201093912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.201100111 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.201128006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.201164007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.201196909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.201232910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.201267958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.201302052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.201339006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.201363087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.201399088 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.201432943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.201466084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.201467037 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.201508045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.201541901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.201577902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.201615095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.201649904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.201683044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.201718092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.201760054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.201796055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.201818943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.201855898 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.201891899 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.201895952 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.201925993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.201958895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.201992989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.202039003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.202080965 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.202114105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.202150106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.202171087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.202205896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.202240944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.202275991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.202286005 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.202310085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.202347040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.202382088 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.202415943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.202451944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.202486992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.202521086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.202557087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.202579975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.202615023 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.202651024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.202682972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.202701092 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.202713966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.202750921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.202781916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.202814102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.202843904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.202876091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.202905893 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.202939987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.202972889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.203022957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.203056097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.203094006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.203130007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.203164101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.203201056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.203201056 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.203237057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.203270912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.203304052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.203340054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.203375101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.203412056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.203447104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.203480959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.203514099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.203546047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.203582048 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.203618050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.203622103 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.203654051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.203690052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.203725100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.203758955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.203792095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.203829050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.203864098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.203901052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.203937054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.203969955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.204004049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.204037905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.204056978 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.204075098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.204111099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.204147100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.204178095 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.204183102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.204215050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.204224110 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.204252005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.204260111 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.204288960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.204297066 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.204324007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.204358101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.204396963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.204432011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.204472065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.204507113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.204746962 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.204793930 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.204828978 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.204862118 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.204896927 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.204932928 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.204968929 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.205009937 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.205044985 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.205080032 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.205115080 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.205147982 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.205182076 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.205216885 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.205254078 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.226254940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.226321936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.226372957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.226438046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.226497889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.226553917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.226598978 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.226608038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.226634979 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.226658106 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.226659060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.226685047 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.226708889 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.226762056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.226819038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.226878881 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.226919889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.227027893 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.227072954 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.227124929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.227137089 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.227166891 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.227180958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.227188110 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.227207899 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.227226973 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.227236986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.227248907 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.227271080 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.227293968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.227296114 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.227323055 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.227349043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.227401972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.227444887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.227504015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.227557898 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.227616072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.227674007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.227714062 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.227734089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.227744102 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.227767944 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.227787018 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.227792978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.227804899 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.227828026 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.227847099 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.227850914 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.227864981 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.227895021 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.227909088 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.227915049 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.227982044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.228039980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.228096008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.228152037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.228205919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.228250980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.228283882 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.228286982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.228313923 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.228332043 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.228338003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.228349924 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.228369951 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.228384018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.228389025 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.228406906 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.228426933 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.228436947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.228446007 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.228467941 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.228473902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.228511095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.228542089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.228579044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.228598118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.228642941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.228657961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.228688002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.228719950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.228753090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.228789091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.228802919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.228831053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.228863001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.228888035 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.228893995 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.228914976 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.228925943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.228931904 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.228950977 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.228960991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.228971958 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.228991032 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.228996038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.229011059 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.229029894 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.229031086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.229048014 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.229064941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.229068041 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.229089975 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.229101896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.229108095 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.229129076 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.229135990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.229147911 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.229166985 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.229175091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.229199886 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.229208946 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.229221106 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.229239941 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.229243040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.229274035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.229310036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.229346037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.229378939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.229420900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.229459047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.229496956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.229517937 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.229557037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.229576111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.229612112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.229635000 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.229645967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.229670048 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.229682922 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.229688883 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.229715109 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.229718924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.229737997 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.229751110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.229757071 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.229780912 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.229784012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.229804993 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.229815960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.229824066 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.229851007 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.229852915 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.229875088 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.229885101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.229893923 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.229918957 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.229919910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.229943991 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.229953051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.229962111 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.229988098 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.229989052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.230011940 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.230022907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.230036020 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.230060101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.230062962 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.230083942 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.230097055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.230107069 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.230129957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.230168104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.230202913 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.230237007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.230273008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.230294943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.230335951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.230355024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.230392933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.230416059 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.230451107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.230489016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.230508089 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.230525017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.230537891 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.230559111 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.230559111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.230582952 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.230592012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.230602980 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.230623007 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.230624914 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.230645895 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.230660915 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.230664968 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.230686903 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.230695963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.230710030 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.230730057 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.230731964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.230748892 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.230766058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.230772018 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.230793953 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.230801105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.230813026 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.230834961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.230837107 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.230859041 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.230878115 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.230878115 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.230906963 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.230926037 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.230932951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.230946064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.230947971 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.230974913 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.230987072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.231028080 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.231050968 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.231079102 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.231100082 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.231103897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.231168985 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.231215000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.231259108 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.231302977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.231360912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.231410027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.231455088 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.231498957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.231544971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.231590033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.231609106 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.231633902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.231652021 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.231681108 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.231681108 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.231709957 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.231728077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.231739044 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.231770992 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.231775045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.231795073 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.231817961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.231823921 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.231847048 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.231864929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.231868029 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.231894970 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.231914043 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.231914997 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.231930971 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.231952906 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.231956005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.231972933 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.231991053 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.231997013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.232012987 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.232032061 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.232037067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.232048988 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.232074022 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.232079029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.232093096 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.232110023 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.232120037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.232131958 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.232152939 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.232160091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.232171059 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.232201099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.232244968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.232273102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.232355118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.232383966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.232424974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.232465029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.232503891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.232544899 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.232599974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.232599020 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.232624054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.232645988 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.232670069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.232671022 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.232701063 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.232717037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.232722998 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.232741117 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.232764006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.232774019 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.232804060 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.232820034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.232825994 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.232850075 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.232866049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.232871056 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.232888937 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.232913971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.232914925 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.232938051 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.232963085 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.232970953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.232991934 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.233026028 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.233026028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.233047009 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.233069897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.233078957 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.233100891 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.233117104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.233122110 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.233144999 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.233167887 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.233171940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.233213902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.233267069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.233290911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.233338118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.233390093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.233438969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.233484030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.233535051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.233578920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.233620882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.233663082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.233706951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.233750105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.233788967 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.233793974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.233828068 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.233844995 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.233849049 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.233870029 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.233891010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.233903885 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.233933926 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.233937979 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.233958006 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.233985901 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.233989000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.234014034 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.234030008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.234035969 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.234060049 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.234076977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.234082937 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.234102011 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.234123945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.234132051 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.234152079 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.234169960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.234174013 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.234198093 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.234220028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.234225035 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.234253883 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.234282017 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.234323025 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.234359980 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.234385014 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.234405994 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.234436035 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.234460115 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.235069990 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.235121012 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.235157013 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.235182047 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.235208988 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.235238075 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.235270023 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.235295057 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.235316992 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.235343933 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.235378027 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.255933046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.255995989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.256051064 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.256067038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.256102085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.256155968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.256174088 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.256211042 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.256270885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.256333113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.256370068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.256427050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.256488085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.256525993 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.256531000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.256566048 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.256612062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.256655931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.256692886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.256732941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.256767035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.256783962 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.256799936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.256829023 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.256839991 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.256856918 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.256889105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.256921053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.256967068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.257000923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.257029057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.257060051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.257108927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.257144928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.257186890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.257219076 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.257249117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.257283926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.257312059 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.257347107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.257380962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.257385969 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.257432938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.257461071 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.257491112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.257524967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.257561922 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.257599115 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.257628918 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.257671118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.257714033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.257746935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.257786989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.257822037 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.257827997 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.257868052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.257905960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.257941008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.257992983 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.258047104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.258080006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.258122921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.258162022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.258193016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.258229017 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.258236885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.258269072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.258322001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.258364916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.258398056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.258430958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.258471966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.258502960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.258555889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.258610964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.258627892 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.258663893 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.258717060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.258766890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.258824110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.258889914 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.258922100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.258975983 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.259042978 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.259059906 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.259125948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.259177923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.259228945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.259279966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.259340048 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.259382963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.259427071 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.259449005 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.259474039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.259515047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.259551048 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.259603977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.259653091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.259697914 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.259731054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.259763002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.259793043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.259823084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.259848118 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.259855032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.259879112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.259912968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.259944916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.259975910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.260015965 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.260031939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.260066032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.260096073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.260127068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.260160923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.260190964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.260222912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.260224104 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.260256052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.260293007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.260325909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.260355949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.260391951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.260431051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.260448933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.260479927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.260508060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.260538101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.260575056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.260597944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.260605097 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.260629892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.260663033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.260694981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.260725975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.260757923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.260792971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.260813951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.260886908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.260916948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.260948896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.260978937 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.261003017 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.261013985 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.261060953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.261075020 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.261109114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.261142015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.261174917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.261205912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.261251926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.261270046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.261301994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.261333942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.261367083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.261389017 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.261398077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.261429071 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.261465073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.261498928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.261534929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.261554956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.261591911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.261610985 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.261641979 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.261672020 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.261703014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.261738062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.261769056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.261790037 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.261809111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.261825085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.261857986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.261888027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.261920929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.261954069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.261986971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.262017012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.262048006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.262082100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.262111902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.262145042 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.262166023 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.262177944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.262209892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.262240887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.262273073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.262304068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.262339115 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.262367010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.262398005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.262419939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.262449980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.262474060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.262502909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.262532949 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.262540102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.262557030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.262593031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.262626886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.262660980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.262691975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.262726068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.262756109 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.262790918 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.262821913 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.262854099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.262883902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.262916088 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.262928963 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.262948990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.262972116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.263417959 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.263464928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.264153957 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.285264015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.285346031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.285377979 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.285404921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.285479069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.285516024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.285568953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.285624981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.285676003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.285728931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.285782099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.285836935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.285866022 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.285891056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.285943031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.285974979 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.286026955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.286077023 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.286103010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.286155939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.286206961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.286258936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.286283970 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.286314011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.286365986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.286417007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.286468029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.286501884 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.286555052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.286597013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.286645889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.286670923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.286700964 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.286720037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.286768913 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.286801100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.286851883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.286890984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.286927938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.286992073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.287087917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.287132978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.287134886 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.287172079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.287205935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.287241936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.287276030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.287309885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.287347078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.287379980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.287412882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.287436962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.287472963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.287512064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.287530899 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.287554979 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.287564039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.287596941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.287628889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.287661076 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.287692070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.287724018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.287763119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.287796974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.287830114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.287863016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.287895918 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.287928104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.287960052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.287974119 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.287992001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.288027048 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.288055897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.288089037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.288120985 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.288151979 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.288233995 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.288265944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.288297892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.288330078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.288361073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.288371086 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.288393021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.288424969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.288456917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.288490057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.288521051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.288552999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.288583994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.288615942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.288649082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.288680077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.288712025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.288743973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.288769007 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.288780928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.288815975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.288846970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.288878918 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.288911104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.288942099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.288978100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.288995028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.289028883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.289062977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.289094925 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.289129972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.289163113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.289167881 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.289195061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.289227009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.289258003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.289289951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.289324999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.289371967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.289381981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.289417982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.289450884 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.289482117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.289515972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.289550066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.289583921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.289586067 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.289621115 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.289654970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.289689064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.289721966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.289767981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.289782047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.289819002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.289855957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.289890051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.289923906 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.289958954 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.290003061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.290019989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.290030003 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.290051937 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.290085077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.290117025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.290150881 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.290184975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.290220022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.290256977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.290292025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.290324926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.290363073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.290395975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.290431023 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.290457964 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.290467024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.290501118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.290534973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.290575027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.290606976 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.290638924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.290672064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.290723085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.290735006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.290751934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.290785074 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.290817976 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.290852070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.290868044 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.290884972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.290918112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.290950060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.290992022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.291054964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.291090012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.291124105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.291270018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.291302919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.291335106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.291368008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.291382074 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.291405916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.291436911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.291466951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.291501045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.291534901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.291567087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.291615963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.291625977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.291660070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.291696072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.291731119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.291769028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.291805983 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.292809963 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.416205883 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.437968969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.438069105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.438126087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.438182116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.438235998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.438290119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.438345909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.438373089 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.438380957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.438431025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.438498974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.438587904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.438659906 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.438743114 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.438749075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.438805103 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.438853979 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.438914061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.438956022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.439058065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.439155102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.439239025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.439277887 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.439294100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.439325094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.439357042 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.439433098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.439521074 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.439574003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.439650059 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.439740896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.439806938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.439825058 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.439866066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.439867020 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.439944983 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.440013885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.440069914 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.440129995 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.440188885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.440234900 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.440464973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.440517902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.440565109 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.440613031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.440659046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.440676928 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.440717936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.440768957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.440808058 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.440814972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.440861940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.440913916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.440963030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.441013098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.441044092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.441082954 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.441131115 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.441179991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.441225052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.441273928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.441325903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.441373110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.441378117 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.441425085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.441452026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.441498041 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.441546917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.441593885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.441652060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.441699982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.441747904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.441793919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.441834927 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.441839933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.441890001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.441939116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.441998005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.442047119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.442094088 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.442147017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.442189932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.442235947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.442249060 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.442281961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.442327023 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.442369938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.442415953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.442461967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.442504883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.442549944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.442595005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.442637920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.442684889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.442689896 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.442732096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.442775011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.442817926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.442859888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.442908049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.442951918 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.443011045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.443057060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.443099976 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.443135023 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.443147898 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.443193913 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.443237066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.443281889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.443326950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.443370104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.443414927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.443459988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.443511009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.443542957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.443589926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.443603992 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.443645000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.443674088 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.443722963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.443768978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.443814993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.443861008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.443908930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.443955898 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.444005013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.444026947 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.444051027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.444098949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.444148064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.444201946 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.444253922 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.444283009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.444334984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.444380045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.444426060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.444470882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.444514036 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.444519997 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.444571972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.444600105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.444649935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.444708109 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.444741964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.444789886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.444835901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.444880962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.444921970 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.444928885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.444977045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.445012093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.445058107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.445103884 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.445147991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.445197105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.445255041 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.445285082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.445334911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.445386887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.445384026 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.445417881 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.445466995 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.445516109 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.445561886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.445607901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.445652962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.445703030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.445746899 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.445794106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.445839882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.445883989 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.445898056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.445933104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.445977926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.446027040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.446077108 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.446124077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.446168900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.446216106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.446263075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.446310043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.446358919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.446408033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.446428061 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.446492910 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.446544886 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.446592093 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.447447062 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.447520971 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.468308926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.468384981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.468446016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.468507051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.468560934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.468621016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.468688011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.468703032 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.468734980 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.468749046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.468753099 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.468769073 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.468796968 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.468816042 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.468836069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.468879938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.468945980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.468970060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.469053984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.469094038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.469157934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.469173908 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.469192982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.469213009 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.469230890 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.469238043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.469248056 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.469264984 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.469280005 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.469299078 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.469299078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.469317913 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.469343901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.469383001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.469425917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.469485044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.469546080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.469587088 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.469625950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.469665051 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.469690084 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.469703913 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.469707012 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.469722986 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.469739914 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.469753027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.469755888 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.469772100 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.469788074 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.469810963 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.469813108 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.469835043 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.469861031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.469904900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.469940901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.469997883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.470046043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.470062971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.470117092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.470155954 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.470189095 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.470191956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.470216036 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.470227003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.470232010 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.470249891 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.470263004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.470266104 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.470285892 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.470302105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.470303059 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.470320940 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.470339060 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.470340014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.470355988 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.470377922 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.470382929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.470421076 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.470457077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.470491886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.470527887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.470567942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.470604897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.470643997 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.470700979 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.470726013 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.470741987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.470746994 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.470762968 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.470776081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.470777035 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.470793009 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.470807076 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.470812082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.470822096 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.470839024 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.470844984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.470854044 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.470870972 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.470885038 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.470890045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.470900059 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.470916033 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.470937014 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.470938921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.470974922 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.471045017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.471084118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.471127033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.471168995 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.471195936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.471216917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.471317053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.471358061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.471395016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.471437931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.471472025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.471506119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.471538067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.471549988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.471556902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.471564054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.471570969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.471577883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.471601963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.471625090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.471688986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.471729040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.471740007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.471767902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.471807003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.471817970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.471853018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.471863031 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.471868038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.471896887 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.471946955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.471956968 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.471975088 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.471992970 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.471997976 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.472016096 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.472026110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.472034931 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.472055912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.472057104 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.472083092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.472090960 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.472110987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.472114086 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.472126961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.472138882 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.472170115 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.472198009 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.472202063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.472229004 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.472239017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.472251892 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.472275019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.472284079 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.472313881 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.472313881 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.472348928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.472383976 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.472394943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.472433090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.472471952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.472511053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.472549915 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.472585917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.472635031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.472651005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.472676039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.472700119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.472739935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.472752094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.472853899 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.472887993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.472919941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.472950935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.472982883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.473014116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.473050117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.473086119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.473120928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.473155022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.473197937 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.473215103 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.473252058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.473288059 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.473323107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.473356962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.473392010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.473424911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.473459005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.473491907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.473530054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.473654032 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.473685026 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.473706961 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.473728895 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.473748922 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.473764896 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.473782063 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.473798990 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.473905087 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.473927975 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.473953962 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.473984957 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474035978 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474065065 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474085093 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474102020 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474118948 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474136114 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474152088 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474168062 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474184990 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474201918 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474219084 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474236012 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474251986 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474270105 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474286079 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474303007 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474319935 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474337101 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474354029 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474437952 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474478006 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474498034 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474514961 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474531889 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474549055 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474565983 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474730968 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474754095 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474771976 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474791050 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474808931 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474826097 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474850893 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474869013 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474885941 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474901915 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474919081 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474935055 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.474951982 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.475056887 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.475080967 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.475109100 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.475126028 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.475146055 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.475166082 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.475182056 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.475198984 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.475220919 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.475238085 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.475265980 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.475285053 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.475301027 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.475336075 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.495343924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.495409966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.495456934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.495492935 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.495507002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.495564938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.495626926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.495663881 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.495703936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.495744944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.495785952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.495846987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.495887041 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.495889902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.495913029 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.495934010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.495934963 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.495954037 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.495978117 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.495995045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.496001959 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.496021986 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.496036053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.496047974 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.496068954 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.496094942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.496133089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.496201038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.496268034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.496330023 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.496398926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.496426105 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.496449947 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.496455908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.496470928 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.496490955 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.496507883 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.496525049 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.496527910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.496550083 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.496567011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.496570110 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.496587038 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.496611118 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.496629000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.496685982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.496747017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.496825933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.496860027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.496900082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.496929884 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.496949911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.496952057 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.496968031 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.497013092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.497097969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.497149944 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.497164011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.497186899 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.497221947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.497301102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.497355938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.497400999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.497464895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.497495890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.497553110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.497584105 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.497590065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.497646093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.497682095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.497715950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.497750998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.497786999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.497821093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.497854948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.497890949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.497922897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.497926950 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.497957945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.497994900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.498030901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.498065948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.498097897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.498133898 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.498172045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.498204947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.498238087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.498266935 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.498270988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.498303890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.498337030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.498374939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.498409033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.498440981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.498473883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.498506069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.498538971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.498575926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.498610020 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.498609066 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.498646021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.498677969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.498711109 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.498743057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.498775959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.498809099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.498847008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.498879910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.498914957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.498946905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.498954058 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.498991013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.499639988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.499686003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.499712944 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.499717951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.499748945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.499782085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.499810934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.499845982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.499861956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.499878883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.499911070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.499941111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.499969959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.499999046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.500030994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.500061035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.500087023 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.500089884 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.500123024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.500158072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.500188112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.500217915 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.500247002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.500274897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.500303984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.500333071 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.500360966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.500390053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.500422955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.500452995 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.500458956 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.500485897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.500515938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.500554085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.500567913 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.500581980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.500612974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.500641108 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.500669003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.500696898 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.500725985 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.500756979 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.500786066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.500804901 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.500823021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.500853062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.500874996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.500906944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.500946999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.501003981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.501040936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.501065969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.501087904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.501105070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.501126051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.501142979 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.501148939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.501153946 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.501161098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.501523972 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.502713919 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.522794962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.522886038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.522932053 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.522953033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.523061991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.523125887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.523196936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.523260117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.523315907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.523367882 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.523370981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.523422003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.523483992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.523531914 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.523580074 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.523627043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.523674011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.523720980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.523768902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.523817062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.523819923 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.523864985 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.523912907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.523960114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.524014950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.524040937 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.524086952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.524135113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.524184942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.524235010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.524282932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.524331093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.524383068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.524388075 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.524431944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.524480104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.524524927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.524569035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.524612904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.524656057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.524701118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.524746895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.524786949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.524828911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.524863958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.524892092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.524929047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.524954081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.525024891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.525198936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.525262117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.525316000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.525361061 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.525367975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.525410891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.525466919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.525520086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.525573015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.525625944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.525681973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.525737047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.525791883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.525846004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.525883913 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.525921106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.525949955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.526010036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.526019096 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.526067972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.526133060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.526149988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.526190996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.526240110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.526287079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.526333094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.526372910 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.526380062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.526426077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.526477098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.526524067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.526571035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.526618004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.526664019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.526710987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.526751995 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.526757956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.526803970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.526853085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.526901007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.526947021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.527004004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.527065039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.527087927 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.527142048 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.527198076 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.527254105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.527309895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.527364969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.527420044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.527455091 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.527481079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.527692080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.527775049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.527837992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.527847052 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.527863026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.527971983 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.528021097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.528069019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.528122902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.528168917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.528198957 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.528217077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.528270960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.528296947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.528352022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.528404951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.528455973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.528512001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.528564930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.528616905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.528670073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.528702021 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.528731108 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.528786898 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.528841972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.528896093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.528950930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.529006004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.529026985 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.529071093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.529126883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.529181957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.529237032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.529292107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.529351950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.529370070 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.529378891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.529443979 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.529470921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.529522896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.529571056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.529618979 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.529664993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.529694080 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.529723883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.529768944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.529812098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.529867887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.529937983 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.529983044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.530038118 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.530045986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.530108929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.530175924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.530246973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.531048059 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.551857948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.551923037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.551980972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.552037001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.552072048 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.552083969 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.552124977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.552167892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.552229881 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.552263975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.552324057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.552409887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.552468061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.552479029 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.552505970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.552557945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.552613020 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.552671909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.552726030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.552782059 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.552834988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.552848101 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.552886963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.552947044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.552999973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.553045988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.553086996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.553117037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.553154945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.553394079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.553452015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.553483963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.553535938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.553586960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.553632021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.553672075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.553709030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.553740978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.553792953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.553848028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.553886890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.553916931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.553955078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.553991079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.554022074 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.554053068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.554084063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.554116011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.554145098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.554177999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.554207087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.554239035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.554267883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.554300070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.554328918 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.554359913 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.554397106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.554425955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.554455042 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.554483891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.554512978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.554548979 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.554579020 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.554608107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.554636955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.554666996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.554708958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.554723024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.554753065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.554781914 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.554811001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.554841995 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.554871082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.554902077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.554932117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.554963112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.555120945 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.555497885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.555545092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.555583000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.555623055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.555660009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.555706978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.555726051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.555748940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.555785894 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.555823088 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.555859089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.555897951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.555944920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.555990934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.556027889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.556063890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.556103945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.556147099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.556165934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.556207895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.556241035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.556279898 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.556313038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.556345940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.556377888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.556411028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.556443930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.556480885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.556514025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.556552887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.556586027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.556619883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.556653023 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.556695938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.556731939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.556767941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.556803942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.556840897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.556869030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.556907892 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.556910992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.556946993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.556967020 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.556982994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.557025909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.557049036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.557082891 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.557087898 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.557126999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.557167053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.557204962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.557235956 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.557245016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.557284117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.557301044 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.557324886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.557368994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.557408094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.557421923 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.557445049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.557482004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.557518005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.557557106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.557595968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.557634115 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.557672024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.557708979 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.557744026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.557779074 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.557799101 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.557820082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.557857037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.557892084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.558264971 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.579490900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.579586983 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.579643011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.579680920 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.579696894 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.579749107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.579832077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.579885960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.579941034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.579986095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.580053091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.580115080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.580142975 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.580169916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.580233097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.580296040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.580374956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.580436945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.580501080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.580564022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.580564976 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.580621004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.580677032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.580753088 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.580812931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.580873966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.580935001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.580998898 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.581011057 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.581049919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.581119061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.581156969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.581213951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.581238031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.581311941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.581362963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.581413984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.581427097 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.581465960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.581523895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.581562996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.581599951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.581635952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.581671953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.581711054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.581748009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.581785917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.581824064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.581860065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.581897020 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.581908941 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.581931114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.581971884 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.582010031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.582046986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.582088947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.582124949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.582161903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.582201004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.582236052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.582278013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.582309961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.582344055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.582346916 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.582379103 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.582417011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.582449913 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.582483053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.582515001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.582549095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.582581997 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.582618952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.582652092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.582685947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.582719088 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.582756042 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.582794905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.582801104 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.582838058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.582880020 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.582916021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.582952023 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.583010912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.583051920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.583090067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.583125114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.583169937 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.583185911 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.583210945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.583236933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.583271980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.583321095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.583362103 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.583396912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.583436012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.583472967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.583511114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.583547115 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.583583117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.583604097 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.583626032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.583662987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.583703041 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.583740950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.583779097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.583816051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.583853006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.583894014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.583930969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.583966970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.583992958 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.584002972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.584043980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.584079981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.584115982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.584155083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.584193945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.584230900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.584269047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.584315062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.584332943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.584345102 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.584376097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.584414005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.584454060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.584490061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.584525108 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.584561110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.584599018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.584638119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.584678888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.584702015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.584739923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.584748030 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.584783077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.584820032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.584857941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.584896088 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.584932089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.584968090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.585004091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.585042953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.585081100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.585117102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.585150003 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.585158110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.585192919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.585230112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.585267067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.585304976 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.585341930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.585377932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.585416079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.585511923 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.607139111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.607203007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.607295036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.607331991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.607378960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.607429981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.607467890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.607475042 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.607503891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.607538939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.607578039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.607615948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.607651949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.607687950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.607723951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.607763052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.607795954 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.607829094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.607857943 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.608743906 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:39.857575893 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:39.857750893 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.035387039 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.057117939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.057177067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.057223082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.057256937 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.057286024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.057354927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.057492018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.057540894 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.057651997 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.057796955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.057842970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.057885885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.057923079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.057960033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.058003902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.058197021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.058227062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.058254957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.058283091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.058310986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.058339119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.058367014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.058396101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.058423996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.058451891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.058480024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.058507919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.058536053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.058562994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.058590889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.058644056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.058677912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.058768988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.059041977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.059071064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.059103012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.059158087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.059215069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.059261084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.059305906 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.059350014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.059382915 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.059432030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.059468985 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.059510946 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.059551001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.059587002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.059669971 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.059715033 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.059727907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.059783936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.059823036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.059864044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.059916019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.059959888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.059983969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.060020924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.060050011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.060081959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.060116053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.060148001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.060177088 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.060204983 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.060235977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.060267925 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.060300112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.060333014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.060364962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.060396910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.060429096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.060460091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.060492992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.060525894 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.060556889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.060589075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.060621023 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.060652971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.060684919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.060715914 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.060748100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.060779095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.060811043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.060842991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.060873985 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.060905933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.060936928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.060969114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.061001062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.061033010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.061064959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.061096907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.061129093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.061161041 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.061192989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.061224937 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.061255932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.061288118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.061320066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.061352015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.061383963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.061414957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.061446905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.061479092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.061511040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.061542988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.061574936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.061605930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.061640024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.061671972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.061702967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.061734915 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.061767101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.061798096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.061830997 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.061872005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.061903954 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.061935902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.061968088 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.062000036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.062031984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.062063932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.062096119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.062129021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.062160015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.062191963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.062223911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.062254906 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.062287092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.062319040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.062350988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.062381983 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.062413931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.062447071 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.062479019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.062510014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.062542915 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.062575102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.062607050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.062638998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.062670946 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.062704086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.062736034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.062767029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.063254118 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.063384056 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.063535929 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.063590050 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.084459066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.084547043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.084639072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.084688902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.084744930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.084793091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.084840059 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.084872007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.084906101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.084938049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.084990025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.085042953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.085077047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.085129976 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.085182905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.085223913 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.085258961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.085330963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.085385084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.085438013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.085493088 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.085540056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.085581064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.085614920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.085666895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.085721016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.085772038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.085851908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.085905075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.085958004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.086013079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.086055040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.086107016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.086152077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.086196899 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.086234093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.086280107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.086313963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.086345911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.086378098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.086410999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.086442947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.086476088 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.086508036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.086540937 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.086572886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.086605072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.086637020 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.086668968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.086700916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.086733103 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.086765051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.086796999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.086832047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.086869955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.086903095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.086935997 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.086967945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.087037086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.087084055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.087129116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.087162018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.087193966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.087224960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.087256908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.087290049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.087318897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.087332010 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.087347984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.087404966 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.087449074 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.087579012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.087610960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.087651014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.087665081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.087704897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.087726116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.087764978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.087796926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.087809086 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.087829113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.087862968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.087894917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.087925911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.087958097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.088012934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.088196993 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.088247061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.088282108 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.088313103 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.088344097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.088375092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.088404894 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.088434935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.088464975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.088495016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.088530064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.088560104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.088593960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.088614941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.088635921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.088655949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.088692904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.088712931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.088740110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.088762045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.088951111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.088982105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.089013100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.089046001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.089075089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.089106083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.089135885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.089165926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.089195967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.089226007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.089256048 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.089286089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.089317083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.089348078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.089378119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.089546919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.089580059 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.089601994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.089622974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.089643955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.089665890 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.089761972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.089795113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.089834929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.089869022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.089903116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.089935064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.089967012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.089999914 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.090034008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.090065956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.090091944 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.090096951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.090131998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.090171099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.090205908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.090240002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.090277910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.090293884 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.090322971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.090353966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.090383053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.090516090 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.112000942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.112080097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.112114906 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.112153053 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.112164021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.112210989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.112258911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.112438917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.112567902 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.112596035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.112638950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.112668037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.112709045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.112735987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.112776995 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.112821102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.112847090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.112890005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.113070011 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.113182068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.113234997 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.113272905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.113289118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.113326073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.113367081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.113394022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.113436937 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.113476992 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.113481045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.113770962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.113795996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.113828897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.113852978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.113877058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.113909006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.113913059 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.113949060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.113979101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.114006042 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.114032030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.114063025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.114075899 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.114311934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.114340067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.114372015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.114398956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.114424944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.114451885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.114478111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.114495039 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.114504099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.114531040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.114554882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.114583015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.114609003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.114634991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.114660978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.114689112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.114706039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.114726067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.114742041 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.114948034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.114974022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.115040064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.115068913 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.115096092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.115122080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.115148067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.115164995 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.115174055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.115200996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.115230083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.115256071 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.115282059 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.115313053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.115329981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.115344048 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.115701914 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.115746975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.115791082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.115833998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.115843058 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.115879059 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.115926981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.115955114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.116250992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.116295099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.116338968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.116358042 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.116383076 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.116424084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.116487980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.116548061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.116580963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.116614103 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.116640091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.116667032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.116750956 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.117022991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.117093086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.117125034 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.117136955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.117342949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.117393970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.117443085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.117481947 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.117491007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.117532969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.117584944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.117634058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.117871046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.117919922 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.117966890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.117971897 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.118016958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.118065119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.118113041 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.118160009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.118206978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.118257046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.118284941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.118459940 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.118565083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.118614912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.118658066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.118701935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.118745089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.118789911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.118820906 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.118834972 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.118851900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.118881941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.118916035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.118978977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.119209051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.119255066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.119299889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.119329929 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.119704008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.119769096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.119802952 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.119815111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.119865894 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.119889021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.120234966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.120275974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.120289087 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.120316029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.120357037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.120404005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.120448112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.120806932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.120853901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.120901108 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.120944023 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.120948076 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.120992899 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.121341944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.121367931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.121417999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.121459961 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.122772932 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.143313885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.143368959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.143433094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.143461943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.143526077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.143593073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.143687010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.143749952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.143809080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.143872023 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.143925905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.144217014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.144279957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.144342899 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.144424915 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.144463062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.144515991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.144577980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.144639969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.144690037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.145056963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.145121098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.145175934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.145214081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.145251036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.145288944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.145328045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.145359039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.145397902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.145441055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.145468950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.145512104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.145540953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.145593882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.145723104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.145834923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.145873070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.145910978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.145946980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.145982981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.146020889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.146058083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.146095037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.146131992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.146169901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.146212101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.146243095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.146275997 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.146308899 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.146337986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.146368980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.146415949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.146441936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.146473885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.146503925 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.146594048 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.146697998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.146735907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.146773100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.146806002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.146842957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.146881104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.146919012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.146966934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.147037983 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.147073984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.147160053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.147228003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.147250891 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.147278070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.147288084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.147342920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.147373915 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.147403955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.147492886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.147541046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.147572994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.147610903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.147646904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.147681952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.147716999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.147717953 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.147775888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.147792101 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.147813082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.147840023 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.147907972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.147932053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.147960901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.148046017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.148072958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.148154974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.148189068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.148224115 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.148245096 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.148258924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.148294926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.148329973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.148387909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.148422956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.148457050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.148490906 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.148554087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.148581982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.148607016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.148668051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.148695946 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.148724079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.148750067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.148755074 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.148818016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.148842096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.148868084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.148893118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.148988008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.149022102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.149070024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.149097919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.149127007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.149149895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.149171114 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.149178982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.149269104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.149338961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.149388075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.149415016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.149457932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.149476051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.149512053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.149534941 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.149553061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.149605989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.149625063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.149719954 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.149759054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.149822950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.149843931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.149910927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.149955034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.149993896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.150003910 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.150027990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.150053024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.150060892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.150079012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.150115967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.150151014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.150194883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.150238037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.150255919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.150762081 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.171956062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.172019005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.172036886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.172079086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.172203064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.172246933 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.172297955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.172365904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.172436953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.172492027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.172578096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.172661066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.172707081 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.173027992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.173089027 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.173120022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.173163891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.173226118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.173288107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.173357964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.173412085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.173472881 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.173501015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.173554897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.173558950 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.173598051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.173664093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.173681974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.173773050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.173835993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.173877954 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.173918009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.173938990 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.173959017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.173999071 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.174040079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.174079895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.174120903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.174160957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.174201965 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.174242973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.174283028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.174314976 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.174324036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.174365044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.174405098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.174446106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.174485922 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.174525976 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.174566984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.174607038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.174649954 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.174689054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.174715996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.174730062 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.174930096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.174969912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.175049067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.175098896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.175113916 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.175122976 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.175163031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.175204992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.175246000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.175286055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.175543070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.175585032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.175626040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.175673008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.175677061 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.175714016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.175755978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.175796986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.175837994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.175879002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.175920010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.175964117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.176073074 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.176223993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.176290989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.176337957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.176379919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.176422119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.176467896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.176520109 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.176525116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.176542997 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.176584959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.176826954 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.176868916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.176909924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.176950932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.176959991 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.176995993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.177037001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.177077055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.177134037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.177181005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.177226067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.177272081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.177397013 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.177531004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.177582979 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.177634954 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.177680969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.177701950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.177736998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.177772045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.177809000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.177817106 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.177848101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.177901983 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.177939892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.178163052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.178205967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.178239107 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.178244114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.178282022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.178320885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.178359032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.178396940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.178436995 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.178484917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.178504944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.178534985 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.178582907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.178622961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.178657055 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.178668976 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.178705931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.178709030 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.178744078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.178771019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.178775072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.178787947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.178792953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.178816080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.179101944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.179128885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.179220915 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.179224014 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.179269075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.179315090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.179330111 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.179368019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.179416895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.179461002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.179506063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.179552078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.179595947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.179641008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.179685116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.179729939 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.179878950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.179903984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.179976940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.180023909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.180069923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.180119991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.180144072 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.180169106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.180212975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.180977106 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.202078104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.202260017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.202394009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.202438116 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.202457905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.202564001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.202676058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.202728987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.202917099 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.203044891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.203119993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.203191042 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.203259945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.203330040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.203382015 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.203385115 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.203432083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.203483105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.203531981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.203581095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.203649998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.203700066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.203728914 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.203749895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.203798056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.203845978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.203901052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.203958988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.203985929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.204037905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.204071999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.204090118 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.204127073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.204402924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.204476118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.204477072 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.204545021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.204597950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.204642057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.204694986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.204746008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.204791069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.204833984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.204874992 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.204883099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.204972029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.205030918 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.205055952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.205084085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.205128908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.205159903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.205189943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.205214977 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.205221891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.205295086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.205343008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.205389977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.205419064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.205451965 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.205482960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.205512047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.205579996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.205584049 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.205658913 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.205703020 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.205744028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.205784082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.205825090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.205867052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.205925941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.205944061 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.205969095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.206008911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.206073999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.206166983 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.206214905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.206304073 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.453583002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.453682899 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.456880093 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.478526115 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.478569031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.478612900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.478637934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.478665113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.478688002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.478709936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.478733063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.478755951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.478781939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.478805065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.478825092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.478847980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.478879929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.478904963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.478940010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.478961945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.478967905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.478987932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.479022026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.479038000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.479052067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.479074001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.479096889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.479123116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.479146957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.479171991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.479208946 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.479257107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.479283094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.479309082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.479334116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.479358912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.479377985 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.479491949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.479505062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.479552984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.479578018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.479604006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.479629040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.479654074 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.479687929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.479702950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.479712963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.479734898 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.479756117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.479775906 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.479805946 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.479814053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.479829073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.479863882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.479903936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.479942083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.479971886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.479994059 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.480016947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.480040073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.480046988 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.480067015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.480083942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.480099916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.480114937 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.480130911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.480153084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.480187893 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.480201006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.480267048 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.480293036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.480308056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.480355024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.480381012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.480406046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.480421066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.480464935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.480503082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.480541945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.480566025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.480590105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.480612040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.480634928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.480659962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.480693102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.480695009 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.480707884 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.480729103 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.480739117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.480773926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.480798960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.480827093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.480840921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.480922937 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.480988026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481003046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481051922 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481076956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481100082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481129885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481154919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481179953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481204033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481229067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481254101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481278896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481303930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481328011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481354952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481379986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481378078 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.481405973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481420994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481437922 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481443882 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.481456041 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481472015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481487036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481512070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481537104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481559992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481584072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481690884 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481705904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481723070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481739998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481756926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481770992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481795073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481815100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481837034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481870890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481897116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481923103 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481947899 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481961966 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.481972933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.481997967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.482021093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.482040882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.482064962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.482099056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.482120991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.482146978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.482170105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.482192993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.482285976 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.482300043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.482316971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.482332945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.482355118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.482383966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.482404947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.482841015 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.484194040 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.504132032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.504194975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.504241943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.504283905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.504332066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.504357100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.504403114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.504443884 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.504484892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.504525900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.504568100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.504609108 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.504651070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.504694939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.504741907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.504786015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.504786968 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.504831076 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.504874945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.504919052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.504962921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.505007029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.505050898 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.505094051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.505137920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.505179882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.505223989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.505269051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.505280972 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.505465031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.505522013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.505563021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.505646944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.505687952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.505728960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.505747080 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.505769968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.505816936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.505877972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.505937099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.505978107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.506019115 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.506058931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.506115913 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.506155968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.506196976 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.506237030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.506269932 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.506277084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.506318092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.506357908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.506407022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.506448984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.506640911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.506671906 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.506700039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.506742001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.506783962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.506795883 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.506824970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.506865025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.506927013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.506994009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.507078886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.507152081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.507174015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.507215977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.507265091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.507288933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.507355928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.507426023 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.507489920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.507514000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.507524014 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.507556915 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.507611990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.507667065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.507685900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.507731915 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.507827997 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.507857084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.507935047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.507978916 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.508018970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.508065939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.508111000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.508155107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.508198977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.508241892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.508285046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.508328915 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.508372068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.508414984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.508459091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.508470058 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.508503914 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.508548021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.508590937 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.508634090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.508677959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.508721113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.508764982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.508836031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.508878946 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.508903980 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.508923054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.508968115 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.509011984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.509054899 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.509099007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.509143114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.509195089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.509238958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.509282112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.509325981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.509363890 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.509370089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.509412050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.509454966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.509500980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.509529114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.509798050 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.509821892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.509865999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.509907007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.509947062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.509987116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.510052919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.510128975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.510195017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.510222912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.510255098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.510253906 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.510282993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.510405064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.510534048 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.510582924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.510622978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.510638952 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.510664940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.510706902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.510746956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.510787010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.510828018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.510870934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.510899067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.511027098 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.511074066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.511101961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.511126041 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.511204004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.511238098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.511272907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.511306047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.511339903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.511372089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.511406898 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.511440039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.511462927 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.511847019 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.532984972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.533035994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.533087015 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.533106089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.533159018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.533227921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.533319950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.533365011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.533515930 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.533521891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.533570051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.533637047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.533706903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.533772945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.533824921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.533885002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.533934116 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.533945084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.534022093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.534081936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.534141064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.534208059 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.534250975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.534297943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.534344912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.534348011 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.534416914 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.534461021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.534493923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.534543037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.534589052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.534684896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.534739971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.534765005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.534785986 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.534835100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.534881115 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.534934998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.534960032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.534996033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.535029888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.535048008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.535084963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.535128117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.535164118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.535192013 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.535200119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.535242081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.535268068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.535295963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.535325050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.535351038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.535394907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.535455942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.535506964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.535552979 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.535552025 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.535579920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.535607100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.535633087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.535702944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.535742044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.535780907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.535821915 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.535861015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.535900116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.535938978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.535943985 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.535979033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.536022902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.536062002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.536101103 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.536139011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.536178112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.536216974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.536256075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.536294937 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.536319971 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.536334038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.536379099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.536420107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.536458015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.536493063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.536530018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.536569118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.536593914 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.536698103 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.536721945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.536775112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.536853075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.536875010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.536912918 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.536950111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.536987066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.537025928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.537061930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.537101030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.537137032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.537151098 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.537173986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.537213087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.537245989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.537281990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.537395000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.537422895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.537446022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.537472963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.537507057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.537530899 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.537556887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.537578106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.537590027 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.537625074 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.537651062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.537677050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.537722111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.537780046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.537805080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.537830114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.537879944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.537913084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.537945986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.537981033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.538012981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.538050890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.538075924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.538080931 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.538173914 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.538198948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.538264036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.538300991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.538326025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.538384914 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.538422108 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.538456917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.538489103 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.538491011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.538522959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.538551092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.538583040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.538615942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.538645029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.538677931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.538712978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.538744926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.538779020 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.538814068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.538836956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.538916111 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.538923025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.538942099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.539016008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.539041042 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.539084911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.539125919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.539150953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.539175987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.539200068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.539242029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.539336920 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.560903072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.561007977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.561050892 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.561053038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.561225891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.561348915 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.561431885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.561481953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.561496019 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.561528921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.561592102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.561649084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.561727047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.561791897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.561851978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.561923027 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.561963081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.562012911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.562057018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.562083960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.562237024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.562323093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.562349081 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.562387943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.562449932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.562510014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.562577009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.562627077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.562745094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.562753916 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.562853098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.562880993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.562923908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.562974930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.563028097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.563075066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.563116074 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.563154936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.563160896 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.563199043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.563239098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.563280106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.563316107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.563353062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.563393116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.563436985 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.563462973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.563488007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.563512087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.563544035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.563574076 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.563596964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.563638926 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.563716888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.563772917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.563813925 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.563848019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.563890934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.563915014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.563971043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.563986063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.564037085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.564074039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.564075947 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.564111948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.564151049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.564188957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.564233065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.564271927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.564313889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.564338923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.564376116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.564413071 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.564452887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.564488888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.564512014 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.564539909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.564666986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.564697027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.564713955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.564754009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.564790010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.564832926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.564867973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.564901114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.564918995 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.564934969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.564969063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.565001011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.565036058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.565073013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.565104961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.565138102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.565177917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.565340996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.565391064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.565428972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.565458059 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.565469027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.565510035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.565551043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.565587044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.565632105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.565650940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.565695047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.565731049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.565773010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.565812111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.565886021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.565896034 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.565912008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.566041946 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.566078901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.566116095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.566153049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.566190004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.566231966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.566277027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.566296101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.566329002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.566361904 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.566366911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.566402912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.566442013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.566618919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.566657066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.566694975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.566730022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.566739082 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.566771984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.566809893 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.566845894 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.566883087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.566920996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.566958904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.567024946 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.567069054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.567105055 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.567115068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.567140102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.567167997 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.567193985 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.567219019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.567343950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.567369938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.567374945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.567398071 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.567433119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.567468882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.567504883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.567539930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.567569017 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.567576885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.567614079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.567652941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.567689896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.567727089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.567768097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.567950964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.567991018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.568058968 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.589718103 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.589765072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.589788914 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.589826107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.589848995 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.589885950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.589909077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.589945078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.589987040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.589999914 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.590029955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.590044022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.590156078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.590204000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.590215921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.590296984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.590359926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.590370893 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.590418100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.590455055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.590480089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.590517044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.590540886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.590567112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.590595007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.590626001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.590648890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.590686083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.590708971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.590744972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.590783119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.590802908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.590837955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.590895891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.590913057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.590939045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.591053009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.591139078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.591336012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.591432095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.591475964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.591517925 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.591558933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.591600895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.591603041 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.591644049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.591680050 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.591686964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.591726065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.591763020 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.591799021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.591835022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.591871023 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.591907024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.591943979 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.591979980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.592017889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.592175007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.592221022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.592248917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.592427015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.592463970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.592499971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.592535973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.592572927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.592608929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.592644930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.592680931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.592717886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.592753887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.592789888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.592825890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.592861891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.592897892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.592935085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.592972040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.593014002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.593059063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.593101025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.593142033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.593367100 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.593442917 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.593489885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.593528032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.593564987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.593600988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.593637943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.593681097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.593704939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.593743086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.593789101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.593833923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.593883038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.593899012 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.593907118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.594207048 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.594245911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.594288111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.594325066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.594350100 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.594362020 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.594399929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.594435930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.594471931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.594508886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.594544888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.594582081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.594619036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.594655037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.594691038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.594727039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.594763994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.594808102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.594846010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.594882011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.594923973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.594965935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.595040083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.595127106 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.595191002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.595237017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.595451117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.595495939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.595542908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.595587015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.595630884 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.595660925 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.595674038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.595717907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.595762014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.595810890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.595838070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.595993996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.596039057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.596082926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.596120119 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.596127033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.596169949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.596199036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.596227884 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.596345901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.596386909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.596426964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.596467972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.596508980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.596512079 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.596550941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.596587896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.596628904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.596668959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.596709967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.596750021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.596791029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.596843958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.596889019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.596909046 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.596934080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.597282887 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.619069099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.619384050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.619407892 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.619533062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.619735956 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.619781017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.619857073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.619939089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.620100975 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.620191097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.620260954 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.620332003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.620412111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.620484114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.620493889 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.620552063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.620618105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.620687008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.620760918 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.620835066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.620882988 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.620906115 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.620980024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.621054888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.621125937 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.621206045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.621284008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.621289968 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.621366024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.621421099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.621542931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.621623039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.621721029 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.621853113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.621928930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.621978998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.622050047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.622119904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.622189045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.622200012 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.622261047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.622333050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.622411013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.622484922 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.622565031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.622641087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.622687101 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.622723103 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.622805119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.623042107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.623153925 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.623305082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.623383045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.623461008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.623538017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.623599052 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.623613119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.623688936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.623761892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.623835087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.623923063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.623997927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.624051094 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.624074936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.624290943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.624346018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.624401093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.624516010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.624532938 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.624593973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.624669075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.624744892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.624818087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.624892950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.624933958 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.624968052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.625044107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.625118971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.625200033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.625282049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.625284910 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.625343084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.625396013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.625679016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.625705004 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.625757933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.625833988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.625905037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.625972986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.626044989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.626126051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.626148939 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.626204014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.626279116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.626355886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.626431942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.626514912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.626538038 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.626575947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.626636028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.626683950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.626768112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.626852989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.626908064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.627063990 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.627108097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.627186060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.627263069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.627336025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.627667904 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:40.877536058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:40.877715111 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.213643074 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.235378027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.235430956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.235457897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.235486984 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.235498905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.235527992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.235558987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.235588074 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.235610962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.235646963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.235676050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.235707998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.235732079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.235769987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.235807896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.235831976 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.235869884 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.235893965 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.235898018 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.235934019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.235975027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.236001015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.236037970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.236077070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.236100912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.236139059 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.236172915 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.236197948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.236221075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.236258030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.236298084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.236303091 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.236323118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.236361980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.236399889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.236428022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.236455917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.236481905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.236506939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.236541986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.236579895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.236603975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.236685991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.236706972 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.236712933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.236754894 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.236778975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.236802101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.236830950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.236855030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.236879110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.236911058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.236936092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.236974955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237015963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237040997 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237082005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237091064 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.237112045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237145901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237165928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237200022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237230062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237253904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237287045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237312078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237335920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237360001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237382889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237406969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237430096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237453938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237477064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237487078 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.237502098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237533092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237560034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237584114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237607956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237631083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237653971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237678051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237700939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237725973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237749100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237771988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237796068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237818956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237842083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237865925 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237869024 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.237890005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237915039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237937927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237962008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.237986088 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238013983 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238038063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238061905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238085032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238109112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238132000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238156080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238178968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238202095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238224983 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238241911 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.238249063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238270998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238295078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238320112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238341093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238362074 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238382101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238403082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238424063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238445044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238465071 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238486052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238507032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238528013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238548994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238569975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238590002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238610983 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238636017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238653898 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.238658905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238682032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238704920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238729000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238751888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238775015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238797903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238821983 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238845110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238867998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238892078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238914967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238938093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.238960981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.239001036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.239032984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.239057064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.239080906 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.239104033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.239128113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.239151001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.239152908 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.239176989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.239200115 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.239223003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.239245892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.239269972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.239293098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.239315987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.240109921 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.260898113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.261017084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.261127949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.261203051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.261287928 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.261300087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.261360884 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.261451960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.261523962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.261620045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.261703014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.261723042 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.261789083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.261867046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.261946917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.262044907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.262144089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.262144089 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.262217045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.262275934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.262371063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.262444019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.262506008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.262573957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.262622118 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.262655020 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.262700081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.262742996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.262787104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.262830019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.262872934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.262916088 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.262959003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.263051987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.263057947 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.263102055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.263149023 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.263192892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.263237000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.263279915 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.263323069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.263365984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.263408899 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.263452053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.263494968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.263494968 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.263539076 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.263581991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.263624907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.263669014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.263711929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.263755083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.263797998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.263842106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.263885021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.263945103 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.263966084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.263966084 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.263989925 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.264029026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.264069080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.264096022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.264133930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.264184952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.264209032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.264247894 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.264286995 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.264327049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.264365911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.264405012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.264444113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.264482975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.264520884 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.264539003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.264554024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.264592886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.264631987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.264672041 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.264712095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.264763117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.264806986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.264849901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.264893055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.264935970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.264981985 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.264986038 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.265010118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.265054941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.265098095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.265141010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.265185118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.265228033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.265270948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.265315056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.265357018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.265383959 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.265400887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.265439987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.265494108 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.265536070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.265578032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.265619040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.265661001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.265714884 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.265760899 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.265789032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.265834093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.265877962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.265921116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.265964985 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.266007900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.266012907 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.266051054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.266097069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.266140938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.266184092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.266227007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.266268969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.266311884 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.266355038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.266391039 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.266397953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.266441107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.266485929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.266530037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.266572952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.266616106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.266659975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.266702890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.266761065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.266762972 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.266788006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.266834021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.266876936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.266922951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.266966105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.267039061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.267085075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.267128944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.267172098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.267182112 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.267215014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.267271996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.267296076 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.267337084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.267376900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.267416954 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.267456055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.267498970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.267549038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.267596006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.267618895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.267637968 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.267658949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.267699003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.267739058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.267777920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.267816067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.267855883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.267894983 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.267932892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.268044949 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.289462090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.289576054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.289603949 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.289654970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.289733887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.289807081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.289902925 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.289958000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.290021896 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.290030003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.290105104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.290208101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.290297031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.290349007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.290426016 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.290448904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.290514946 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.290581942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.290652037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.290720940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.290792942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.290833950 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.290890932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.291100979 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.291168928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.291189909 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.291244030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.291304111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.291368008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.291425943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.291476965 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.291528940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.291570902 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.291584969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.291644096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.291687012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.291729927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.291773081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.291816950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.291887999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.291908026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.291922092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.291960955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.291995049 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.292001009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.292041063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.292087078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.292129993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.292180061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.292222023 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.292263985 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.292306900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.292349100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.292397976 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.292418957 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.292442083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.292495966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.292538881 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.292581081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.292623997 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.292666912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.292709112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.292751074 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.292793989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.292835951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.292879105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.292890072 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.292922020 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.292968035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.293010950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.293059111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.293101072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.293143988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.293186903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.293230057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.293256044 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.293273926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.293328047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.293370962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.293414116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.293462038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.293504953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.293551922 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.293595076 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.293637037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.293679953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.293687105 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.293724060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.293768883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.293812037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.293853998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.293898106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.293941021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.293983936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.294033051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.294075966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.294112921 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.294118881 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.294158936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.294204950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.294248104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.294290066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.294332981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.294375896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.294418097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.294461012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.294503927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.294532061 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.294548988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.294610977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.294653893 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.294697046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.294740915 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.294784069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.294835091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.294878006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.294888020 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.294922113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.294967890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.295038939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.295087099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.295130014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.295172930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.295187950 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.295222044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.295268059 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.295311928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.295356989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.295401096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.295449018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.295471907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.295510054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.295548916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.295552969 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.295589924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.295629025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.295667887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.295717001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.295742035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.295792103 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.295818090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.295862913 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.295907974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.295952082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.295953989 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.295994997 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.296037912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.296081066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.296123028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.296170950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.296214104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.296262026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.296303988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.296351910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.296366930 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.296395063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.296447039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.296489954 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.296533108 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.296576023 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.296617985 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.296662092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.296705008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.296747923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.296785116 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.297245026 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.318398952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.318594933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.318630934 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.318664074 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.318748951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.318850040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.318934917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.319087029 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.319092035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.319191933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.319300890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.319401026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.319478989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.319509983 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.319549084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.319650888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.319752932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.319819927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.319907904 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.319919109 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.319988966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.320089102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.320172071 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.320216894 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.320261002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.320305109 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.320322037 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.320354939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.320401907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.320447922 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.320491076 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.320545912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.320595026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.320621967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.320667982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.320710897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.320717096 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.320755005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.320801020 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.320843935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.320893049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.320918083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.320967913 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.320988894 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.321036100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.321073055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.321118116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.321161032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.321161985 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.321204901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.321249008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.321294069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.321336985 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.321384907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.321429014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.321480036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.321522951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.321574926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.321593046 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.321625948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.321672916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.321717978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.321762085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.321805000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.321852922 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.321878910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.321918964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.321965933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.321990967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.322037935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.322062016 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.322082043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.322134018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.322176933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.322220087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.322264910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.322304964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.322344065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.322386026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.322427988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.322455883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.322495937 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.322523117 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.322535992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.322575092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.322618961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.322662115 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.322710037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.322752953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.322796106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.322839022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.322881937 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.322911024 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.322926044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.322968960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323061943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323087931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323112011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323134899 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323158026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323182106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323204994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323229074 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323252916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323262930 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.323277950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323307037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323329926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323354006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323376894 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323400974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323424101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323447943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323472977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323496103 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323518991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323543072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323565960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323590040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323612928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323636055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323654890 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.323659897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323683977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323709965 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323733091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323756933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323780060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323803902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323827982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323851109 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323874950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323898077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323921919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323949099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323971987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.323996067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.324018955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.324043036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.324065924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.324090004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.324100971 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.324112892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.324136019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.324161053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.324184895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.324208021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.324230909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.324254990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.324285030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.324302912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.324309111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.324330091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.324354887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.324378967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.324407101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.324419022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.324446917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.324470043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.324493885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.324625969 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.346080065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.346123934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.346148968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.346172094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.346220970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.346255064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.346301079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.346330881 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.346359015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.346390963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.346415043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.346419096 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.346446991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.346484900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.346513987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.346537113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.346560955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.346599102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.346623898 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.346658945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.346698046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.346723080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.346764088 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.346797943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.346824884 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.346846104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.346868992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.346901894 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.346929073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.346951962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.347017050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.347031116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.347073078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.347084045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.347120047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.347141981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.347182035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.347204924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.347238064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.347278118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.347345114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.347384930 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.347435951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.347481966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.347548008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.347601891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.347698927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.347769976 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.347836018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.347932100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.347940922 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.348006010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.348093033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.348165035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.348257065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.348301888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.348345995 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.348390102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.348392963 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.348433971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.348478079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.348520994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.348565102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.348608017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.348651886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.348695993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.348738909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.348783016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.348826885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.348870993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.348900080 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.348913908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.348958969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.349003077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.349045992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.349090099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.349133015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.349176884 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.349220991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.349263906 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.349308014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.349358082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.349417925 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.349479914 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.349497080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.349567890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.349636078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.349704981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.349751949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.349795103 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.349838972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.349883080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.349925995 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.349976063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.350018978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.350063086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.350064039 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.350106955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.350151062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.350194931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.350238085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.350281954 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.350325108 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.350373983 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.350418091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.350461006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.350507021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.350557089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.350574970 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.350600958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.350645065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.350687981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.350730896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.350775003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.350817919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.350867033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.350914955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.350959063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.351028919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.351087093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.351129055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.351157904 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.351170063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.351212025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.351253986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.351298094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.351341009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.351397038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.351413965 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.351459026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.351507902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.351560116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.351583004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.351624012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.351664066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.351702929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.351720095 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.351742983 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.351797104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.351813078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.351850986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.351888895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.351927996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.351967096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.352005959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.352044106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.352082968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.352125883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.352169037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.352211952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.352256060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.352298975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.352298021 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.352336884 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.352792978 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.601588011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.601926088 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.812978029 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.818093061 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.834748983 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.834804058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.834842920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.834878922 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.834913969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.834954977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.834995985 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.835028887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.835078955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.835129976 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.835180998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.835225105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.835269928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.835306883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.835354090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.835397959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.835442066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.835485935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.835529089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.835573912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.835618019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.835671902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.835716009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.835761070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.835804939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.835849047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.835892916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.835936069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.835979939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.836024046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.836067915 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.836112022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.836155891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.836199999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.836242914 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.836287022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.836330891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.836375952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.836420059 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.836462975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.836507082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.836550951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.836595058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.836638927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.836683035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.836735010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.836779118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.836822033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.836864948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.837388992 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.837503910 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.838100910 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.839687109 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.839740038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.839772940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.839804888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.839840889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.839874983 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.839905977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.839936972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.839967966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.840001106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.840035915 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.840071917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.840117931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.840132952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.840183973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.840199947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.840236902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.840271950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.840286016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.840357065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.840396881 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.840432882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.840467930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.840501070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.840518951 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.840548992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.840585947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.840625048 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.840658903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.840687990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.840719938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.840753078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.840785980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.840817928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.840848923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.840898037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.840935946 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.840939045 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.840980053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.841001034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.841043949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.841068029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.841085911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.841119051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.841155052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.841200113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.841218948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.841250896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.841293097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.841325998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.841330051 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.841361046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.841394901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.841432095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.841473103 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.841500044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.841541052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.841586113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.841600895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.841631889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.841672897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.841708899 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.841723919 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.841732979 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.841773987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.841814995 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.841855049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.841887951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.841917992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.841954947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.841995001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.842030048 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.842063904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.842082977 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.842097044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.842128992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.842165947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.842200041 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.842233896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.842267990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.842304945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.842340946 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.842375994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.842408895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.842437983 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.842443943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.842483044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.842519999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.842552900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.842587948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.842622042 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.842660904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.842694998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.842729092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.842763901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.842788935 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.842802048 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.842837095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.842869997 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.842905045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.842941046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.842978001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.843053102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.843089104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.843127012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.843136072 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.843174934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.843487024 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.859030962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.859095097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.859134912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.859169960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.859209061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.859242916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.859277964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.859282017 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.859323025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.859369993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.859416008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.859467983 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.859513044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.859561920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.859579086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.859613895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.859648943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.859693050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.859709024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.859723091 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.859747887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.859783888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.859821081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.859859943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.859895945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.859931946 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.859977007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.859997988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.860044956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.860059977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.860104084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.860129118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.860135078 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.860172987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.860214949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.860255003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.860291958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.860338926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.860357046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.860404968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.860429049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.860469103 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.860515118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.860521078 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.860539913 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.860595942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.860639095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.860677004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.860714912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.860754967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.860795021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.860835075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.860872984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.861006975 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.864901066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.864948034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.864989996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.865019083 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.865036011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.865080118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.865117073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.865154028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.865191936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.865226984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.865262985 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.865299940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.865336895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.865371943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.865407944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.865408897 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.865446091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.865482092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.865516901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.865552902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.865592003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.865632057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.865654945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.865694046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.865732908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.865772009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.865797997 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.865813017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.865850925 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.865890980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.865931034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.865968943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.866009951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.866055012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.866092920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.866134882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.866173983 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.866203070 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.866213083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.866254091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.866292000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.866331100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.866369009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.866406918 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.866441011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.866477966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.866511106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.866544008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.866578102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.866614103 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.866646051 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.866648912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.866694927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.866710901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.866751909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.866791010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.866828918 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.866873026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.866895914 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.866934061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.866972923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.867021084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.867067099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.867069006 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.867109060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.867161036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.867177963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.867213011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.867259979 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.867300987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.867346048 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.867364883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.867404938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.867424965 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.867448092 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.867463112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.867501974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.867539883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.867582083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.867623091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.867647886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.867686987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.867726088 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.867765903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.867804050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.867841959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.867846012 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.867881060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.867918968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.867955923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.867995024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.868036985 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.868060112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.868099928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.868117094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.868149042 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.868185997 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.868222952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.868228912 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.868261099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.868302107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.868340015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.868376970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.868415117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.868454933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.868493080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.868542910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.868582964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.868583918 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.869050980 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.882431030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.882488012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.882524014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.882560968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.882596016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.882597923 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.882633924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.882669926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.882709980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.882746935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.882782936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.882811069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.882833004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.882854939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.882875919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.882898092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.882920027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.882941961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.882962942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.882967949 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.883004904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.883028984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.883052111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.883074045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.883095026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.883120060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.883132935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.883157969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.883188009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.883219004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.883240938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.883263111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.883285999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.883311033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.883335114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.883358955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.883383036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.883407116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.883415937 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.883430958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.883455038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.883479118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.883502960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.883527040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.883550882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.883574963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.883599043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.883627892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.883642912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.883655071 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.883682966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.883794069 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.890351057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.890408039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.890458107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.890503883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.890518904 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.890548944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.890593052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.890638113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.890682936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.890727043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.890772104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.890815973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.890861034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.890901089 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.890906096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.890948057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.891040087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.891094923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.891164064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.891189098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.891237020 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.891262054 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.891283035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.891326904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.891371012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.891415119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.891458988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.891518116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.891539097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.891586065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.891592026 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.891645908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.891701937 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.891758919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.891813993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.891877890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.891928911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.891963005 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.891982079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.892030001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.892077923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.892127037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.892174959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.892224073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.892272949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.892302990 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.892339945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.892389059 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.892437935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.892487049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.892540932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.892566919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.892613888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.892651081 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.892669916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.892719030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.892766953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.892829895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.892888069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.892935991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.892985106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.893034935 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.893038034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.893071890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.893121958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.893171072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.893218994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.893268108 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.893316031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.893383026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.893404007 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.893454075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.893522978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.893591881 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.893660069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.893727064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.893728971 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.893794060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.893862009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.893930912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.893999100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.894067049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.894069910 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.894134998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.894191027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.894241095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.894289970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.894337893 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.894387960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.894416094 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.894440889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.894489050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.894537926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.894586086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.894634962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.894682884 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.894731045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.894773006 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.894779921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.894828081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.894876957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.894925117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.894973993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.895041943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.895092964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.895129919 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.895144939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.895194054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.895242929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.895289898 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.895339012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.895386934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.895445108 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.895468950 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.895498991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.899060965 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.905251980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.905329943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.905389071 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.905440092 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.905455112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.905528069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.905584097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.905635118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.905684948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.905734062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.905782938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.905831099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.905836105 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.905879974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.905927896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.905977011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.906024933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.906074047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.906122923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.906162977 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.906172991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.906223059 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.906271935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.906320095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.906368017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.906415939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.906465054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.906513929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.906516075 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.906563044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.906611919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.906660080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.906708956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.906757116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.906805038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.906841040 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.906868935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.906918049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.906965971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.907035112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.907097101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.907119989 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.907154083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.907202959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.907250881 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.907299995 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.907349110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.907397032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.907444954 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.907494068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.907511950 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.907548904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.907598019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.907645941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.910794973 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.917115927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.917154074 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.917181969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.917207003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.917232037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.917256117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.917366028 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.917409897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.917491913 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.917563915 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.917665958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.917714119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.917737961 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.917803049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.917867899 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.917937994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.917994022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.918054104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.918108940 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.918128014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.918154955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.918222904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.918289900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.918366909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.918437004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.918441057 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.918529987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.918598890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.918665886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.918735981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.918785095 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.918793917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.918839931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.918884039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.918929100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.918973923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.919027090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.919076920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.919123888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.919127941 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.919167042 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.919209957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.919253111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.919294119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.919334888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.919378042 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.919419050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.919475079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.919493914 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.919540882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.919584990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.919609070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.919648886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.919673920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.919713020 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.919750929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.919787884 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.919825077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.919861078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.919898033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.919934034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.919970989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.920007944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.920043945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.920080900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.920116901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.920146942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.920180082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.920217037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.920253038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.920289993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.920325994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.920362949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.920398951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.920435905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.920471907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.920507908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.920543909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.920581102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.920617104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.920671940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.920712948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.920756102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.920794010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.920830965 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.920866966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.920902967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.920939922 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.920977116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.921013117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.921050072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.921087980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.921124935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.921160936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.921196938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.921233892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.921272039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.921308994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.921346903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.921382904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.921420097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.921457052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.921494007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.921530962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.921570063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.921597958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.921643019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.923110008 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.923630953 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.923715115 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.929814100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.929896116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.929965019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.930013895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.930067062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.930129051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.930176973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.930246115 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.930284977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.930344105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.930392027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.930429935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.930469990 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.930471897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.930510044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.930552006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.930593014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.930634022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.930675030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.930711985 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.930748940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.930790901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.930828094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.930866003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.930903912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.930939913 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.930977106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.931030989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.931067944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.931103945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.931140900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.931176901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.931214094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.931250095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.931287050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.931323051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.931359053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.931395054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.931432009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.931469917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.932274103 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.932466984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.932538986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.932585001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.932622910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.932653904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.932687044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.933145046 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.943520069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.943619013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.943639994 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.943686962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.943773031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.943820953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.943866014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.943912029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.943958998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.944010973 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.944024086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.944070101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.944127083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.944155931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.944178104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.944205046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.944252014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.944298029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.944343090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.944387913 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.944437981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.944483042 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.944482088 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.944526911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.944571018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.944616079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.944678068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.944744110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.944788933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.944834948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.944880962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.944920063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.944957018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.944998980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.945008993 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.945050955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.945092916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.945168018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.945224047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.945266962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.945353031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.945417881 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.945463896 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.945485115 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.945578098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.945643902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.945717096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.945760012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.945825100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.945851088 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.945867062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.945949078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.945990086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.946034908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.946074009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.946110964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.946151018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.946190119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.946227074 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.946259022 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.946266890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.946309090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.946360111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.946400881 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.946441889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.946482897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.946522951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.946558952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.946599007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.946640015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.946681023 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.946687937 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.946724892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.946753025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.946794033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.946835041 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.946887016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.946907043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.946950912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.947019100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.947062969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.947074890 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.947104931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.947150946 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.947177887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.947220087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.947263956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.947304964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.947345018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.947385073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.947427034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.947448015 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.947467089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.947505951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.947554111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.947603941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.947649002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.947711945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.947729111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.947767973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.947805882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.947809935 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.947855949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.947897911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.947937965 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.947978973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.948019981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.948060989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.948101997 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.948143005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.948184967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.948226929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.948231936 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.948278904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.948318958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.948360920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.948756933 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.953121901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.953190088 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.953234911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.953243971 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.953267097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.953299999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.953335047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.953689098 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.953852892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.953932047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.953979015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.954011917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.954037905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.954063892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.954103947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.954109907 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.954145908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.954171896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.954197884 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.954224110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.954250097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.954277039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.954302073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.954329014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.954354048 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.954380035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.954406023 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.954432011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.954457998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.954504013 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.954938889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.954968929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.955003977 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:41.955010891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.955039978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.955076933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.955099106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:41.955476046 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.197550058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.197671890 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.665524960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.665849924 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.677944899 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.699774981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.699856043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.699894905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.699949980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.700005054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.700064898 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.700114965 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.700123072 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.700150013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.700180054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.700232983 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.700285912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.700325012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.700380087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.700432062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.700484037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.700534105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.700579882 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.700584888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.700634956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.700670958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.700711012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.700761080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.700809002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.700859070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.700910091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.700941086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.700984001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.701023102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.701052904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.701103926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.701133966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.701184034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.701227903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.701277971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.701332092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.701373100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.701406956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.701451063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.701482058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.701527119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.701570988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.701621056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.701651096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.701685905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.701714993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.701744080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.701786041 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.701814890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.701843023 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.701872110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.701900959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.701930046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.701957941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.701987028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.702014923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.702043056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.702070951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.702100039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.702126980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.702157974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.702186108 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.702214003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.702243090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.702270031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.702300072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.702327967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.702356100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.702383995 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.702413082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.702440977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.702471018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.702497959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.702528954 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.702558041 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.702585936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.702614069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.702642918 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.702671051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.702699900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.702728987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.702756882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.702785969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.702814102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.702843904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.702872038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.702899933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.702936888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.702965975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.703021049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.703052998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.703087091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.703115940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.703144073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.703171968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.703197956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.703226089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.703253031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.703286886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.703315020 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.703342915 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.703372002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.703398943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.703428030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.703457117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.703486919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.703515053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.703542948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.703569889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.703599930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.703628063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.703655958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.703684092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.703712940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.703739882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.703768015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.703798056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.703825951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.703855038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.703882933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.703910112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.703938961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.703967094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.703995943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.704025030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.704052925 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.704080105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.704109907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.704139948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.704169035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.704196930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.704226971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.704255104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.704282999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.704310894 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.704339981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.704368114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.704396963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.704425097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.704458952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.704488039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.704515934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.704544067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.704571962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.704600096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.704629898 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.704658031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.704689026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.704716921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.704745054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.704772949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.704801083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.705739975 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.705874920 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.706522942 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.706621885 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.706769943 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.706818104 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.726449966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.726499081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.726527929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.726556063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.726583004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.726612091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.726640940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.726669073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.726697922 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.726726055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.726753950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.727493048 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.727515936 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.727540016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.727576017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.727610111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.727639914 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.727674007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.727703094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.727736950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.727771044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.727803946 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.727838039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.727869034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.727902889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.727936029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.727969885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.727973938 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.728003979 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.728039026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.728085995 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.728120089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.728148937 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.728183031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.728216887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.728245020 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.728279114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.728312969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.728342056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.728360891 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.728375912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.728410959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.728440046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.728472948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.728502989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.728535891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.728569984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.728600025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.728634119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.728663921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.728693008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.728728056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.728759050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.728789091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.728801966 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.728818893 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.728848934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.728878021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.728909969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.728945017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.728977919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.729007959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.729043007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.729073048 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.729108095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.729137897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.729171991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.729207039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.729226112 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.729242086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.729271889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.729306936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.729340076 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.729374886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.729409933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.729444981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.729477882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.729512930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.729547024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.729582071 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.729588032 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.729617119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.729650974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.729686022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.729720116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.729756117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.729789972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.729823112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.729856014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.729890108 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.729923010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.729958057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.729964018 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.729993105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.730026007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.730060101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.730096102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.730130911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.730165958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.730201006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.730235100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.730268955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.730304003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.730336905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.730344057 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.730371952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.730406046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.730439901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.730473995 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.730508089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.730541945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.730576038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.730609894 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.730643988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.730678082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.730695963 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.730712891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.730746984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.730779886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.730813980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.730849028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.730884075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.730916977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.730951071 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.730995893 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.731061935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.731074095 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.731098890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.731137037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.731174946 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.731214046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.731251955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.731291056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.731328011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.731365919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.731404066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.731432915 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.731441975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.731479883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.731515884 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.731554031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.731587887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.731621027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.731654882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.731687069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.731720924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.731755018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.731787920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.731822014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.731837988 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.731854916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.731888056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.731921911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.731955051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.731988907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.732023001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.732055902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.732089996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.732124090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.732156992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.732189894 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.732223988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.732575893 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.754082918 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.754162073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.754231930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.754231930 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.754271984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.754321098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.754358053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.754434109 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.754486084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.754538059 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.754590988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.754643917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.754656076 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.754693031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.754735947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.754769087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.754821062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.754873991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.754925966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.754961014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.755032063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.755084991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.755086899 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.755137920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.755187988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.755240917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.755292892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.755343914 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.755403996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.755464077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.755511045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.755513906 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.755564928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.755620003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.755671978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.755707979 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.755743027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.755778074 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.755812883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.755847931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.755882978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.755918026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.755933046 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.755959988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.755991936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.756026983 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.756062031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.756102085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.756136894 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.756171942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.756206989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.756242037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.756278038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.756313086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.756347895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.756381989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.756388903 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.756417990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.756453037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.756488085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.756524086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.756558895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.756593943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.756629944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.756664991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.756705999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.756740093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.756774902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.756810904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.756845951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.756858110 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.756887913 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.756922960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.756958961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.756993055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.757029057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.757065058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.757100105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.757136106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.757170916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.757205963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.757246971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.757282019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.757317066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.757319927 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.757352114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.757388115 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.757422924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.757457972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.757493019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.757529020 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.757564068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.757599115 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.757639885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.757675886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.757710934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.757723093 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.757745981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.757778883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.757812977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.757848978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.757884979 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.757920027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.757965088 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.757981062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.758013010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.758048058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.758083105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.758119106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.758153915 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.758163929 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.758189917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.758222103 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.758256912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.758291960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.758327961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.758369923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.758404016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.758436918 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.758471012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.758503914 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.758542061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.758560896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.758603096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.758620977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.758625031 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.758645058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.758675098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.758708000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.758748055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.758784056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.758827925 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.758863926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.758898973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.758934975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.758966923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.759011030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.759058952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.759074926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.759108067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.759141922 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.759147882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.759181976 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.759216070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.759248018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.759282112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.759318113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.759341002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.759373903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.759407997 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.759440899 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.759469986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.759499073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.759531975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.759565115 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.759598017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.759630919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.759664059 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.759699106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.759720087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.759753942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.759787083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.759814978 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.760325909 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.781409979 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.781470060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.781512022 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.781529903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.781565905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.781620026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.781671047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.781717062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.781755924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.781796932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.781853914 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.781893015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.781943083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.781989098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.782000065 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.782047987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.782080889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.782130957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.782183886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.782237053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.782289982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.782330036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.782385111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.782426119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.782471895 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.782478094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.782511950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.782546043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.782597065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.782648087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.782701015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.782751083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.782802105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.782849073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.782861948 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.782910109 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.782963037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.783026934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.783082008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.783139944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.783178091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.783204079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.783245087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.783257961 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.783278942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.783308029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.783339977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.783373117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.783411026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.783430099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.783463955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.783497095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.783529043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.783562899 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.783596039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.783627987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.783660889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.783693075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.783725977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.783725023 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.783759117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.783791065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.783823967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.783858061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.783890009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.783921957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.783955097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.783987045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.784019947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.784054041 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.784085989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.784117937 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.784151077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.784179926 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.784183025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.784215927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.784248114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.784281015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.784322023 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.784354925 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.784388065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.784420013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.784452915 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.784485102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.784518003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.784549952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.784580946 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.784583092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.784615993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.784647942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.784681082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.784713030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.784744978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.784782887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.784816027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.784847975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.784876108 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.784908056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.784940004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.784971952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.785003901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.785036087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.785047054 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.785068035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.785098076 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.785130024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.785161972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.785195112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.785227060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.785254955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.785288095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.785320997 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.785352945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.785384893 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.785418034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.785449982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.785481930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.785514116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.785547018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.785578966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.785610914 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.785623074 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.785644054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.785672903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.785705090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.785737038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.785768986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.785800934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.785834074 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.785866022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.785898924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.785931110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.785963058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.785995007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.786027908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.786060095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.786092043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.786124945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.786132097 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.786158085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.786190987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.786223888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.786257029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.786288977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.786322117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.786355019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.786386967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.786421061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.786453009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.786485910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.786518097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.786550045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.786581993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.786582947 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.786613941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.786648035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.786680937 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.786712885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.786746025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.786777973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.786809921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.786839008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.786870956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.786973953 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.808547974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.808635950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.808689117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.808731079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.808765888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.808789968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.808794022 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.808866978 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.808875084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.808937073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.808994055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.809055090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.809092045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.809127092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.809181929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.809245110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.809253931 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.809297085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.809343100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.809364080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.809418917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.809487104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.809524059 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.809561014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.809602022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.809622049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.809650898 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.809664011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.809700966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.809742928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.809763908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.809802055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.809839964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.809876919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.809914112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.809964895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.809983969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.810023069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.810048103 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.810060978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.810105085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.810143948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.810185909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.810209990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.810250044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.810295105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.810316086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.810354948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.810394049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.810434103 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.810470104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.810507059 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.810511112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.810548067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.810586929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.810626030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.810672045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.810712099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.810751915 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.810795069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.810831070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.810870886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.810908079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.810945034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.810944080 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.810978889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.811028004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.811063051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.811086893 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.811096907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.811131001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.811172009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.811216116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.811254025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.811279058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.811314106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.811342955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.811381102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.811418056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.811455011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.811506033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.811517954 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:42.811538935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.811580896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.811616898 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.811650038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.811691999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.811727047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.811759949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.811803102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.811837912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.811868906 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:42.811969995 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.061513901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.061671972 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.282207966 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.303879976 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.303966999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.304003000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.304023027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.304070950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.304095030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.304131985 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.304173946 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.304198027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.304234028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.304259062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.304333925 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.304383039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.304415941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.304459095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.304464102 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.304498911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.304537058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.304578066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.304620981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.304649115 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.304696083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.304723978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.304754019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.304788113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.304817915 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.304833889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.304852009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.304872036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.304883957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.304889917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.304888964 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.304909945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.304953098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.304965019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305010080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305023909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305036068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305073977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305088043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305125952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305164099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305174112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305187941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305233955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305274010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305299997 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.305314064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305337906 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305376053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305399895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305437088 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305475950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305509090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305521965 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305543900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305593014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305610895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305619955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305643082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305666924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305690050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305712938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305738926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305762053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305785894 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305809021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305809975 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.305831909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305854082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305877924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305901051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305923939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305947065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305969954 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.305993080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306015968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306050062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306062937 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306071043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306097031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306126118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306148052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306173086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306197882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306204081 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.306211948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306236029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306262970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306274891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306298971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306323051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306349039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306371927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306395054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306417942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306441069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306463957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306485891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306509018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306531906 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306550980 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.306555033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306576967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306600094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306622982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306646109 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306668997 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306693077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306715012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306736946 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306762934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306772947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306796074 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306822062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306833029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306855917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306876898 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306899071 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306917906 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.306920052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306941986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306963921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.306998014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.307020903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.307039976 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.307063103 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.307092905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.307101011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.307126045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.307149887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.307173967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.307200909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.307224035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.307246923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.307271004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.307296991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.307321072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.307351112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.307374954 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.307378054 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.307399035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.307423115 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.307446957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.307471991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.307496071 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.307532072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.307544947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.307552099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.307565928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.307589054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.307612896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.307640076 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.307662964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.307687998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.307712078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.307734013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.307760000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.307786942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.307811022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.307817936 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.308279037 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.329482079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.329616070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.329649925 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.329705000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.329772949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.329809904 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.329874039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.329931021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.329993963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.330065012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.330125093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.330153942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.330215931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.330245018 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.330291986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.330399990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.330444098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.330523968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.330600977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.330646992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.330681086 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.330692053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.330791950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.330881119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.330956936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.331083059 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.331090927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.331160069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.331222057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.331274986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.331409931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.331470966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.331481934 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.331583023 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.331693888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.331746101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.331800938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.331875086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.331912041 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.331939936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.331985950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.332031012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.332083941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.332107067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.332156897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.332190990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.332214117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.332258940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.332285881 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.332333088 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.332349062 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.332377911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.332421064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.332464933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.332509041 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.332551956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.332596064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.332639933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.332684994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.332726002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.332767010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.332808018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.332849026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.332863092 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.332890034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.332931042 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.332973003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.333014011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.333055019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.333096027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.333139896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.333184958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.333229065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.333256960 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.333271980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.333317041 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.333360910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.333404064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.333447933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.333492041 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.333534956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.333579063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.333621979 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.333621979 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.333667040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.333710909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.333754063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.333797932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.333842039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.333884954 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.333929062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.333971024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.333987951 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.334019899 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.334064007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.334108114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.334151983 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.334196091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.334239960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.334284067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.334326982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.334371090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.334404945 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.334414959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.334459066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.334502935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.334553957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.334589958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.334665060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.334737062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.334815025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.334851027 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.334888935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.334966898 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.335067034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.335144997 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.335154057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.335230112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.335309029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.335386992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.335465908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.335547924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.335547924 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.335628986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.335710049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.335788012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.335861921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.335935116 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.335938931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.336011887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.336086988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.336163998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.336239100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.336316109 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.336380959 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.336395025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.336469889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.336543083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.336625099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.336705923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.336767912 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.336781025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.336857080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.336935043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.337013006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.337090969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.337167025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.337172031 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.337240934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.337316036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.337388039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.337470055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.337519884 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.337539911 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.337589979 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.337665081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.337739944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.337822914 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.337898970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.337950945 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.337976933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.338052034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.338124990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.338195086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.338282108 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.338318110 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.338356972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.338432074 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.338505983 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.338596106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.338670969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.338705063 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.338743925 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.338816881 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.338897943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.339061022 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.360779047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.360836029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.360913038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.360944986 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.360991001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.361056089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.361088991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.361134052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.361177921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.361238956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.361310959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.361363888 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.361382008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.361418962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.361445904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.361476898 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.361514091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.361526966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.361543894 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.361588001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.361633062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.361660004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.361706972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.361733913 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.361780882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.361819029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.361823082 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.361850977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.361901999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.361936092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.361968040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.361994982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.362032890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.362060070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.362092018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.362126112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.362163067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.362200022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.362229109 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.362265110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.362303972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.362339973 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.362348080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.362373114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.362416029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.362457991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.362494946 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.362521887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.362560987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.362587929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.362636089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.362679958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.362719059 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.362746000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.362772942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.362777948 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.362807989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.362843037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.362869024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.362885952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.362910032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.362937927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.362965107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.363050938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.363071918 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.363080978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.363101959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.363132000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.363159895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.363187075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.363208055 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.363214016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.363250971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.363277912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.363305092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.363332033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.363358021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.363396883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.363424063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.363466978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.363493919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.363526106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.363558054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.363596916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.363635063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.363662004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.363687992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.363707066 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.363714933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.363753080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.363771915 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.363780022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.363794088 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.363816977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.363845110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.363873005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.363898993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.363925934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.363951921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.363977909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364005089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364031076 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364070892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364089012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364097118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364115953 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.364123106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364132881 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364147902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364192009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364213943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364226103 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364260912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364275932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364305019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364336014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364365101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364377975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364401102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364424944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364449024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364475965 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364491940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364515066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364538908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364545107 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.364562988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364588022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364612103 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364635944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364660025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364690065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364721060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364736080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364751101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364783049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364809990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364841938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364876032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364895105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364906073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364922047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364931107 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.364953041 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.364979982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.365005970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.365031958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.365057945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.365083933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.365112066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.365139008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.365174055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.365189075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.365200996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.365243912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.365283966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.365299940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.365315914 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.365345955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.365353107 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.365372896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.365406036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.365432024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.365458012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.365484953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.366000891 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.387252092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.387320995 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.387424946 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.387444973 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.387481928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.387504101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.387567043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.387609005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.387664080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.387721062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.387762070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.387806892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.387871027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.387890100 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.387912989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.387955904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.388015985 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.388058901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.388099909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.388156891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.388204098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.388245106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.388288021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.388336897 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.388353109 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.388396978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.388441086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.388504028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.388545990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.388586998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.388650894 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.388695955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.388762951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.388807058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.388806105 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.388875008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.388917923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.388962030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.389007092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.389054060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.389095068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.389163017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.389204979 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.389209986 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.389250040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.389307022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.389348030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.389400005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.389441013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.389487982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.389528036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.389591932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.389635086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.389642000 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.389676094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.389734983 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.389781952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.389826059 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.389868021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.389915943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.389957905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.390018940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.390060902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.390070915 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.390100956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.390176058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.390218973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.390263081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.390331030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.390384912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.390431881 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.390471935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.390496016 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.390532017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.390575886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.390614986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.390654087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.390721083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.390763044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.390803099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.390846968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.390907049 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.390911102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.390954971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.391056061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.391127110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.391170025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.391210079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.391248941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.391283035 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.391293049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.391355991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.391398907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.391438961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.391485929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.391547918 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.391596079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.391644001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.391679049 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.391710043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.391756058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.391833067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.391887903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.391932011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.391974926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.392018080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.392070055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.392087936 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.392117977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.392173052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.392215014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.392261028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.392333031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.392379045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.392421961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.392469883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.392513037 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.392514944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.392560005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.392606974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.392697096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.392748117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.392819881 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.392869949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.392919064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.392966032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.392985106 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.393022060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.393095016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.393148899 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.393197060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.393271923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.393332958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.393385887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.393460035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.393462896 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.393512011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.393533945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.393583059 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.393632889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.393673897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.393712997 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.393771887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.393815994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.393856049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.393898010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.393906116 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.393944025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.393990993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.394030094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.394069910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.394134998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.394179106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.394218922 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.394273996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.394311905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.394325972 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.394355059 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.394395113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.394460917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.394503117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.394543886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.394603968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.394644976 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.394685030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.394740105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.394752026 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.394788027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.394828081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.394872904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.394916058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.394963026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.395169020 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.416933060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.417098999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.417191982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.417212009 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.417256117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.417335987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.417398930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.417478085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.417623043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.417673111 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.417692900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.417787075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.417809963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.417865038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.417937040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.418015957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.418052912 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.418061972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.418126106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.418188095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.418276072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.418329000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.418406010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.418452024 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.418464899 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.418519020 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.418586016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.418629885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.418677092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.418704987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.418754101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.418800116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.418853045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.418854952 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.418904066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.418947935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.419051886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.419163942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.419189930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.419199944 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.419250011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.419296980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.419323921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.419368029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.419414043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.419441938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.419497013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.419540882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.419599056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.419616938 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.419644117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.419688940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.419733047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.419784069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.419827938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.419872046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.419923067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.419966936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.420012951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.420041084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.420051098 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.420078993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.420123100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.420180082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.420224905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.420269966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.420314074 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.420356989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.420418978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.420447111 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.420471907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.420530081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.420573950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.420619011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.420685053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.420734882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.420806885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.420852900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.420897007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.420932055 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.420943975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.420994043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.421077967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.421129942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.421211004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.421263933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.421351910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.421406031 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.421427011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.421500921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.421559095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.421585083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.421627998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.421668053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.421736002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.421797991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.421855927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.421900988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.421925068 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.421973944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.422060013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.422138929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.422238111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.422328949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.422374010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.422452927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.422496080 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.422548056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.422621012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.422708988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.422785044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.422861099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.422936916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.422957897 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.423007965 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.423105955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.423175097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.423238993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.423309088 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.423352957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.423418045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.423480988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.423568010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.423608065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.423648119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.423645020 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.423688889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.423732042 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.423760891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.423826933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.423866987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.423902988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.423939943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.423990011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.424010038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.424048901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.424097061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.424134970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.424174070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.424213886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.424211979 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.425076008 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:43.677515984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:43.678548098 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.072591066 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.080143929 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.094430923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.094516993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.094583988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.094650984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.094717979 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.094789028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.094856024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.094918966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.094999075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.095098019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.095109940 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.095134974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.095174074 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.095207930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.095242977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.095278978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.095316887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.095349073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.095382929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.095416069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.095452070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.095498085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.095499039 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.095515966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.095532894 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.095571041 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.095607996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.095642090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.095685959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.095726967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.095761061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.095797062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.095839024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.095885992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.095916986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.095944881 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.095948935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.095980883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.096010923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.096040964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.096082926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.096102953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.096134901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.096172094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.096190929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.096227884 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.096246004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.096277952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.096328974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.096340895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.096355915 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.096370935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.096407890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.096441984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.096483946 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.096513987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.096550941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.096587896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.096600056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.096627951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.096656084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.096682072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.096710920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.096729040 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.096749067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.096779108 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.096805096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.096833944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.096863031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.096899033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.096920013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.096950054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.096982002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.097038984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.097054005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.097090960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.097107887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.097136974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.097163916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.097189903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.097217083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.097245932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.097274065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.097301960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.097328901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.097364902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.097382069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.097415924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.097434998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.097464085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.097491026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.097518921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.097547054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.097573996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.097610950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.097625971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.097656965 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.097683907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.097717047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.097737074 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.097768068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.097790003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.097819090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.097848892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.097877026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.097918034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.097932100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.097968102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.097984076 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.098011971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.098040104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.098072052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.098099947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.098129988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.098157883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.098186016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.098464966 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.099183083 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.099267006 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.101967096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.102014065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.102046967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.102078915 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.102109909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.102140903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.102174044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.102205992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.102241993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.102274895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.102304935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.102334023 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.102365017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.102396965 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.102427006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.102462053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.102492094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.102524042 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.102554083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.102583885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.102617025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.102648020 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.102679014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.102710009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.102744102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.102773905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.102804899 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.102837086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.102866888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.102900982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.102931023 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.102962017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.103012085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.103048086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.103085041 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.103117943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.103147030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.103173971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.103204966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.103231907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.103261948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.103290081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.103318930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.103861094 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.106013060 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.106513977 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.119865894 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.119905949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.119932890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.119980097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.120027065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.120068073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.120105028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.120131969 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.120138884 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.120173931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.120208979 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.120243073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.120275974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.120315075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.120349884 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.120374918 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.120399952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.120424986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.120450020 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.120486975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.120517969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.120544910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.120572090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.120599031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.120626926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.120654106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.120680094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.120707035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.120733023 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.120759964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.120786905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.120812893 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.120840073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.120867014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.120893955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.120920897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.120948076 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.120975018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.121001005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.121032000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.121052027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.121081114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.121108055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.121134996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.121167898 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.121184111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.121212006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.121238947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.121264935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.121292114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.121326923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.121365070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.121403933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.121440887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.121479034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.121516943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.121553898 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.121591091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.121628046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.121634960 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.121665001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.121702909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.121742010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.121779919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.121812105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.121850967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.121886969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.121901035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.121917009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.121944904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.121969938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.121994972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.122020006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.122044086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.122068882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.122093916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.122117996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.122143030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.122167110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.122190952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.122215033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.122240067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.122263908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.122287989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.122312069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.122335911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.122359991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.122385025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.122409105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.122433901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.122462988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.122476101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.122508049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.122546911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.122579098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.122603893 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.122628927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.122653008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.122677088 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.122701883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.122725964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.122766972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.122783899 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.122795105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.122806072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.122837067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.122852087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.122875929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.122898102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.122919083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.123236895 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.123696089 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.123775959 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.123864889 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.125375986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.125427961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.125471115 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.125493050 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.125502110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.125530958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.125559092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.125564098 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.125586987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.125726938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.125760078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.125782013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.125821114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.125855923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.125894070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.125929117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.125963926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.126050949 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.126151085 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.126848936 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.127662897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.127707005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.127751112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.127785921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.127819061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.127847910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.127872944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.127901077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.127924919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.127949953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.127974033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.127999067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.128009081 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.128025055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.128048897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.128086090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.128101110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.128106117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.128133059 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.128144026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.128164053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.128207922 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.128216982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.128238916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.128257990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.128282070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.128307104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.128329039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.128351927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.128371954 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.128390074 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.128468037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.128494978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.128812075 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.128876925 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.144702911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.144781113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.144798994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.144823074 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.144829988 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.144849062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.144874096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.144905090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.144932032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.144958019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.144984961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145011902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145037889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145064116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145091057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145117044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145143986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145169973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145195961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145221949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145231009 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.145248890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145275116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145301104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145327091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145353079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145380020 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145406008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145433903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145459890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145486116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145513058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145539045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145565033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145591021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145600080 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.145617962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145651102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145663977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145679951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145706892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145734072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145761013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145787001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145812988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145839930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145865917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145893097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145919085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145940065 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.145945072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145972967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.145998955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.146024942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.146050930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.146076918 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.146102905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.146128893 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.146155119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.146182060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.146208048 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.146234035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.146260023 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.146286011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.146303892 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.146311998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.146338940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.146364927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.146389961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.146415949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.146441936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.146467924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.146495104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.146521091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.146547079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.146580935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.146598101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.146609068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.146635056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.146667004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.146693945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.146716118 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.146727085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.146738052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.146763086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.146797895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.146806002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.146831036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.146857023 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.146883011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.146909952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.146936893 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.146969080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.147011995 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.147043943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.147088051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.147102118 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.147120953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.147147894 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.147173882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.147201061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.147227049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.147253036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.147279978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.147322893 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.147360086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.147401094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.147424936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.147445917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.147468090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.147500038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.147536993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.147569895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.147605896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.147640944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.147665977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.147694111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.147712946 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.147717953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.147741079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.147767067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.147793055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.147819996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.147849083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.148113012 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.148417950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.148469925 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.148487091 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.148514032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.148556948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.148600101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.148643970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.148688078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.148891926 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.149918079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.149967909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.150012016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.150331020 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.150434971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.150527954 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.150573969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.150618076 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.150661945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.150705099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.150736094 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.150748968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.150791883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.150847912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.150871038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.150897026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.150938988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.150990963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.151046038 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.151060104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.151103973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.151151896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.151205063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.151264906 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.151320934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.151371002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.151426077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.151438951 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.151482105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.151530981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.151578903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.151632071 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.151679993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.151727915 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.151776075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.151824951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.151833057 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.152331114 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.169653893 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.169764996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.169825077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.169876099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.169929981 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.169931889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.169986963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.170043945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.170099974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.170165062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.170238018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.170291901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.170340061 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.170341969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.170396090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.170449018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.170519114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.170583963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.170627117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.170691013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.170718908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.170758963 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.170774937 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.170834064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.170891047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.170922995 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.170954943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.171003103 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.171040058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.171073914 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.171107054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.171139956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.171181917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.171200991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.171205044 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.171221972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.171283007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.171308041 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.171331882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.171360970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.171382904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.171405077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.171427965 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.171463013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.171487093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.171510935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.171540022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.171555996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.171633005 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.171662092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.171695948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.171730995 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.171734095 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.171762943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.171796083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.171828032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.171859026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.171890974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.171936989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.171987057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.172030926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.172074080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.172113895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.172133923 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.172152996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.172190905 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.172192097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.172230959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.172270060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.172307968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.172344923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.172380924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.172418118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.172452927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.172489882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.172525883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.172547102 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.172560930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.172597885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.172635078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.172671080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.172707081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.172744036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.172780991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.172816992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.172852993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.172888994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.172895908 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.172925949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.172961950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.172997952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.173032999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.173069954 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.173109055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.173142910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.173177958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.173213005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.173249960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.173257113 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.173285961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.173321962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.173357964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.173393011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.173429966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.173465967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.173501968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.173537970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.173578978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.173610926 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.173624039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.173693895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.173734903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.173780918 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.173835039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.173871040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.173923016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.173939943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.173964024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.174000025 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.174000025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.174056053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.174099922 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.174146891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.174184084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.174218893 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.174253941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.174289942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.174324989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.174360991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.174396992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.174396038 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.174432039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.174468040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.174509048 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.174526930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.174562931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.174597025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.174631119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.174665928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.174700975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.174742937 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.174777031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.174796104 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.174813986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.174855947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.174873114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.174917936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.174935102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.174971104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.175015926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.175052881 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.175087929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.175107002 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.175123930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.175158978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.175193071 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.175247908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.175267935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.175304890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.175338030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.175371885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.175405025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.175437927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.175441980 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.175472975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.175496101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.175529957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.175560951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.175601006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.175637007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.175669909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.175704956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.175740004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.175822973 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.197393894 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.197474957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.197555065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.197586060 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.197596073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.197643995 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.197685957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.197740078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.197796106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.197849989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.197911024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.197946072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.197972059 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.197992086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.198056936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.198132992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.198200941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.198282003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.198323965 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.198375940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.198402882 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.198431015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.198484898 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.198539019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.198594093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.198649883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.198704004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.198746920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.198801041 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.198802948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.198843956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.198894978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.198929071 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.198988914 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.199073076 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.199132919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.199167967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.199178934 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.199219942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.199275970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.199358940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.199407101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.199451923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.199492931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.199525118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.199556112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.199587107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.199589014 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.199625015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.199664116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.199692011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.199722052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.199752092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.199785948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.199816942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.199847937 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.199882984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.199914932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.199947119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.199966908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.200006008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.200020075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.200050116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.200061083 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.200079918 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.200119019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.200155020 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.200187922 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.200221062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.200252056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.200284958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.200316906 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.200347900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.200380087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.200412035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.200443029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.200480938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.200508118 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.200519085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.200548887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.200578928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.200608015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.200649977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.200660944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.200695038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.200725079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.200757027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.200792074 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.200826883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.200856924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.200891018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.200922966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.200932980 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.200953960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.200984001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.201014042 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.201045990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.201076984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.201117039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.201153040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.201181889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.201210976 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.201240063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.201268911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.201298952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.201329947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.201349020 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.201360941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.201390982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.201425076 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.201457977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.201491117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.201529980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.201545000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.201576948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.201610088 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.201642036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.201674938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.201723099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.201731920 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.201778889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.201822996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.201867104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.201889992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.201936007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.201972008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.202013969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.202033997 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.202078104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.202097893 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.202136040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.202156067 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.202172995 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.202208996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.202245951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.202291965 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.202337980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.202353954 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.202392101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.202440023 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.202476025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.202512026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.202548027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.202581882 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.202594042 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.202630043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.202665091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.202701092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.202744961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.202780962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.202816963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.202856064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.202878952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.202928066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.202960968 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.202964067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.203505039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.203556061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.203572989 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.203597069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.203635931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.203671932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.203708887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.203763008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.203799009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.203835964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.203872919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.203908920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.203942060 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.203953028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.203989029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.204025984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.204333067 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.225763083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.225867033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.225930929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.225996971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.226083040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.226133108 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.226171970 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.226180077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.226243973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.226305008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.226380110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.226435900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.226471901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.226505041 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.226561069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.226603031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.226639032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.226670980 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.226686001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.226725101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.226763964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.226803064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.226844072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.226877928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.226912022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.226947069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.226990938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.227061987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.227102041 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.227108002 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.227144003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.227180958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.227216959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.227252007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.227288008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.227328062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.227386951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.227400064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.227421999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.227463007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.227492094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.227524996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.227523088 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.227557898 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.227587938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.227628946 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.227644920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.227684021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.227722883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.227763891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.227801085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.227842093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.227874994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.227905989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.227924109 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.227936029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.227967024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.227998018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.228029013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.228060961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.228104115 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.228117943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.228153944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.228195906 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.228221893 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.228260994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.228307962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.228348017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.228387117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.228430986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.228466988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.228481054 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.228509903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.228547096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.228588104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.228615046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.230057955 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.477529049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.478018045 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.580568075 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.602446079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.602519989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.602569103 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.602621078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.602647066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.602710962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.602735043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.602772951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.602798939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.602814913 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.602855921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.602901936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.602946043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.603024006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.603049994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.603099108 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.603153944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.603182077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.603207111 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.603238106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.603291035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.603336096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.603379011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.603432894 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.603477001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.603529930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.603578091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.603607893 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.603624105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.603667974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.603715897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.603760004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.603805065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.603852034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.603895903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.603940964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.603964090 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.603986025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.604037046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.604084969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.604142904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.604166985 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.604233027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.604260921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.604310036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.604319096 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.604357004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.604404926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.604449987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.604495049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.604540110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.604584932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.604644060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.604690075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.604722977 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.604744911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.604767084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.604798079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.604841948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.604887009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.604932070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.604983091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.605030060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.605072975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.605115891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.605159998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.605201960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.605211020 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.605246067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.605292082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.605335951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.605380058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.605422974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.605467081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.605511904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.605556965 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.605601072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.605648041 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.605664015 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.605675936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.605734110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.605778933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.605833054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.605884075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.605928898 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.605973005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.606017113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.606061935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.606067896 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.606106997 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.606154919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.606204987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.606275082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.606296062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.606342077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.606391907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.606421947 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.606437922 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.606487989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.606534004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.606578112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.606627941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.606678963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.606705904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.606753111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.606784105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.606818914 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.606832027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.606879950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.606925011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.606970072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.607064009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.607083082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.607129097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.607167006 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.607171059 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.607213020 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.607255936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.607295036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.607343912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.607366085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.607407093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.607446909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.607491016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.607534885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.607536077 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.607578993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.607623100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.607666016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.607708931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.607753038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.607796907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.607851028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.607877970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.607887983 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.607928038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.607983112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.608027935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.608057022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.608103037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.608154058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.608198881 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.608242989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.608261108 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.608289003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.608336926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.608381033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.608424902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.608468056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.608525991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.608551979 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.608607054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.608663082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.608679056 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.608709097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.608757973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.608803034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.608850002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.608879089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.608925104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.608969927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.609014988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.609061003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.609098911 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.609106064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.609150887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.609199047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.609251022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.609296083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.609340906 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.609385967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.609431982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.609467030 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.609486103 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.609535933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.609580040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.609818935 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.631314993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.631498098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.631604910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.631617069 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.631691933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.631805897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.631889105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.632036924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.632041931 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.632152081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.632277012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.632395983 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.632512093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.632524014 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.632647038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.632730961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.632791042 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.632863045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.632868052 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.632956028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.633070946 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.633197069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.633290052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.633290052 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.633363008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.633446932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.633522987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.633565903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.633613110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.633657932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.633657932 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.633733988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.633797884 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.633848906 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.633917093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.633949041 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.633980036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.634011030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.634053946 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.634073019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.634084940 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.634093046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.634144068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.634187937 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.634232044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.634274960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.634319067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.634377003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.634407997 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.634453058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.634500980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.634546995 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.634561062 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.634587049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.634627104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.634666920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.634711981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.634757042 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.634797096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.634838104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.634877920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.634917974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.634958029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.634998083 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.635035038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.635081053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.635121107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.635164976 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.635209084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.635251999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.635296106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.635339022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.635377884 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.635381937 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.635422945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.635466099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.635509968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.635555029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.635605097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.635628939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.635674953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.635718107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.635741949 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.635762930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.635807037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.635849953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.635894060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.635937929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.635982037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.636025906 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.636070013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.636105061 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.636112928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.636157036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.636200905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.636245012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.636288881 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.636332989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.636379957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.636406898 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.636451960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.636496067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.636498928 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.636539936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.636583090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.636626959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.636670113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.636713982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.636758089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.636801958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.636845112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.636888027 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.636888981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.636941910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.636986017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.637029886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.637073994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.637119055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.637162924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.637207031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.637232065 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.637249947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.637293100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.637336016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.637384892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.637428045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.637475967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.637523890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.637567997 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.637610912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.637615919 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.637655020 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.637698889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.637742996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.637790918 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.637835026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.637878895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.637922049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.637965918 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.638009071 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.638012886 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.638052940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.638096094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.638139009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.638181925 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.638230085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.638256073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.638314009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.638334990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.638379097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.638389111 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.638421059 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.638464928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.638508081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.638556004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.638598919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.638643026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.638686895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.638730049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.638772964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.638772011 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.638816118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.638859987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.638902903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.638947964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.638995886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.639038086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.639079094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.639118910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.639144897 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.639159918 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.639199972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.639240026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.639280081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.639323950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.639367104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.639410973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.639456034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.639502048 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.639920950 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.661215067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.661329031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.661429882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.661530972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.661557913 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.661628008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.661703110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.661842108 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.661876917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.661932945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.661952019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.661952972 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.662055016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.662146091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.662204981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.662302971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.662403107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.662420988 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.662508011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.662553072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.662620068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.662724972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.662784100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.662821054 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.662889957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.662944078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.662969112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.663027048 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.663074970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.663131952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.663171053 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.663176060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.663217068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.663260937 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.663304090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.663352966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.663395882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.663439989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.663491964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.663518906 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.663573980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.663609028 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.663629055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.663672924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.663717031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.663760900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.663804054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.663847923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.663892984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.663922071 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.663970947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.663995028 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.664015055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.664057970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.664100885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.664145947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.664189100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.664232016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.664275885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.664319038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.664361954 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.664406061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.664437056 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.664448977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.664493084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.664535999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.664578915 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.664622068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.664664984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.664709091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.664752007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.664787054 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.664794922 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.664839029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.664882898 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.664926052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.664969921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.665018082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.665065050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.665092945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.665138960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.665138960 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.665167093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.665211916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.665256023 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.665298939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.665379047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.665436029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.665481091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.665524006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.665544987 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.665568113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.665611982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.665654898 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.665699005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.665755987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.665785074 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.665808916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.665853977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.665909052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.665931940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.665932894 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.665973902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.666013956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.666054010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.666094065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.666134119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.666182041 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.666203976 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.666249037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.666291952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.666336060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.666368961 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.666379929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.666424036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.666466951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.666521072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.666541100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.666584969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.666629076 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.666671991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.666714907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.666729927 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.666758060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.666800976 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.666843891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.666887045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.666930914 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.666974068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.667037010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.667081118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.667098999 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.667124987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.667171001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.667232990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.667254925 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.667305946 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.667350054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.667396069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.667423964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.667462111 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.667480946 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.667503119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.667547941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.667598963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.667624950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.667669058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.667731047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.667757034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.667802095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.667845964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.667845964 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.667890072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.667932987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.667975903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.668019056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.668065071 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.668092966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.668137074 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.668184996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.668227911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.668237925 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.668272018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.668314934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.668358088 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.668402910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.668453932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.668498039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.668541908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.668585062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.668631077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.668644905 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.668684959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.668729067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.668772936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.668817043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.668864965 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.669262886 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.690850019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.690978050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.691194057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.691271067 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.691296101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.691369057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.691440105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.691538095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.691618919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.691718102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.691772938 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.691793919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.691885948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.692007065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.692097902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.692203999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.692209959 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.692270041 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.692322016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.692394018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.692467928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.692567110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.692622900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.692682981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.692718983 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.692753077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.692804098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.692848921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.692893028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.692938089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.692981958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.693027020 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.693070889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.693095922 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.693118095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.693160057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.693201065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.693242073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.693283081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.693324089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.693365097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.693406105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.693448067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.693489075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.693487883 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.693531036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.693572044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.693613052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.693672895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.693743944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.693810940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.693855047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.693919897 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.693933010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.693991899 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.694036961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.694087029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.694132090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.694178104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.694221973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.694267988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.694313049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.694356918 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.694380045 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.694401979 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.694446087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.694490910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.694535017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.694578886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.694623947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.694699049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.694775105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.694825888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.694860935 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.694878101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.694922924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.694967031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.695023060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.695067883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.695113897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.695158958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.695203066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.695247889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.695291996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.695292950 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.695343018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.695386887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.695444107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.695528984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.695611954 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.695668936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.695687056 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.695744038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.695791006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.695863962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.695945024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.696026087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.696085930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.696106911 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.696132898 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.696177959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.696223021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.696304083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.696357012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.696439981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.696485996 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.696491003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.696532965 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.696578026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.696624994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.696670055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.696715117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.696758986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.696803093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.696841002 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.696847916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.696891069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.696934938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.696979046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.697024107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.697067976 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.697112083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.697165012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.697228909 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.697257042 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.697314978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.697390079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.697468996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.697519064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.697590113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.697662115 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.697710037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.697719097 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.697755098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.697801113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.697865009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.697945118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.698035955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.698071003 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.698108912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.698156118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.698224068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.698265076 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.698347092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.698426962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.698457003 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.698476076 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.698522091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.698564053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.698626995 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.698704004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.698781013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.698827982 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.698829889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.698872089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.698913097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.698955059 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.699034929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.699079037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.699124098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.699168921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.699198961 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.699213028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.699258089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.699301958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.699362040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.699385881 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.699409962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.699434042 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.699459076 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.699505091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.699526072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.699554920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.699563980 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.699579954 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.699609041 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.699631929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.699656963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.699697971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.699935913 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.721323967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.721411943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.721503973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.721520901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.721545935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.721560001 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.721580029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.721632957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.721677065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.721716881 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.721741915 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.721781969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.721800089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.721831083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.721868992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.721899986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.721924067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.721962929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.722012043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.722016096 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.722026110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.722048998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.722081900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.722111940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.722136021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.722178936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.722204924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.722228050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.722251892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.722290993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.722335100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.722358942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.722402096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.722433090 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.722444057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.722469091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.722506046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.722547054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.722573042 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.722615957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.722640038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.722645998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.722675085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.722738981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.722781897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.722806931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.722834110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.722867012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.722892046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.722954035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.722960949 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.723033905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.723062992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.723121881 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.723222971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.723272085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.723315954 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.723386049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.723412991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.723455906 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.723462105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.723506927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.723552942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.723601103 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.723659039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.723685980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.723740101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.723764896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.723841906 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.723889112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.723931074 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.723932028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.723978043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.724036932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.724106073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.724157095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.724215031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.724284887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.724334955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.724373102 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.724375963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.724416971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.724459887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.724517107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.724560022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.724600077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.724661112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.724700928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.724749088 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.724793911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.724844933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.724919081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.724935055 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.724965096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.725019932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.725089073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.725141048 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.725184917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.725229025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.725272894 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.725342035 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.725343943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.725394011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.725440979 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.725483894 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.725538969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.725593090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.725636005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.725677967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.725744963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.725797892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.725853920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.725871086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.725914955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.725959063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.726027012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.726073027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.726114988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.726162910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.726205111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.726243973 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.726259947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.726308107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.726352930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.726397038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.726440907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.726501942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.726526022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.726552010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.726608038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.726618052 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.726634026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.726661921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.726735115 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.726782084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.726828098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.726893902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.726939917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.726991892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.727046967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.727091074 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.727127075 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.727137089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.727205038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.727256060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.727303982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.727349043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.727402925 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.727448940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.727497101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.727531910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.727571964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.727571964 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.727622032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.727667093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.727711916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.727777958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.727823973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.727868080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.727910995 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.727926970 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.727956057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.728002071 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.728056908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.728076935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.728117943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.728202105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.728261948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.728308916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.728307962 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.728353977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.728398085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.728441954 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.728486061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.728538036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.728766918 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.750272989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.750426054 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.750468016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.750695944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.750828028 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.750843048 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.751002073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.751101971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.751190901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.751214027 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.751267910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.751343012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.751418114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.751492977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.751590014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.751638889 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.751657963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.751720905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.751776934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.751847982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.751912117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.751979113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.752028942 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.752058029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.752123117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.752187967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.752286911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.752355099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.752456903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.752465010 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.752520084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.752584934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.752669096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.752733946 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.752826929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.752850056 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.752927065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.753021002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.753062963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.753129959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.753201008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.753259897 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.753268957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.753334999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.753410101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.753489971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.753570080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.753654957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.753683090 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.753726959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.753801107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.753870964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.753943920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.754010916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.754056931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.754123926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.754125118 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.754189968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.754276037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.754342079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.754729986 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.898380995 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.920010090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.920059919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.920106888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.920140982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.920172930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.920175076 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.920211077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.920242071 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.920270920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.920300961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.920330048 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.920357943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.920386076 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.920413971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.920440912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.920468092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.920496941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.920526028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.920552969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.920582056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.920608997 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.920612097 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.920638084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.920666933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.920695066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.920722008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.920749903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.920777082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.920804977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.920833111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.920860052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.920886993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.920916080 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.920943975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.920972109 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.920999050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.921026945 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.921029091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.921058893 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.921087980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.921116114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.921143055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.921170950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.921197891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.921226025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.921255112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.921283960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.921312094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.921340942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.921369076 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.921397924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.921425104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.921448946 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.921452999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.921483040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.921511889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.921539068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.921566963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.921593904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.921621084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.921648979 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.921677113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.921705008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.921732903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.921765089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.921797991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.921828985 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.921857119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.921884060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.921900034 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.921914101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.921947002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.921979904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.922009945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.922039986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.922066927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.922095060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.922122002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.922147989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.922175884 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.922208071 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.922246933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.922280073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.922283888 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.922313929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.922348022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.922377110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.922405958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.922432899 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.922461033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.922487974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.922513962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.922540903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.922568083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.922601938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.922640085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.922672987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.922672033 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.922705889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.922739983 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.922770977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.922799110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.922826052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.922852993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.922880888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.922908068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.922935963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.922969103 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.923019886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.923058987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.923084021 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.923093081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.923126936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.923160076 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.923197985 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.923226118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.923253059 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.923280001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.923307896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.923336983 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.923363924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.923396111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.923435926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.923470020 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.923470974 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.923505068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.923538923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.923573971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.923607111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.923648119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.923665047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.923683882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.923712969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.923743010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.923775911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.923813105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.923846006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.923873901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.923883915 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.923907042 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.923938990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.923968077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.923993111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.924026012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.924056053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.924091101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.924118042 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.924150944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.924181938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.924211025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.924241066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.924269915 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.924300909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.924334049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.924354076 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.924384117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.924412012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.924441099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.924469948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.924501896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.924530983 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.924563885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.924595118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.924626112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.924654007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.924683094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.924710989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.924750090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.924782038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.924812078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.924869061 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.924936056 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.925740004 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.946623087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.946690083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.946748018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.946804047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.946855068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.946872950 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.946903944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.946958065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.947024107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.947076082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.947128057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.947180033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.947227955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.947278023 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.947307110 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.947333097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.947390079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.947443008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.947489977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.947537899 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.947592974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.947648048 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.947700977 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.947704077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.947750092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.947782993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.947834969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.947887897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.947923899 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.947967052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.948000908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.948033094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.948065042 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.948091984 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.948118925 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.948173046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.948229074 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.948283911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.948335886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.948389053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.948427916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.948467970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.948491096 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.948502064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.948559046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.948574066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.948595047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.948626995 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.948662043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.948695898 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.948729992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.948762894 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.948796988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.948831081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.948864937 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.948884010 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.948899031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.948932886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.948966026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.948998928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.949032068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.949064016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.949095964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.949127913 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.949161053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.949193001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.949225903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.949258089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.949290037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.949296951 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.949322939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.949353933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.949388027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.949426889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.949460030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.949491978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.949523926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.949557066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.949589968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.949621916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.949654102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.949687004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.949718952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.949723005 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.949752092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.949784994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.949817896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.949851990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.949884892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.949917078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.949949980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.949982882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.950015068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.950047970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.950079918 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.950113058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.950144053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.950143099 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.950180054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.950211048 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.950242043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.950273037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.950300932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.950330973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.950361013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.950392962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.950423956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.950454950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.950484037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.950514078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.950545073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.950552940 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.950576067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.950607061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.950638056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.950668097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.950699091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.950730085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.950758934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.950788021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.950819969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.950850010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.950880051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.950911045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.950942993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.950947046 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.950973988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.951028109 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.951066971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.951257944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.951287031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.951314926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.951343060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.951375961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.951407909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.951412916 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.951441050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.951476097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.951508999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.951540947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.951561928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.951745987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.951772928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.951801062 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.951832056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.951862097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.951894045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.951903105 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.951925039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.951956034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.951987028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.952018023 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.952050924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.952059031 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.952080965 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.952114105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.952145100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.952178955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.952209949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.952236891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.952269077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.952300072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.952332020 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.952363968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.952409029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.952416897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.952445030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.952470064 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.952472925 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.952503920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.952534914 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.952567101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.952598095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.952630043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.952661037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.952958107 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.974381924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.974450111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.974498034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.974526882 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.974541903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.974586964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.974666119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.974721909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.974785089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.974857092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.974903107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.975008011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.975047112 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.975054979 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.975115061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.975174904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.975234032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.975298882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.975368023 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.975435019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.975495100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.975493908 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.975539923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.975589991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.975641966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.975687981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.975872040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.975919962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.975934982 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.975965023 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.976010084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.976053953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.976098061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.976142883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.976188898 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.976222038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.976259947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.976316929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.976336956 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.976362944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.976407051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.976450920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.976495028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.976540089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.976583958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.976627111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.976680040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.976701975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.976751089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.976809025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.976823092 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.976835966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.976878881 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.976919889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.976960897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.977003098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.977050066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.977116108 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.977163076 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.977212906 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.977255106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.977256060 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.977296114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.977344990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.977368116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.977427959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.977484941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.977531910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.977581024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.977631092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.977638006 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.977684021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.977735043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.977782965 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.977864027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.977915049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.977962971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.978010893 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.978025913 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.978065968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.978113890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.978171110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.978219032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.978276014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.978298903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.978327990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.978394032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.978449106 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.978455067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.978466988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.978508949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.978549957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.978591919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.978641987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.978667974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.978713989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.978759050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.978801966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.978846073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.978888988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.978933096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.978976011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.979026079 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.979069948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.979115963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.979160070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.979203939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.979247093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.979290962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.979335070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.979378939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.979428053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.979456902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.979471922 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.979486942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.979516029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.979545116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.979573011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.979605913 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.979621887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.979649067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.979680061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.979710102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.979738951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.979768038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.979798079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.979826927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.979868889 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.979872942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.979887009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.979919910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.979952097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.979984045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.980015993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.980047941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.980079889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.980118990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.980150938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.980182886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.980221987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.980253935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.980285883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.980318069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.980350971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.980350971 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.980389118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.980418921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.980454922 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.980485916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.980515003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.980545044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.980573893 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.980602980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.980632067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.980662107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.980690956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.980726004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.980755091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.980783939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.980809927 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.980813026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.980844975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.980871916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.980899096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.980925083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.980958939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.980984926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.981012106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.981038094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.981070995 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.981097937 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.981123924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.981154919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.981172085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.981204987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:44.981244087 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:44.981791019 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.002846003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.002914906 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.002959967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.003060102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.003104925 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.003166914 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.003232956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.003319025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.003375053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.003437996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.003504992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.003590107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.003659964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.003747940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.003808975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.003880978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.003926039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.003995895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.004046917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.004100084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.004136086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.004188061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.004244089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.004309893 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.004373074 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.004420996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.004470110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.004503965 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.004566908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.004615068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.004672050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.004728079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.004779100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.004836082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.004884005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.004919052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.004973888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.005040884 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.005115986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.005172014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.005183935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.005213022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.005264044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.005285978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.005321026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.005354881 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.005390882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.005434036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.005469084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.005503893 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.005534887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.005568981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.005599976 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.005630970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.005661011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.005692959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.005728006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.005763054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.005796909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.005830050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.005866051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.005899906 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.005934000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.005971909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.006006956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.006041050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.006076097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.006109953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.006141901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.006170988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.006200075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.006227970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.006261110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.006293058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.006325006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.006354094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.006386042 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.006417036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.006447077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.006479979 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.006513119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.006545067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.006577969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.006609917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.006643057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.006675959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.006709099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.006741047 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.006774902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.006808043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.006838083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.006872892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.006912947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.006949902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.006994963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.007030964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.007065058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.007100105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.007137060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.007170916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.007208109 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.007247925 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.007280111 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.007287025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.007320881 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.007354975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.007400990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.007410049 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.007437944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.007473946 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.007514000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.007551908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.007590055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.007597923 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.007628918 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.007666111 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.007668018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.007707119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.007746935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.007786036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.007827044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.007868052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.007905006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.007941008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.007977962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.008017063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.008050919 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.008053064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.008089066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.008127928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.008171082 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.008210897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.008254051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.008296013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.008333921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.008374929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.008414984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.008445024 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.008455992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.008493900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.008543015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.008582115 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.008621931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.008658886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.008706093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.008722067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.008759022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.008805037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.008833885 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.008838892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.008877039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.008915901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.008954048 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.008995056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.009030104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.009076118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.009090900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.009116888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.009160995 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.009171009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.009186983 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.009263039 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.009403944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.009445906 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.009493113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.009514093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.009552002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.009589911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.009628057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.009654999 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.009665012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.010200977 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.031338930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.031413078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.031466007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.031507969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.031567097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.031574011 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.031621933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.031678915 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.031733036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.031780005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.031845093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.031909943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.031944990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.031975031 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.031992912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.032069921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.032126904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.032175064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.032210112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.032264948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.032320976 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.032386065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.032413960 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.032438993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.032489061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.032541037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.032589912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.032641888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.032694101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.032742977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.032793999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.032814026 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.032846928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.032886982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.032921076 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.032974005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.033046007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.033099890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.033144951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.033190012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.033198118 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.033226967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.033272982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.033318996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.033350945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.033385992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.033423901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.033472061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.033504963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.033538103 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.033570051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.033602953 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.033603907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.033638000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.033670902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.033704042 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.033735991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.033768892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.033802986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.033838034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.033869982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.033905029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.033938885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.033972025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.034004927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.034037113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.034049034 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.034070015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.034101963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.034133911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.034168959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.034202099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.034238100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.034271955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.034312963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.034352064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.034373045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.034411907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.034435987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.034437895 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.034471989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.034506083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.034539938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.034574032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.034609079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.034646034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.034666061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.034699917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.034739017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.034773111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.034805059 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.034837008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.034868956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.034887075 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.034900904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.034934998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.034966946 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.035028934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.035067081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.035101891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.035135984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.035167933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.035201073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.035233021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.035267115 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.035309076 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.035341978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.035382986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.035401106 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.035403013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.035438061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.035480022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.035512924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.035548925 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.035583973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.035618067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.035654068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.035711050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.035746098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.035778999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.035813093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.035821915 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.035846949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.035883904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.035918951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.035950899 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.035984039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.036015987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.036048889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.036082983 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.036114931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.036145926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.036178112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.036211014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.036242962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.036253929 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.036277056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.036309958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.036343098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.036377907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.036410093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.036443949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.036475897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.036508083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.036539078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.036570072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.036602974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.036636114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.036659002 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.036669016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.036700964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.036734104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.036766052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.036799908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.036832094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.036865950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.036899090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.036932945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.036966085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.036998034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.037029982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.037062883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.037070036 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.037096977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.037128925 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.037163019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.037195921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.037229061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.037260056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.037290096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.037322998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.037357092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.037389040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.037424088 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.037456989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.037489891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.037494898 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.038968086 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.058988094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.059102058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.059151888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.059190035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.059221029 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.059226036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.059266090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.059303045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.059339046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.059379101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.060563087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.060623884 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.060666084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.060775995 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.309537888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.310072899 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.785507917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.786783934 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.901936054 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.923599005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.923624992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.923677921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.923717022 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.923721075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.923762083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.923801899 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.923841953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.923882008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.923923016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.923963070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.924002886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.924043894 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.924086094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.924127102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.924165964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.924174070 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.924206972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.924249887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.924290895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.924333096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.924371958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.924412966 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.924454927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.924495935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.924535990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.924576044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.924598932 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.924623013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.924665928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.924710035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.924751043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.924792051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.924834013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.924875021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.924916983 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.924958944 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.924999952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.925031900 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.925040007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.925077915 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.925118923 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.925158978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.925200939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.925251961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.925267935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.925323963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.925348997 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.925394058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.925435066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.925477028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.925518990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.925553083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.925575972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.925584078 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.925621986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.925666094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.925705910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.925745010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.925786972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.925827980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.925868034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.925908089 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.925949097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.925987959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.926027060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.926068068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.926095963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.926137924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.926173925 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.926177025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.926218033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.926258087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.926297903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.926337004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.926374912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.926413059 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.926450968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.926490068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.926527023 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.926564932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.926604033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.926642895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.926681995 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.926719904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.926758051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.926796913 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.926826954 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.926835060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.926872969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.926912069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.926951885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.927006960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.927047968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.927086115 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.927128077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.927166939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.927203894 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.927242994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.927278042 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.927280903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.927320957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.927360058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.927398920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.927436113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.927474976 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.927512884 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.927551031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.927588940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.927627087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.927664995 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.927705050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.927727938 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.927742004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.927778959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.927814007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.927846909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.927880049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.927916050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.927952051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.927987099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.928021908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.928057909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.928097963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.928136110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.928174019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.928193092 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.928211927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.928251028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.928289890 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.928327084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.928364992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.928404093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.928442001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.928479910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.928519964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.928558111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.928596973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.928631067 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.928634882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.928683996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.928733110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.928755045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.928793907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.928829908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.928865910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.928900957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.928936005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.928972960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.929008007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.929044008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.929075003 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.929078102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.929115057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.929151058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.929186106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.929223061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.929260015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.929296017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.929332018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.929367065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.929403067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.929445028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.929466963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.929503918 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.929539919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.929563046 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.929577112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.929614067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.929650068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.929686069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.929722071 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.929755926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.929791927 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.929827929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.930531979 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.951550961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.951659918 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.951714039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.951780081 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.951792955 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.951838017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.951908112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.951994896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.952064991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.952136040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.952178955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.952200890 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.952244043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.952337980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.952363014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.952399015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.952461004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.952522039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.952575922 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.952610016 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.952657938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.952692986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.952749968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.952842951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.952886105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.952944040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.952979088 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.953017950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.953044891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.953083992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.953151941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.953198910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.953252077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.953315973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.953363895 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.953366995 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.953425884 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.953480959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.953521967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.953560114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.953602076 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.953638077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.953675032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.953712940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.953752041 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.953785896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.953814030 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.953824043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.953864098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.953897953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.953931093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.953967094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.954003096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.954041004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.954080105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.954118013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.954154968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.954186916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.954220057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.954252958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.954292059 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.954335928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.954372883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.954408884 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.954446077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.954488039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.954530001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.954566956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.954602003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.954641104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.954684019 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.954724073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.954750061 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.954761028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.954794884 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.954833984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.954876900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.954920053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.954962015 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.955038071 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.955080032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.955122948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.955164909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.955208063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.955248117 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.955270052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.955322027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.955369949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.955424070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.955480099 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.955532074 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.955581903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.955630064 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.955682993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.955739021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.955813885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.955837965 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.955893993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.955919027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.955935001 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.955971956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.956032038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.956084013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.956131935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.956180096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.956232071 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.956290007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.956347942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.956403971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.956445932 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.956453085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.956499100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.956547022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.956602097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.956657887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.956707954 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.956756115 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.956804037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.956868887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.956909895 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.956926107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.956975937 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.957024097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.957072020 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.957127094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.957181931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.957230091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.957278013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.957324982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.957328081 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.957380056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.957437038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.957494020 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.957551956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.957602024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.957649946 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.957706928 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.957741022 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.957763910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.957813025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.957861900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.957916021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.957969904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.958020926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.958070993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.958105087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.958108902 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.958162069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.958214998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.958266973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.958321095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.958373070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.958420038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.958468914 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.958518028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.958530903 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.958569050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.958625078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.958681107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.958734035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.958785057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.958833933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.958878040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.958921909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.958972931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.959003925 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.959047079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.959100962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.959156990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.959208965 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.959260941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.959319115 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.959359884 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.959377050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.959435940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.959486961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.959534883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.959589005 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.959642887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.959676981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.959733963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.959800959 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.960654974 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.981363058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.981430054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.981511116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.981560946 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.981581926 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.981626987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.981718063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.981785059 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.981873035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.981937885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.982006073 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.982064009 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.982095957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.982144117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.982234001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.982326984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.982393980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.982481003 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.982547045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.982582092 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.982628107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.982683897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.982739925 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.982822895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.982898951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.982955933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.983062983 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.983083010 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.983119011 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.983182907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.983243942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.983309031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.983352900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.983441114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.983530045 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.983567953 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.983588934 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.983642101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.983685970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.983727932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.983771086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.983814955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.983860016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.983900070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.983942032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.983966112 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.983983994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.984033108 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.984076977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.984119892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.984169006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.984189987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.984236002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.984277010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.984327078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.984369993 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.984409094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.984431982 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.984445095 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.984493971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.984533072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.984579086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.984600067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.984638929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.984662056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.984721899 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.984747887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.984810114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.984829903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.984884024 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.984924078 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.984940052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.984965086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.985011101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.985050917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.985085964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.985120058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.985156059 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.985196114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.985240936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.985280037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.985316038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.985353947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.985388041 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.985390902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.985433102 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.985476017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.985500097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.985522032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.985577106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.985610962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.985641956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.985676050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.985716105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.985749960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.985785961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.985807896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.985830069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.985851049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.985879898 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.985888958 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.985905886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.985929012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.985960960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.985985994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986010075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986035109 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986058950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986087084 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986110926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986136913 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986167908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986191988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986218929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986243010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986268044 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986291885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986316919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986342907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986366987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986391068 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986414909 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986444950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986455917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986469984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986471891 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.986504078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986527920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986552954 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986577034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986601114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986624956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986649036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986673117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986696959 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986727953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986742973 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986752987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986778021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986805916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986818075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986845970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986855030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986882925 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986910105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986934900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986958981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.986989975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.987015963 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.987040997 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.987071037 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.987073898 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.987086058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.987098932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.987126112 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.987153053 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.987176895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.987200975 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.987229109 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.987241030 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.987265110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.987288952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.987313986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.987338066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.987361908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.987385988 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.987410069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.987433910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.987457991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.987482071 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.987505913 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.987529039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.987552881 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.987571001 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:45.987576962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.987601042 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.987624884 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:45.988348007 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:46.009111881 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.009165049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.009200096 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.009223938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.009263992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.009293079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.009318113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.009352922 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.009377956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.009416103 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.009442091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.009479046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.009519100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.009552956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.009605885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.009619951 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:46.009640932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.009687901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.009711981 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.009747982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.009771109 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.009807110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.009835958 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.009860039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.009880066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.009917021 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.009941101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.009975910 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.010032892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.010049105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.010068893 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.010097027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.010140896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.010139942 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:46.010181904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.010222912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.010247946 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.010287046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.010322094 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.010345936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.010385036 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.010410070 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.010447979 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.010488987 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.010513067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.010551929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.010576010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.010615110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.010649920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.010660887 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:46.010674953 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.010703087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.010730028 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.010772943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.010797977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.010837078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.010863066 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.010914087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.010938883 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.010948896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011050940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011065006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011091948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011123896 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011153936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011174917 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:46.011183977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011208057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011231899 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011255980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011279106 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011302948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011328936 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011342049 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011367083 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011390924 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011419058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011442900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011466980 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011491060 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011513948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011538029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011560917 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011584997 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011606932 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011629105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011651039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011672974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011694908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011723042 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011734009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011749029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011770010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011787891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011807919 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011832952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011857033 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011882067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011904955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011940002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011950016 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:46.011962891 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.011989117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012001991 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012027979 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012051105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012073994 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012096882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012120008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012142897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012166977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012190104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012212992 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012237072 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012259960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012283087 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012312889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012326956 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012336969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012367010 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012379885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012393951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012419939 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012447119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012475014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012485027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012500048 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012521029 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012542009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012562990 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012583971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012603998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012624979 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012650013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012697935 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012705088 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:46.012715101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012722969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012761116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012785912 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:46.012792110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012818098 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012845039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012866974 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012891054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012913942 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012937069 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012960911 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.012984037 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.013008118 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.013034105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.013057947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.013079882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.013102055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.013123035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.013144970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.013165951 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.013187885 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.013209105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.013231039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.013252020 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.013273001 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.013273954 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:46.013293982 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.013314962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.013336897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.013360023 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.013391972 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.013432026 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.013473034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.013514996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.013556004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.013664961 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:46.035273075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.035435915 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:46.035439014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.035536051 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.035600901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.035665989 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.035741091 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.035821915 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.035892010 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:46.035926104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.036000967 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.036075115 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.036174059 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.036282063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.036315918 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:46.036335945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.036406040 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.036478996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.036551952 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.036655903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.036739111 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.036746979 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:46.036767006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.036843061 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.036916018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.037014961 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.037111998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.037161112 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:46.037179947 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.037210941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.037236929 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.037286043 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.037329912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.037374020 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.037417889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.037462950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.037507057 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.037550926 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.037595034 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.037638903 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.037638903 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:46.037683964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.037728071 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.037774086 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.037817955 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.037883997 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.037957907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.038021088 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.038068056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.038110971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.038151026 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:46.038155079 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.038199902 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.038244009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.038288116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.038331032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.038376093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.038419962 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.038465023 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.038508892 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.038552999 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.038573980 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:46.038599014 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.038640022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.038680077 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.038721085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.038760900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.038801908 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.038842916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.038882971 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.038927078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.038964033 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:46.038971901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.039056063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.039103985 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.039149046 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.039194107 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.039238930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.039268017 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.039305925 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.039346933 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.039388895 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.039428949 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.039438009 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:46.039469957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.039510965 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.039558887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.039613008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.039657116 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.039700031 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.039743900 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.039788008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.039835930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.039835930 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:46.039889097 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.039911032 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.039969921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.039989948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.040035009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.040079117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.040122986 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.040167093 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.040213108 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.040257931 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.040286064 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:46.040302038 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.040349960 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.040375948 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.040460110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.040530920 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.040591002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.040647984 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.040703058 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.040716887 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:46.040770054 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.040821075 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.040870905 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.040919065 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.040967941 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.041017056 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.041064978 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.041114092 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.041141987 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:46.041166067 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.041214943 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.041263103 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.041318893 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.041368008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.041415930 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.041465998 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.041520119 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.041568995 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.041584969 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:46.041625023 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.041672945 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.041723013 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.041771889 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.041821957 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.041874886 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.041924000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.041973114 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.041990042 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:46.042027950 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.042078018 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.042131901 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.042157888 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.042217970 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.042242050 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.042303085 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.042371035 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.042388916 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.042445898 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.042473078 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.042488098 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:46.042521000 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.042567968 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.042597055 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.042650938 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.042700052 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.042749882 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.042798996 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.042848110 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.042897940 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.042948008 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.042958021 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:46.043011904 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.043064117 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.043119907 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.043169022 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.043217897 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.043267012 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.043315887 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.043365002 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.043437004 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.043447018 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:46.043509007 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.043581009 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.043651104 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.043728113 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.043797016 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.043874025 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.043904066 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:46.043945074 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.044013977 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.044476032 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:46.065529108 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.065586090 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.065829039 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.065871000 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:46.065882921 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.065917969 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.065952063 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.065984964 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.066018105 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.066051006 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.066085100 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.066121101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.066191912 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.066227913 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.066277027 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.066296101 CEST	80	49190	82.102.16.18	192.168.1.13
Jul 30, 2018 13:23:46.066473961 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:46.549315929 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:48.001532078 CEST	80	49188	198.72.111.203	192.168.1.13
Jul 30, 2018 13:23:48.001656055 CEST	49188	80	192.168.1.13	198.72.111.203
Jul 30, 2018 13:23:48.577863932 CEST	80	49189	64.15.159.203	192.168.1.13
Jul 30, 2018 13:23:48.578478098 CEST	49189	80	192.168.1.13	64.15.159.203
Jul 30, 2018 13:23:57.078109026 CEST	49190	80	192.168.1.13	82.102.16.18
Jul 30, 2018 13:23:57.078356028 CEST	49188	80	192.168.1.13	198.72.111.203
Jul 30, 2018 13:23:57.078519106 CEST	49189	80	192.168.1.13	64.15.159.203
Jul 30, 2018 13:26:25.569044113 CEST	60171	3702	192.168.1.13	239.255.255.250
Jul 30, 2018 13:26:25.569053888 CEST	60171	3702	192.168.1.13	239.255.255.250
Jul 30, 2018 13:26:25.576225042 CEST	49191	5357	192.168.1.13	192.168.1.60
Jul 30, 2018 13:26:25.664560080 CEST	60171	3702	192.168.1.13	239.255.255.250
Jul 30, 2018 13:26:25.664571047 CEST	60171	3702	192.168.1.13	239.255.255.250
Jul 30, 2018 13:26:28.153909922 CEST	3702	61463	192.168.1.13	192.168.1.60
Jul 30, 2018 13:26:28.223644972 CEST	3702	53031	192.168.1.13	192.168.1.60
Jul 30, 2018 13:26:28.278332949 CEST	3702	61463	192.168.1.13	192.168.1.60
Jul 30, 2018 13:26:28.364969015 CEST	3702	53031	192.168.1.13	192.168.1.60
Jul 30, 2018 13:26:28.568691015 CEST	60171	3702	192.168.1.13	239.255.255.250
Jul 30, 2018 13:26:28.568706036 CEST	60171	3702	192.168.1.13	239.255.255.250
Jul 30, 2018 13:26:28.573443890 CEST	49192	5357	192.168.1.13	192.168.1.60
Jul 30, 2018 13:26:28.665442944 CEST	60171	3702	192.168.1.13	239.255.255.250
Jul 30, 2018 13:26:28.665453911 CEST	60171	3702	192.168.1.13	239.255.255.250
Jul 30, 2018 13:26:31.582186937 CEST	49192	5357	192.168.1.13	192.168.1.60
Jul 30, 2018 13:26:37.582453012 CEST	49192	5357	192.168.1.13	192.168.1.60

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 30, 2018 13:22:51.086455107 CEST	60171	3702	192.168.1.13	239.255.255.250
Jul 30, 2018 13:22:51.086467981 CEST	60171	3702	192.168.1.13	239.255.255.250
Jul 30, 2018 13:22:51.286025047 CEST	60171	3702	192.168.1.13	239.255.255.250
Jul 30, 2018 13:22:51.286036015 CEST	60171	3702	192.168.1.13	239.255.255.250
Jul 30, 2018 13:22:53.646048069 CEST	3702	61961	192.168.1.13	192.168.1.65
Jul 30, 2018 13:22:53.673592091 CEST	3702	63417	192.168.1.13	192.168.1.65
Jul 30, 2018 13:22:53.771148920 CEST	3702	63417	192.168.1.13	192.168.1.65
Jul 30, 2018 13:22:53.786199093 CEST	3702	61961	192.168.1.13	192.168.1.65
Jul 30, 2018 13:22:54.084621906 CEST	60171	3702	192.168.1.13	239.255.255.250
Jul 30, 2018 13:22:54.084634066 CEST	60171	3702	192.168.1.13	239.255.255.250
Jul 30, 2018 13:22:54.208456993 CEST	60171	3702	192.168.1.13	239.255.255.250
Jul 30, 2018 13:22:54.208470106 CEST	60171	3702	192.168.1.13	239.255.255.250
Jul 30, 2018 13:22:58.802534103 CEST	3702	57881	192.168.1.13	192.168.1.65
Jul 30, 2018 13:22:58.896260023 CEST	3702	57881	192.168.1.13	192.168.1.65
Jul 30, 2018 13:23:37.737744093 CEST	62130	53	192.168.1.13	8.8.8.8
Jul 30, 2018 13:23:37.764336109 CEST	53	62130	8.8.8.8	192.168.1.13
Jul 30, 2018 13:23:38.331739902 CEST	60535	53	192.168.1.13	8.8.8.8
Jul 30, 2018 13:23:38.343214989 CEST	53	60535	8.8.8.8	192.168.1.13
Jul 30, 2018 13:23:38.592550993 CEST	51725	53	192.168.1.13	8.8.8.8
Jul 30, 2018 13:23:38.625911951 CEST	53	51725	8.8.8.8	192.168.1.13
Jul 30, 2018 13:26:25.569044113 CEST	60171	3702	192.168.1.13	239.255.255.250
Jul 30, 2018 13:26:25.569053888 CEST	60171	3702	192.168.1.13	239.255.255.250
Jul 30, 2018 13:26:25.664560080 CEST	60171	3702	192.168.1.13	239.255.255.250
Jul 30, 2018 13:26:25.664571047 CEST	60171	3702	192.168.1.13	239.255.255.250
Jul 30, 2018 13:26:28.153909922 CEST	3702	61463	192.168.1.13	192.168.1.60
Jul 30, 2018 13:26:28.223644972 CEST	3702	53031	192.168.1.13	192.168.1.60
Jul 30, 2018 13:26:28.278332949 CEST	3702	61463	192.168.1.13	192.168.1.60
Jul 30, 2018 13:26:28.364969015 CEST	3702	53031	192.168.1.13	192.168.1.60
Jul 30, 2018 13:26:28.568691015 CEST	60171	3702	192.168.1.13	239.255.255.250
Jul 30, 2018 13:26:28.568706036 CEST	60171	3702	192.168.1.13	239.255.255.250
Jul 30, 2018 13:26:28.665442944 CEST	60171	3702	192.168.1.13	239.255.255.250
Jul 30, 2018 13:26:28.665453911 CEST	60171	3702	192.168.1.13	239.255.255.250

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jul 30, 2018 13:23:37.737744093 CEST	192.168.1.13	8.8.8.8	0xaf52	Standard query (0)	download-desktop.pdfescape.com	A (IP address)	IN (0x0001)
Jul 30, 2018 13:23:38.331739902 CEST	192.168.1.13	8.8.8.8	0xb06d	Standard query (0)	cdn.lulusoft.com	A (IP address)	IN (0x0001)
Jul 30, 2018 13:23:38.592550993 CEST	192.168.1.13	8.8.8.8	0xb41	Standard query (0)	download-desktop-msi.pdfescape.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Replay Code	Name	CName	Address	Type	Class
Jul 30, 2018 13:23:37.764336109 CEST	8.8.8.8	192.168.1.13	0xaf52	No error (0)	download-desktop.pdfescape.com	partner1.lulusoft.com		CNAME (Canonical name)	IN (0x0001)
Jul 30, 2018 13:23:37.764336109 CEST	8.8.8.8	192.168.1.13	0xaf52	No error (0)	partner1.lulusoft.com		198.72.111.203	A (IP address)	IN (0x0001)
Jul 30, 2018 13:23:38.343214989 CEST	8.8.8.8	192.168.1.13	0xb06d	No error (0)	cdn.lulusoft.com		64.15.159.203	A (IP address)	IN (0x0001)
Jul 30, 2018 13:23:38.625911951 CEST	8.8.8.8	192.168.1.13	0xb41	No error (0)	download-desktop-msi.pdfescape.com	pdfedesktopmsi.b-cdn.net		CNAME (Canonical name)	IN (0x0001)
Jul 30, 2018 13:23:38.625911951 CEST	8.8.8.8	192.168.1.13	0xb41	No error (0)	pdfedesktopmsi.b-cdn.net		82.102.16.18	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

download-desktop.pdfescape.com

cdn.lulusoft.com

download-desktop-msi.pdfescape.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.1.13	49188	198.72.111.203	80	C:\Windows\System32\msiexec.exe

Timestamp	kBytes transferred	Direction	Data
Jul 30, 2018 13:23:37.888092041 CEST	14	OUT	GET /module/glamour HTTP/1.1 Accept: / UA-CPU: AMD64 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: download-desktop.pdfescape.com Connection: Keep-Alive
Jul 30, 2018 13:23:38.000849962 CEST	14	IN	HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: http://cdn.lulusoft.com/download/pdfescape/pdfescape1/glamour Server: Microsoft-IIS/8.5 Set-Cookie: ASP.NET_SessionId=cy4bmcu3k2zqnim23jze021z; path=/; HttpOnly X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Mon, 30 Jul 2018 11:23:37 GMT Content-Length: 178 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 63 64 6e 2e 6c 75 6c 75 73 6f 66 74 2e 63 6f 6d 2f 64 6f 77 6e 6c 6f 61 64 2f 70 64 66 65 73 63 61 70 65 2f 70 64 66 65 73 63 61 70 65 31 2f 67 6c 61 6d 6f 75 72 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="http://cdn.lulusoft.com/download/pdfescape/pdfescape1/glamour">here</a>.</h2></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.1.13	49189	64.15.159.203	80	C:\Windows\System32\msiexec.exe

Timestamp	kBytes transferred	Direction	Data
Jul 30, 2018 13:23:38.455684900 CEST	15	OUT	GET /download/pdfescape/pdfescape1/glamour HTTP/1.1 Accept: / UA-CPU: AMD64 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: cdn.lulusoft.com Connection: Keep-Alive
Jul 30, 2018 13:23:38.578457117 CEST	16	IN	HTTP/1.1 302 Found Cache-Control: private Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 Location: http://download-desktop-msi.pdfescape.com/pdfescape3/glamour/PDFescape_Desktop_Installer_3.0.25.584.exe Server: Microsoft-IIS/8.5 X-AspNetMvc-Version: 4.0 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Mon, 30 Jul 2018 11:21:21 GMT Data Raw: 64 63 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 64 6f 77 6e 6c 6f 61 64 2d 64 65 73 6b 74 6f 70 2d 6d 73 69 2e 70 64 66 65 73 63 61 70 65 2e 63 6f 6d 2f 70 64 66 65 73 63 61 70 65 33 2f 67 6c 61 6d 6f 75 72 2f 50 44 46 65 73 63 61 70 65 5f 44 65 73 6b 74 6f 70 5f 49 6e 73 74 61 6c 6c 65 72 5f 33 2e 30 2e 32 35 2e 35 38 34 2e 65 78 65 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: dc<html><head><title>Object moved</title></head><body><h2>Object moved to <a href="http://download-desktop-msi.pdfescape.com/pdfescape3/glamour/PDFescape_Desktop_Installer_3.0.25.584.exe">here</a>.</h2></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.1.13	49190	82.102.16.18	80	C:\Windows\System32\msiexec.exe

Timestamp	kBytes transferred	Direction	Data
Jul 30, 2018 13:23:38.651240110 CEST	16	OUT	GET /pdfescape3/glamour/PDFescape_Desktop_Installer_3.0.25.584.exe HTTP/1.1 Accept: / UA-CPU: AMD64 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: download-desktop-msi.pdfescape.com Connection: Keep-Alive
Jul 30, 2018 13:23:38.677699089 CEST	17	IN	HTTP/1.1 200 OK Date: Mon, 30 Jul 2018 11:23:38 GMT Content-Type: application/octet-stream Content-Length: 12128040 Connection: keep-alive CDN-PullZone: 25750 CDN-Uid: 15e30e65-84f1-4a8c-b4f4-4fc1bbd3dd9f Last-Modified: Thu, 05 Jul 2018 13:00:29 GMT Cache-Control: public, max-age=2592000 CDN-CachedAt: 2018-07-05 20:41:50 CDN-RequestId: 42634753509ea416b6b1f3a7c8f0cc7e Server: BunnyCDN-DE1-276 CDN-Cache: HIT Accept-Ranges: bytes
Jul 30, 2018 13:23:38.678669930 CEST	18	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 Data Ascii: MZ@0!L!This program cannot be run in DOS mode.$*n`n`n`pC`r`sJ`Fd`}s`}H`ge`}`n`y`gA`n`bR`R
Jul 30, 2018 13:23:38.678735971 CEST	19	IN	Data Raw: 41 4d 44 0f 95 c0 09 c6 0f 85 69 00 00 00 b8 00 00 00 80 0f a2 3d 01 00 00 80 0f 82 57 00 00 00 89 c6 b8 01 00 00 80 0f a2 09 cd 81 e5 01 08 00 00 81 fe 08 00 00 80 0f 82 3a 00 00 00 b8 08 00 00 80 0f a2 0f b6 f1 46 b8 01 00 00 00 31 c9 0f a2 0f Data Ascii: AMDi=W:F191@'
Jul 30, 2018 13:23:38.678761959 CEST	21	IN	Data Raw: 83 fb 00 0f 84 5b 00 00 00 b9 08 00 00 00 0f c7 f2 0f 82 0d 00 00 00 e2 f5 e9 46 00 00 00 90 90 90 90 90 90 83 fb 04 0f 82 27 00 00 00 89 17 8d 7f 04 83 c0 04 83 eb 04 0f 84 26 00 00 00 b9 08 00 00 00 e9 c6 ff ff ff 90 90 90 90 90 90 90 90 90 90 Data Ascii: [F'&@K1[_WS1\|$\$[F'&@K1[_
Jul 30, 2018 13:23:38.678785086 CEST	22	IN	Data Raw: df 8d 84 28 42 39 fa ff 01 f8 8b 6e 20 c1 c0 04 89 df 01 d8 31 cf 8d 94 2a 81 f6 71 87 31 c7 8b 6e 2c 01 fa 89 c7 c1 c2 0b 01 c2 31 df 31 d7 8d 8c 29 22 61 9d 6d 01 f9 8b 6e 38 c1 c1 10 89 d7 01 d1 31 c7 8d 9c 2b 0c 38 e5 fd 31 cf 8b 6e 04 01 fb Data Ascii: (B9n 1q1n,11)"amn81+81n11(Dn1K1n11)`Kn(1+p1n411(~(.1*'1n11)0n
Jul 30, 2018 13:23:38.678807974 CEST	23	IN	Data Raw: cf cf cf 88 c3 88 e1 c1 ca 04 33 7c 1d 00 88 d3 33 bc 0d 00 02 00 00 88 f1 c1 e8 10 33 bc 1d 00 01 00 00 88 e3 c1 ea 10 33 bc 0d 00 03 00 00 88 f1 25 ff 00 00 00 81 e2 ff 00 00 00 33 bc 1d 00 06 00 00 33 bc 0d 00 07 00 00 8b 0c 24 33 bc 05 00 04 Data Ascii: 3\|333%33$33A1Q111%3t333%33$33A 1Q$111%3\|3
Jul 30, 2018 13:23:38.678848982 CEST	24	IN	Data Raw: c3 88 e1 c1 ca 04 33 7c 1d 00 88 d3 33 bc 0d 00 02 00 00 88 f1 c1 e8 10 33 bc 1d 00 01 00 00 88 e3 c1 ea 10 33 bc 0d 00 03 00 00 88 f1 25 ff 00 00 00 81 e2 ff 00 00 00 33 bc 1d 00 06 00 00 33 bc 0d 00 07 00 00 8b 0c 24 33 bc 05 00 04 00 00 33 bc Data Ascii: 3\|333%33$33Ah1Ql111%3t333%33$33Ap1Qt111%3\|3
Jul 30, 2018 13:23:38.678880930 CEST	25	IN	Data Raw: f2 25 fc fc fc fc 81 e2 cf cf cf cf 88 c3 88 e1 c1 ca 04 33 7c 1d 00 88 d3 33 bc 0d 00 02 00 00 88 f1 c1 e8 10 33 bc 1d 00 01 00 00 88 e3 c1 ea 10 33 bc 0d 00 03 00 00 88 f1 25 ff 00 00 00 81 e2 ff 00 00 00 33 bc 1d 00 06 00 00 33 bc 0d 00 07 00 Data Ascii: %3\|333%33$33A@1QD111%3t333%33$33A81Q<111%
Jul 30, 2018 13:23:38.678904057 CEST	26	IN	Data Raw: 8b 74 24 0c 31 c9 53 55 8b 06 8b 5c 24 1c 8b 7e 04 c1 c0 04 89 c6 31 f8 25 f0 f0 f0 f0 31 c6 31 c7 c1 c7 14 89 f8 31 f7 81 e7 0f 00 f0 ff 31 f8 31 fe c1 c0 0e 89 c7 31 f0 25 33 33 33 33 31 c7 31 c6 c1 c6 16 89 f0 31 fe 81 e6 fc 03 fc 03 31 f0 31 Data Ascii: t$1SU\$~1%111111%3333111111%11]TL$;QT$1111%111333311111111r][_^
Jul 30, 2018 13:23:38.678925037 CEST	28	IN	Data Raw: c1 e1 08 8a 6e 01 8a 0e 31 c8 31 d3 89 44 24 0c 89 5c 24 10 e8 77 fb ff ff 8b 44 24 0c 8b 5c 24 10 89 07 89 5f 04 e9 b9 00 00 00 83 e5 f8 8b 44 24 14 8b 5c 24 18 0f 84 47 00 00 00 8b 06 8b 5e 04 89 44 24 0c 89 5c 24 10 e8 42 fb ff ff 8b 44 24 0c Data Ascii: n11D$\$wD$\$_D$\$G^D$\$BD$\$L$T$11^WD$\$l$8T^D$\$D$\$L$T$11^WwWOnL$@Y_^[
Jul 30, 2018 13:23:38.700069904 CEST	29	IN	Data Raw: 10 00 00 80 00 00 10 00 10 40 10 00 00 00 00 80 00 40 10 00 10 00 00 80 10 40 00 00 10 40 10 00 00 00 00 00 10 00 10 80 00 40 10 00 10 40 00 80 00 00 10 80 10 00 00 00 00 40 00 00 00 00 10 00 10 00 10 80 00 40 10 80 10 00 00 80 10 40 10 00 00 40 Data Ascii: @@@@@@@@@@@@@@@@@@@@@@@@@@@@

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: msiexec.exe PID: 632 Parent PID: 1624

General

Start time:	13:21:49
Start date:	30/07/2018
Path:	C:\Windows\SysWOW64\msiexec.exe
Wow64 process (32bit):	true
Commandline:	'C:\Windows\System32\msiexec.exe' /i 'C:\Users\user\Desktop\pdfescape-desktop-asian-and-extended.msi'
Imagebase:	0xc70000
File size:	73216 bytes
MD5 hash:	EEE470F2A771FC0B543BDEEF74FCECA0
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: msiexec.exe PID: 2852 Parent PID: 432

General

Start time:	13:21:50
Start date:	30/07/2018
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\msiexec.exe /V
Imagebase:	0xff5d0000
File size:	128000 bytes
MD5 hash:	A190DA6546501CB4146BBCC0B6A3F48B
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: VSSVC.exe PID: 2152 Parent PID: 432

General

Start time:	13:21:55
Start date:	30/07/2018
Path:	C:\Windows\System32\VSSVC.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\vssvc.exe
Imagebase:	0xff8b0000
File size:	1600512 bytes
MD5 hash:	B60BA0BC31B0CB414593E169F6F21CC2
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: svchost.exe PID: 2524 Parent PID: 432

General

Start time:	13:21:55
Start date:	30/07/2018
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k swprv
Imagebase:	0xff490000
File size:	27136 bytes
MD5 hash:	C78655BC80301D76ED4FEF1C1EA40A7D
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: mscorsvw.exe PID: 1268 Parent PID: 432

General

Start time:	13:21:58
Start date:	30/07/2018
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Imagebase:	0x1220000
File size:	107192 bytes
MD5 hash:	BD2AE15EFB47E5215B4D0C59EA00C91A
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: mscorsvw.exe PID: 1804 Parent PID: 432

General

Start time:	13:22:01
Start date:	30/07/2018
Path:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
Imagebase:	0x13ff40000
File size:	128696 bytes
MD5 hash:	30EAABE7A3B1081B6F5DDE4A1C0305D2
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: msiexec.exe PID: 1180 Parent PID: 2852

General

Start time:	13:23:24
Start date:	30/07/2018
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\MsiExec.exe -Embedding D0DE56A5A4E90E630E24D08AB2B60C38
Imagebase:	0xff5d0000
File size:	128000 bytes
MD5 hash:	A190DA6546501CB4146BBCC0B6A3F48B
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: xbox-service.exe PID: 2772 Parent PID: 1180

General

Start time:	13:23:26
Start date:	30/07/2018
Path:	C:\Windows\System32\xbox-service.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\xbox-service.exe -service
Imagebase:	0x13f1b0000
File size:	990720 bytes
MD5 hash:	3E1B6D4FDD4DD9E328D4D65C0C436008
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira, Browse
Reputation:	low

Chronological Activities

Analysis Process: xbox-service.exe PID: 2572 Parent PID: 432

General

Start time:	13:23:32
Start date:	30/07/2018
Path:	C:\Windows\System32\xbox-service.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\xbox-service.exe
Imagebase:	0x13fbc0000
File size:	990720 bytes
MD5 hash:	3E1B6D4FDD4DD9E328D4D65C0C436008
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: rundll32.exe PID: 1928 Parent PID: 2572

General

Start time:	13:23:35
Start date:	30/07/2018
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32 C:\Windows\pagefile.sys,dll
Imagebase:	0xff800000
File size:	45568 bytes
MD5 hash:	DD81D91FF3B0763C392422865C9AC12E
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: rundll32.exe PID: 876 Parent PID: 2572

General

Start time:	13:23:39
Start date:	30/07/2018
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32 C:\Windows\pagefile.sys,dll
Imagebase:	0xffa30000
File size:	45568 bytes
MD5 hash:	DD81D91FF3B0763C392422865C9AC12E
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: msiexec.exe PID: 1180 Parent PID: 2852

Execution Graph

Execution Coverage:	13.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	6.9%
Total number of Nodes:	1720
Total number of Limit Nodes:	55

Executed Functions

Function 000007FEF3942F30, Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 192
network

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000007FEF39423E0: GetTempPathA.KERNEL32 ref: 000007FEF394243C
Part of subcall function 000007FEF39423E0: GetTempFileNameA.KERNEL32 ref: 000007FEF3942462

DeleteUrlCacheEntry.WININET ref: 000007FEF3942FF5
URLDownloadToFileA.URLMON ref: 000007FEF3943021
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39430C0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39430CF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39430DE
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39430EE
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3943137
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3943146
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3943155
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3943161
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF394319D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39431AC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39431BB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39431C7

Part of subcall function 000007FEF39486F0: IsProcessorFeaturePresent.KERNEL32 ref: 000007FEF39493A6

Strings

http://downloads.docudesk.com/module/glamour, xrefs: 000007FEF3942F91
http://download8.sodapdf.com/module/glamour, xrefs: 000007FEF3942FBE
http://download-desktop.pdfescape.com/module/glamour, xrefs: 000007FEF3942FAF
http://desktop.sodapdf.com/module/glamour, xrefs: 000007FEF3942FCD
http://download2018.pdf-suite.com/module/glamour, xrefs: 000007FEF3942FA0

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3943870, Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 142
sleep

Control-flow Graph

Executed
Not Executed

APIs

GetWindowsDirectoryA.KERNEL32 ref: 000007FEF39438F0
FindResourceA.KERNEL32 ref: 000007FEF3943952
LoadResource.KERNEL32 ref: 000007FEF394396E
LockResource.KERNEL32 ref: 000007FEF3943980
SizeofResource.KERNEL32 ref: 000007FEF3943993

Part of subcall function 000007FEF3942530: CreateProcessA.KERNEL32 ref: 000007FEF39425A4
Part of subcall function 000007FEF3942530: CloseHandle.KERNEL32 ref: 000007FEF39425B3
Part of subcall function 000007FEF3942530: CloseHandle.KERNEL32 ref: 000007FEF39425BE

Sleep.KERNELBASE ref: 000007FEF3943A1D

Part of subcall function 000007FEF3943560: OpenSCManagerA.SECHOST ref: 000007FEF3943570
Part of subcall function 000007FEF3943560: OpenServiceA.SECHOST ref: 000007FEF3943597
Part of subcall function 000007FEF3943560: ChangeServiceConfigA.ADVAPI32 ref: 000007FEF39435D8
Part of subcall function 000007FEF3943560: StartServiceA.ADVAPI32 ref: 000007FEF39435E6
Part of subcall function 000007FEF3943560: CloseServiceHandle.ADVAPI32 ref: 000007FEF39435EF
Part of subcall function 000007FEF3943560: CloseServiceHandle.ADVAPI32 ref: 000007FEF39435F8

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3943A69
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3943A78
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3943A87
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3943A93

Part of subcall function 000007FEF39486F0: IsProcessorFeaturePresent.KERNEL32 ref: 000007FEF39493A6

Strings

-service, xrefs: 000007FEF39439FB
C:\Windows\system32, xrefs: 000007FEF39438BF
\system32\xbox-service.exe, xrefs: 000007FEF3943932

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3943560, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 42

Control-flow Graph

Executed
Not Executed

APIs

OpenSCManagerA.SECHOST ref: 000007FEF3943570
OpenServiceA.SECHOST ref: 000007FEF3943597
ChangeServiceConfigA.ADVAPI32 ref: 000007FEF39435D8
StartServiceA.ADVAPI32 ref: 000007FEF39435E6
CloseServiceHandle.ADVAPI32 ref: 000007FEF39435EF
CloseServiceHandle.ADVAPI32 ref: 000007FEF39435F8

Strings

Windows Driver Service, xrefs: 000007FEF394358D

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF394E7A8, Relevance: 6.2, APIs: 4, Instructions: 191
LIBRARYCODE

Control-flow Graph

Executed
Not Executed

APIs

_Wcsftime.LIBCMT ref: 000007FEF394E7F8

Part of subcall function 000007FEF394E3EC: _mbstowcs_s_l.LIBCMT ref: 000007FEF394E400

_Wcsftime.LIBCMT ref: 000007FEF394E831

Part of subcall function 000007FEF3956DD0: _invalid_parameter_noinfo.LIBCMT ref: 000007FEF3956DFB

Part of subcall function 000007FEF394D230: GetCurrentProcess.KERNEL32(000007FEF3951F45), ref: 000007FEF394D25D

Part of subcall function 000007FEF3955088: GetLastError.KERNEL32(?,?,?,000007FEF394DC48,?,?,00000000,000007FEF394E32C), ref: 000007FEF3955092
Part of subcall function 000007FEF3955088: SetLastError.KERNEL32(?,?,?,000007FEF394DC48,?,?,00000000,000007FEF394E32C), ref: 000007FEF39550FA
Part of subcall function 000007FEF3955088: SetLastError.KERNEL32(?,?,?,000007FEF394DC48,?,?,00000000,000007FEF394E32C), ref: 000007FEF3955110

_wcstombs_s_l.LIBCMT ref: 000007FEF394E906

Part of subcall function 000007FEF394DFD4: _invalid_parameter_noinfo.LIBCMT ref: 000007FEF394E05F

Part of subcall function 000007FEF394F3D8: HeapAlloc.KERNEL32 ref: 000007FEF394F416

_wcstombs_s_l.LIBCMT ref: 000007FEF394E958

Part of subcall function 000007FEF3951A40: HeapFree.KERNEL32 ref: 000007FEF3951A56
Part of subcall function 000007FEF3951A40: GetLastError.KERNEL32 ref: 000007FEF3951A68

Part of subcall function 000007FEF394EB34: HeapAlloc.KERNEL32 ref: 000007FEF394EB89

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3941F30, Relevance: 1.5, APIs: 1, Instructions: 26

APIs

FindFirstFileExW.KERNEL32 ref: 000007FEF3941F61

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF39425E0, Relevance: 51.0, APIs: 22, Strings: 7, Instructions: 254

Control-flow Graph

Executed
Not Executed

APIs

SHGetFolderPathA.SHELL32 ref: 000007FEF39426C4
PathAppendA.SHLWAPI ref: 000007FEF39426F8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF394271C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF394272B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF394273A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3942746
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39427C1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39427D0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39427DF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39427EF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF394285E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF394286D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF394287C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3942888
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39428C6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39428D5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39428E4
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39428F0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3942931
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3942940
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF394294F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF394295B

Part of subcall function 000007FEF39486F0: IsProcessorFeaturePresent.KERNEL32 ref: 000007FEF39493A6

Strings

\Installation\, xrefs: 000007FEF39426D2
Soda PDF Desktop, xrefs: 000007FEF394269E
C:\ProgramData\, xrefs: 000007FEF394280E
Soda PDF 8, xrefs: 000007FEF394268F
PDFescape Desktop, xrefs: 000007FEF3942680
deskpdf studio xe, xrefs: 000007FEF3942662
PDF Suite 2018, xrefs: 000007FEF3942671

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3943200, Relevance: 38.7, APIs: 17, Strings: 5, Instructions: 184

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000007FEF3942F30: DeleteUrlCacheEntry.WININET ref: 000007FEF3942FF5
Part of subcall function 000007FEF3942F30: URLDownloadToFileA.URLMON ref: 000007FEF3943021
Part of subcall function 000007FEF3942F30: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39430C0
Part of subcall function 000007FEF3942F30: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39430CF
Part of subcall function 000007FEF3942F30: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39430DE
Part of subcall function 000007FEF3942F30: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39430EE
Part of subcall function 000007FEF3942F30: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3943137
Part of subcall function 000007FEF3942F30: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3943146
Part of subcall function 000007FEF3942F30: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3943155
Part of subcall function 000007FEF3942F30: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3943161
Part of subcall function 000007FEF3942F30: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF394319D
Part of subcall function 000007FEF3942F30: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39431AC
Part of subcall function 000007FEF3942F30: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39431BB
Part of subcall function 000007FEF3942F30: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39431C7

MoveFileExA.KERNEL32 ref: 000007FEF3943300
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3943324
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3943333
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3943342
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF394334E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF394338E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF394339D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39433AC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39433B8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39433E5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39433F4
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3943403
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF394340F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF394344F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF394345E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF394346D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3943479

Part of subcall function 000007FEF39486F0: IsProcessorFeaturePresent.KERNEL32 ref: 000007FEF39493A6

Part of subcall function 000007FEF39425E0: SHGetFolderPathA.SHELL32 ref: 000007FEF39426C4
Part of subcall function 000007FEF39425E0: PathAppendA.SHLWAPI ref: 000007FEF39426F8
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF394271C
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF394272B
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF394273A
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3942746
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39427C1
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39427D0
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39427DF
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39427EF
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF394285E
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF394286D
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF394287C
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3942888
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39428C6
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39428D5
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39428E4
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39428F0
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3942931
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3942940
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF394294F
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF394295B

Strings

PDF_Suite_2018_Installer.exe, xrefs: 000007FEF394327B
Soda_PDF_8_Installer.exe, xrefs: 000007FEF3943299
Soda_PDF_Desktop_Installer.exe, xrefs: 000007FEF39432A8
deskpdf-studio-xe-installer.exe, xrefs: 000007FEF394326C
PDFescapeDesktopInstaller.exe, xrefs: 000007FEF394328A

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3942C70, Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 168

Control-flow Graph

Executed
Not Executed

APIs

GetWindowsDirectoryA.KERNEL32 ref: 000007FEF3942CC5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3942E3F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3942E4E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3942E5D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3942E69
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3942ECB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3942EDA
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3942EE9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3942EF5

Part of subcall function 000007FEF39486F0: IsProcessorFeaturePresent.KERNEL32 ref: 000007FEF39493A6

Strings

\System32\drivers\etc\hosts, xrefs: 000007FEF3942D27
127.0.0.1 update10.lulusoft.com127.0.0.1 stats.lulusoft.com127.0.0.1 update.eset.com127.0.0.1 definitionupdates.microsoft.com, xrefs: 000007FEF3942DA9
127.0.0.1 stats.interactivebrands.com127.0.0.1 update.eset.com127.0.0.1 definitionupdates.microsoft.com, xrefs: 000007FEF3942D8B
127.0.0.1 update10.pdfescape.com127.0.0.1 stats.pdfescape.com127.0.0.1 update.eset.com127.0.0.1 definitionupdates.microsoft.com, xrefs: 000007FEF3942D9A
127.0.0.1 update1.lulusoft.com127.0.0.1 stats.lulusoft.com127.0.0.1 update.eset.com127.0.0.1 definitionupdates.microsoft.com, xrefs: 000007FEF3942DB8
127.0.0.1 stats.docudesk.com127.0.0.1 update.eset.com127.0.0.1 definitionupdates.microsoft.com, xrefs: 000007FEF3942D7C

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF39429A0, Relevance: 19.7, APIs: 13, Instructions: 202

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000007FEF39425E0: SHGetFolderPathA.SHELL32 ref: 000007FEF39426C4
Part of subcall function 000007FEF39425E0: PathAppendA.SHLWAPI ref: 000007FEF39426F8
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF394271C
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF394272B
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF394273A
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3942746
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39427C1
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39427D0
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39427DF
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39427EF
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF394285E
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF394286D
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF394287C
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3942888
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39428C6
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39428D5
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39428E4
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39428F0
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3942931
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3942940
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF394294F
Part of subcall function 000007FEF39425E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF394295B

Part of subcall function 000007FEF3942040: _Wcsftime.LIBCMT ref: 000007FEF394209E

MoveFileExA.KERNEL32 ref: 000007FEF3942B05
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3942BB1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3942BB7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3942BBD
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3942BC3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3942BC9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3942BCF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3942BD5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3942BDB

Part of subcall function 000007FEF3942230: FindClose.KERNEL32 ref: 000007FEF3942264

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3942C08
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3942C17
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3942C26
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3942C32

Part of subcall function 000007FEF39486F0: IsProcessorFeaturePresent.KERNEL32 ref: 000007FEF39493A6

Part of subcall function 000007FEF3942100: _Wcsftime.LIBCMT ref: 000007FEF394214E
Part of subcall function 000007FEF3942100: _Wcsftime.LIBCMT ref: 000007FEF394217D

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF395ED1C, Relevance: 13.8, APIs: 9, Instructions: 272
LIBRARYCODE

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000007FEF395E988: _invalid_parameter_noinfo.LIBCMT ref: 000007FEF395E9C9
Part of subcall function 000007FEF395E988: _invalid_parameter_noinfo.LIBCMT ref: 000007FEF395EA46
Part of subcall function 000007FEF395E988: _invalid_parameter_noinfo.LIBCMT ref: 000007FEF395EA97

Part of subcall function 000007FEF395A938: EnterCriticalSection.KERNEL32(?,?,?,?,?,000007FEF395EDAC), ref: 000007FEF395A9E5
Part of subcall function 000007FEF395A938: LeaveCriticalSection.KERNEL32(?,?,?,?,?,000007FEF395EDAC), ref: 000007FEF395A9F4

CreateFileW.KERNEL32 ref: 000007FEF395EE1D
CreateFileW.KERNEL32 ref: 000007FEF395EE79
GetLastError.KERNEL32 ref: 000007FEF395EEAD
GetFileType.KERNEL32 ref: 000007FEF395EEC2
GetLastError.KERNEL32 ref: 000007FEF395EECC
CloseHandle.KERNEL32 ref: 000007FEF395EEFF

Part of subcall function 000007FEF395A854: SetStdHandle.KERNEL32 ref: 000007FEF395A8CF

CloseHandle.KERNEL32 ref: 000007FEF395F058
CreateFileW.KERNEL32 ref: 000007FEF395F090
GetLastError.KERNEL32 ref: 000007FEF395F09F

Part of subcall function 000007FEF395AA68: SetStdHandle.KERNEL32(?,?,?,000007FEF3954910,?,?,?,000007FEF39547C7,?,?,00000000,000007FEF395486F), ref: 000007FEF395AAE2

Part of subcall function 000007FEF3954894: CloseHandle.KERNEL32 ref: 000007FEF39548F7
Part of subcall function 000007FEF3954894: GetLastError.KERNEL32(?,?,?,000007FEF39547C7,?,?,00000000,000007FEF395486F,?,?,?,?,?,?,000007FEF394CDEE), ref: 000007FEF3954901

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF39447C0, Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 226

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000007FEF394D7F8: _invalid_parameter_noinfo.LIBCMT ref: 000007FEF394D82D

Part of subcall function 000007FEF39463D0: new.LIBCMT ref: 000007FEF3946465
Part of subcall function 000007FEF39463D0: new.LIBCMT ref: 000007FEF3946478
Part of subcall function 000007FEF39463D0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39464D7
Part of subcall function 000007FEF39463D0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39464E6
Part of subcall function 000007FEF39463D0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39464F5
Part of subcall function 000007FEF39463D0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3946501

Part of subcall function 000007FEF3947478: std::invalid_argument::invalid_argument.LIBCONCRT ref: 000007FEF3947484

Part of subcall function 000007FEF394CA84: _invalid_parameter_noinfo.LIBCMT ref: 000007FEF394CAB4
Part of subcall function 000007FEF394CA84: _invalid_parameter_noinfo.LIBCMT ref: 000007FEF394CB50

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3944AAD
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3944ABC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3944ACB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3944AD7

Part of subcall function 000007FEF39486F0: IsProcessorFeaturePresent.KERNEL32 ref: 000007FEF39493A6

Strings

string too long, xrefs: 000007FEF3944A52, 000007FEF3944A5F

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3954498, Relevance: 7.7, APIs: 5, Instructions: 203
fileLIBRARYCODE

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000007FEF39544DD

Part of subcall function 000007FEF395A630: _invalid_parameter_noinfo.LIBCMT ref: 000007FEF395A683

GetLastError.KERNEL32 ref: 000007FEF39546D2

Part of subcall function 000007FEF3955088: GetLastError.KERNEL32(?,?,?,000007FEF394DC48,?,?,00000000,000007FEF394E32C), ref: 000007FEF3955092
Part of subcall function 000007FEF3955088: SetLastError.KERNEL32(?,?,?,000007FEF394DC48,?,?,00000000,000007FEF394E32C), ref: 000007FEF39550FA
Part of subcall function 000007FEF3955088: SetLastError.KERNEL32(?,?,?,000007FEF394DC48,?,?,00000000,000007FEF394E32C), ref: 000007FEF3955110

GetConsoleMode.KERNEL32 ref: 000007FEF39545A0
GetLastError.KERNEL32 ref: 000007FEF395461B

Part of subcall function 000007FEF3953E0C: GetConsoleCP.KERNEL32 ref: 000007FEF3953E69
Part of subcall function 000007FEF3953E0C: WideCharToMultiByte.KERNEL32 ref: 000007FEF3953F45
Part of subcall function 000007FEF3953E0C: WriteFile.KERNEL32 ref: 000007FEF3953F6B
Part of subcall function 000007FEF3953E0C: WriteFile.KERNEL32 ref: 000007FEF3953FAA
Part of subcall function 000007FEF3953E0C: GetLastError.KERNEL32 ref: 000007FEF3953FE2

Part of subcall function 000007FEF395AB9C: WriteConsoleW.KERNEL32 ref: 000007FEF395ABE1

Part of subcall function 000007FEF3954238: WideCharToMultiByte.KERNEL32 ref: 000007FEF395431E
Part of subcall function 000007FEF3954238: WriteFile.KERNEL32 ref: 000007FEF3954351
Part of subcall function 000007FEF3954238: GetLastError.KERNEL32 ref: 000007FEF3954373

Part of subcall function 000007FEF395411C: WriteFile.KERNEL32 ref: 000007FEF39541E9
Part of subcall function 000007FEF395411C: GetLastError.KERNEL32 ref: 000007FEF3954205

Part of subcall function 000007FEF3954014: WriteFile.KERNEL32 ref: 000007FEF39540CA
Part of subcall function 000007FEF3954014: GetLastError.KERNEL32 ref: 000007FEF39540E6

WriteFile.KERNEL32 ref: 000007FEF39546C8

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3955320, Relevance: 7.6, APIs: 5, Instructions: 114
libraryLIBRARYCODE

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE ref: 000007FEF39553BC
GetLastError.KERNEL32 ref: 000007FEF39553CA
LoadLibraryExW.KERNEL32 ref: 000007FEF39553DD
FreeLibrary.KERNEL32 ref: 000007FEF3955416
GetProcAddress.KERNEL32 ref: 000007FEF3955442

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3942300, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55
registry

Control-flow Graph

Executed
Not Executed

APIs

RegCreateKeyExA.ADVAPI32 ref: 000007FEF394234E
RegSetValueExA.ADVAPI32 ref: 000007FEF394239A
RegCloseKey.ADVAPI32 ref: 000007FEF39423AA

Strings

DOWNLOAD_LINK, xrefs: 000007FEF394237E

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3942530, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41
process

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNEL32 ref: 000007FEF39425A4
CloseHandle.KERNEL32 ref: 000007FEF39425B3
CloseHandle.KERNEL32 ref: 000007FEF39425BE

Part of subcall function 000007FEF3943D80: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3943DE9
Part of subcall function 000007FEF3943D80: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3943DEF
Part of subcall function 000007FEF3943D80: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3943DF5
Part of subcall function 000007FEF3943D80: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3943DFB

Strings

h, xrefs: 000007FEF394254E

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF39423E0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59

Control-flow Graph

Executed
Not Executed

APIs

GetTempPathA.KERNEL32 ref: 000007FEF394243C
GetTempFileNameA.KERNEL32 ref: 000007FEF3942462

Part of subcall function 000007FEF39486F0: IsProcessorFeaturePresent.KERNEL32 ref: 000007FEF39493A6

Strings

tmp, xrefs: 000007FEF3942453

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF394C284, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32

APIs

try_get_function.LIBVCRUNTIME ref: 000007FEF394C2BA

Part of subcall function 000007FEF394BF58: LoadLibraryExW.KERNELBASE(?,?,?,000007FEF394C2BF,?,?,?,000007FEF394873F), ref: 000007FEF394C004
Part of subcall function 000007FEF394BF58: GetLastError.KERNEL32(?,?,?,000007FEF394C2BF,?,?,?,000007FEF394873F), ref: 000007FEF394C017
Part of subcall function 000007FEF394BF58: LoadLibraryExW.KERNEL32(?,?,?,000007FEF394C2BF,?,?,?,000007FEF394873F), ref: 000007FEF394C02A
Part of subcall function 000007FEF394BF58: FreeLibrary.KERNEL32(?,?,?,000007FEF394C2BF,?,?,?,000007FEF394873F), ref: 000007FEF394C067
Part of subcall function 000007FEF394BF58: GetProcAddress.KERNEL32(?,?,?,000007FEF394C2BF,?,?,?,000007FEF394873F), ref: 000007FEF394C09B

InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,?,000007FEF394873F), ref: 000007FEF394C2E0

Strings

InitializeCriticalSectionEx, xrefs: 000007FEF394C2AE

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3955830, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32LIBRARYCODE

APIs

Part of subcall function 000007FEF3955320: LoadLibraryExW.KERNELBASE ref: 000007FEF39553BC
Part of subcall function 000007FEF3955320: GetLastError.KERNEL32 ref: 000007FEF39553CA
Part of subcall function 000007FEF3955320: LoadLibraryExW.KERNEL32 ref: 000007FEF39553DD
Part of subcall function 000007FEF3955320: FreeLibrary.KERNEL32 ref: 000007FEF3955416
Part of subcall function 000007FEF3955320: GetProcAddress.KERNEL32 ref: 000007FEF3955442

InitializeCriticalSectionEx.KERNELBASE(?,?,-00000018,000007FEF3954AA6,?,?,?,000007FEF3954972,?,?,?,000007FEF394EACA), ref: 000007FEF3955884
InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,-00000018,000007FEF3954AA6,?,?,?,000007FEF3954972,?,?,?,000007FEF394EACA), ref: 000007FEF395588D

Strings

InitializeCriticalSectionEx, xrefs: 000007FEF395585A

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF394C120, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22

APIs

try_get_function.LIBVCRUNTIME ref: 000007FEF394C147

Part of subcall function 000007FEF394BF58: LoadLibraryExW.KERNELBASE(?,?,?,000007FEF394C2BF,?,?,?,000007FEF394873F), ref: 000007FEF394C004
Part of subcall function 000007FEF394BF58: GetLastError.KERNEL32(?,?,?,000007FEF394C2BF,?,?,?,000007FEF394873F), ref: 000007FEF394C017
Part of subcall function 000007FEF394BF58: LoadLibraryExW.KERNEL32(?,?,?,000007FEF394C2BF,?,?,?,000007FEF394873F), ref: 000007FEF394C02A
Part of subcall function 000007FEF394BF58: FreeLibrary.KERNEL32(?,?,?,000007FEF394C2BF,?,?,?,000007FEF394873F), ref: 000007FEF394C067
Part of subcall function 000007FEF394BF58: GetProcAddress.KERNEL32(?,?,?,000007FEF394C2BF,?,?,?,000007FEF394873F), ref: 000007FEF394C09B

TlsAlloc.KERNEL32(?,?,?,000007FEF394C7DC,?,?,?,?,000007FEF394C5A4,?,?,?,?,000007FEF3948BF3), ref: 000007FEF394C163

Strings

FlsAlloc, xrefs: 000007FEF394C140

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3958164, Relevance: 4.7, APIs: 3, Instructions: 238LIBRARYCODE

APIs

MultiByteToWideChar.KERNEL32 ref: 000007FEF39581EB
MultiByteToWideChar.KERNEL32 ref: 000007FEF39582B0

Part of subcall function 000007FEF395599C: LCMapStringW.KERNEL32 ref: 000007FEF3955A6A

Part of subcall function 000007FEF394F3D8: HeapAlloc.KERNEL32 ref: 000007FEF394F416

WideCharToMultiByte.KERNEL32 ref: 000007FEF3958440

Part of subcall function 000007FEF3951A40: HeapFree.KERNEL32 ref: 000007FEF3951A56
Part of subcall function 000007FEF3951A40: GetLastError.KERNEL32 ref: 000007FEF3951A68

Part of subcall function 000007FEF39486F0: IsProcessorFeaturePresent.KERNEL32 ref: 000007FEF39493A6

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3949064, Relevance: 4.6, APIs: 3, Instructions: 82

APIs

dllmain_raw.LIBCMT ref: 000007FEF39490A1
dllmain_raw.LIBCMT ref: 000007FEF3949109

Part of subcall function 000007FEF3948E64: __scrt_acquire_startup_lock.LIBCMT ref: 000007FEF3948EE1
Part of subcall function 000007FEF3948E64: __scrt_acquire_startup_lock.LIBCMT ref: 000007FEF394900A

dllmain_raw.LIBCMT ref: 000007FEF3949136

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3959C84, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 126

APIs

GetCPInfo.KERNEL32 ref: 000007FEF3959CBA

Part of subcall function 000007FEF3957FB0: MultiByteToWideChar.KERNEL32 ref: 000007FEF3958023
Part of subcall function 000007FEF3957FB0: MultiByteToWideChar.KERNEL32 ref: 000007FEF39580EC
Part of subcall function 000007FEF3957FB0: GetStringTypeW.KERNEL32 ref: 000007FEF3958106

Part of subcall function 000007FEF39486F0: IsProcessorFeaturePresent.KERNEL32 ref: 000007FEF39493A6

Strings

, xrefs: 000007FEF3959CFF

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF395599C, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56LIBRARYCODE

APIs

Part of subcall function 000007FEF3955320: LoadLibraryExW.KERNELBASE ref: 000007FEF39553BC
Part of subcall function 000007FEF3955320: GetLastError.KERNEL32 ref: 000007FEF39553CA
Part of subcall function 000007FEF3955320: LoadLibraryExW.KERNEL32 ref: 000007FEF39553DD
Part of subcall function 000007FEF3955320: FreeLibrary.KERNEL32 ref: 000007FEF3955416
Part of subcall function 000007FEF3955320: GetProcAddress.KERNEL32 ref: 000007FEF3955442

LCMapStringW.KERNEL32 ref: 000007FEF3955A6A

Strings

LCMapStringEx, xrefs: 000007FEF39559CE

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3941170, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 51

APIs

__std_exception_copy.LIBVCRUNTIME ref: 000007FEF39411FC

Part of subcall function 000007FEF394BBF8: RtlPcToFileHeader.KERNEL32 ref: 000007FEF394BC75
Part of subcall function 000007FEF394BBF8: RaiseException.KERNEL32 ref: 000007FEF394BCB4

Strings

bad locale name, xrefs: 000007FEF39411E1

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF39555B4, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22

APIs

Part of subcall function 000007FEF3955320: LoadLibraryExW.KERNELBASE ref: 000007FEF39553BC
Part of subcall function 000007FEF3955320: GetLastError.KERNEL32 ref: 000007FEF39553CA
Part of subcall function 000007FEF3955320: LoadLibraryExW.KERNEL32 ref: 000007FEF39553DD
Part of subcall function 000007FEF3955320: FreeLibrary.KERNEL32 ref: 000007FEF3955416
Part of subcall function 000007FEF3955320: GetProcAddress.KERNEL32 ref: 000007FEF3955442

TlsAlloc.KERNEL32(?,?,?,000007FEF39551CC), ref: 000007FEF39555F8

Strings

FlsAlloc, xrefs: 000007FEF39555D4

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF395A108, Relevance: 3.2, APIs: 2, Instructions: 186

APIs

Part of subcall function 000007FEF3959B74: GetOEMCP.KERNEL32(?,?,?,?,?,?,FFFFFFFD,000007FEF3959E91,?,?,?,?,?,?,?,000007FEF395A039), ref: 000007FEF3959B9E
Part of subcall function 000007FEF3959B74: GetACP.KERNEL32(?,?,?,?,?,?,FFFFFFFD,000007FEF3959E91,?,?,?,?,?,?,?,000007FEF395A039), ref: 000007FEF3959BB5

IsValidCodePage.KERNEL32(?,?,?,00000000,?,00000000,00000001,000007FEF3959F44,?,?,?,?,?,?,?,000007FEF395A039), ref: 000007FEF395A182
GetCPInfo.KERNEL32(?,?,?,00000000,?,00000000,00000001,000007FEF3959F44,?,?,?,?,?,?,?,000007FEF395A039), ref: 000007FEF395A197

Part of subcall function 000007FEF3959C84: GetCPInfo.KERNEL32 ref: 000007FEF3959CBA

Part of subcall function 000007FEF39486F0: IsProcessorFeaturePresent.KERNEL32 ref: 000007FEF39493A6

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3948E64, Relevance: 3.1, APIs: 2, Instructions: 133

APIs

__scrt_acquire_startup_lock.LIBCMT ref: 000007FEF3948EE1
__scrt_acquire_startup_lock.LIBCMT ref: 000007FEF394900A

Part of subcall function 000007FEF3949608: IsProcessorFeaturePresent.KERNEL32 ref: 000007FEF3949624
Part of subcall function 000007FEF3949608: RtlCaptureContext.KERNEL32 ref: 000007FEF394964D
Part of subcall function 000007FEF3949608: RtlLookupFunctionEntry.KERNEL32 ref: 000007FEF3949667
Part of subcall function 000007FEF3949608: RtlVirtualUnwind.KERNEL32 ref: 000007FEF39496A8
Part of subcall function 000007FEF3949608: IsDebuggerPresent.KERNEL32 ref: 000007FEF39496FC
Part of subcall function 000007FEF3949608: SetUnhandledExceptionFilter.KERNEL32 ref: 000007FEF394971D
Part of subcall function 000007FEF3949608: UnhandledExceptionFilter.KERNEL32 ref: 000007FEF3949728

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF394CA84, Relevance: 3.1, APIs: 2, Instructions: 82

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000007FEF394CAB4

Part of subcall function 000007FEF3953874: _invalid_parameter_noinfo.LIBCMT ref: 000007FEF3953888

_invalid_parameter_noinfo.LIBCMT ref: 000007FEF394CB50

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3941DA0, Relevance: 3.1, APIs: 2, Instructions: 75

APIs

GetFullPathNameW.KERNEL32 ref: 000007FEF3941E06
GetFullPathNameW.KERNEL32 ref: 000007FEF3941E32

Part of subcall function 000007FEF3941F30: FindFirstFileExW.KERNEL32 ref: 000007FEF3941F61

Part of subcall function 000007FEF3941EC0: FindClose.KERNEL32 ref: 000007FEF3941EDB

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3954014, Relevance: 3.1, APIs: 2, Instructions: 74fileLIBRARYCODE

APIs

WriteFile.KERNEL32 ref: 000007FEF39540CA
GetLastError.KERNEL32 ref: 000007FEF39540E6

Part of subcall function 000007FEF39486F0: IsProcessorFeaturePresent.KERNEL32 ref: 000007FEF39493A6

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF395774C, Relevance: 3.0, APIs: 2, Instructions: 42

APIs

Part of subcall function 000007FEF395AB24: _invalid_parameter_noinfo.LIBCMT ref: 000007FEF395AB8B

SetFilePointerEx.KERNEL32 ref: 000007FEF3957790
GetLastError.KERNEL32 ref: 000007FEF395779A

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF39521E8, Relevance: 1.6, APIs: 1, Instructions: 96

APIs

GetModuleHandleW.KERNEL32 ref: 000007FEF3952210

Part of subcall function 000007FEF39523A0: GetModuleHandleExW.KERNEL32 ref: 000007FEF39523C0
Part of subcall function 000007FEF39523A0: GetProcAddress.KERNEL32 ref: 000007FEF39523D6
Part of subcall function 000007FEF39523A0: FreeLibrary.KERNEL32 ref: 000007FEF39523FB

Part of subcall function 000007FEF3952354: GetCurrentProcess.KERNEL32(?,?,?,000007FEF3952338), ref: 000007FEF395237C
Part of subcall function 000007FEF3952354: TerminateProcess.KERNEL32(?,?,?,000007FEF3952338), ref: 000007FEF3952387
Part of subcall function 000007FEF3952354: ExitProcess.KERNEL32 ref: 000007FEF3952396

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF39543AC, Relevance: 1.6, APIs: 1, Instructions: 68LIBRARYCODE

APIs

Part of subcall function 000007FEF3954498: _invalid_parameter_noinfo.LIBCMT ref: 000007FEF39544DD
Part of subcall function 000007FEF3954498: GetConsoleMode.KERNEL32 ref: 000007FEF39545A0
Part of subcall function 000007FEF3954498: GetLastError.KERNEL32 ref: 000007FEF395461B
Part of subcall function 000007FEF3954498: WriteFile.KERNEL32 ref: 000007FEF39546C8
Part of subcall function 000007FEF3954498: GetLastError.KERNEL32 ref: 000007FEF39546D2

_invalid_parameter_noinfo.LIBCMT ref: 000007FEF3954478

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF395765C, Relevance: 1.6, APIs: 1, Instructions: 68

APIs

Part of subcall function 000007FEF395774C: SetFilePointerEx.KERNEL32 ref: 000007FEF3957790
Part of subcall function 000007FEF395774C: GetLastError.KERNEL32 ref: 000007FEF395779A

_invalid_parameter_noinfo.LIBCMT ref: 000007FEF395772B

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF39462E0, Relevance: 1.6, APIs: 1, Instructions: 66

APIs

new.LIBCMT ref: 000007FEF3946339

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF395E614, Relevance: 1.6, APIs: 1, Instructions: 64LIBRARYCODE

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000007FEF395E644

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF394EB2C, Relevance: 1.6, APIs: 1, Instructions: 60LIBRARYCODE

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000007FEF394EA8B

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF395A778, Relevance: 1.6, APIs: 1, Instructions: 51

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000007FEF395A7AC

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF39413D0, Relevance: 1.5, APIs: 1, Instructions: 47

APIs

new.LIBCMT ref: 000007FEF394140D

Part of subcall function 000007FEF3941170: __std_exception_copy.LIBVCRUNTIME ref: 000007FEF39411FC

Part of subcall function 000007FEF3941240: std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 000007FEF3941257

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3942040, Relevance: 1.5, APIs: 1, Instructions: 47

APIs

_Wcsftime.LIBCMT ref: 000007FEF394209E

Part of subcall function 000007FEF394E3EC: _mbstowcs_s_l.LIBCMT ref: 000007FEF394E400

Part of subcall function 000007FEF3941DA0: GetFullPathNameW.KERNEL32 ref: 000007FEF3941E06
Part of subcall function 000007FEF3941DA0: GetFullPathNameW.KERNEL32 ref: 000007FEF3941E32

Part of subcall function 000007FEF39486F0: IsProcessorFeaturePresent.KERNEL32 ref: 000007FEF39493A6

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3956DD0, Relevance: 1.5, APIs: 1, Instructions: 40LIBRARYCODE

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000007FEF3956DFB

Part of subcall function 000007FEF3955088: GetLastError.KERNEL32(?,?,?,000007FEF394DC48,?,?,00000000,000007FEF394E32C), ref: 000007FEF3955092
Part of subcall function 000007FEF3955088: SetLastError.KERNEL32(?,?,?,000007FEF394DC48,?,?,00000000,000007FEF394E32C), ref: 000007FEF39550FA
Part of subcall function 000007FEF3955088: SetLastError.KERNEL32(?,?,?,000007FEF394DC48,?,?,00000000,000007FEF394E32C), ref: 000007FEF3955110

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF394CD9C, Relevance: 1.5, APIs: 1, Instructions: 40LIBRARYCODE

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000007FEF394CDB9

Part of subcall function 000007FEF3953874: _invalid_parameter_noinfo.LIBCMT ref: 000007FEF3953888

Part of subcall function 000007FEF39547F0: _invalid_parameter_noinfo.LIBCMT ref: 000007FEF3954884

Part of subcall function 000007FEF3951A40: HeapFree.KERNEL32 ref: 000007FEF3951A56
Part of subcall function 000007FEF3951A40: GetLastError.KERNEL32 ref: 000007FEF3951A68

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF394CE20, Relevance: 1.5, APIs: 1, Instructions: 33LIBRARYCODE

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000007FEF394CE49

Part of subcall function 000007FEF394CD9C: _invalid_parameter_noinfo.LIBCMT ref: 000007FEF394CDB9

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF396139C, Relevance: 1.5, APIs: 1, Instructions: 21

APIs

DecodePointer.KERNEL32 ref: 000007FEF39613C2

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3947A14, Relevance: 1.5, APIs: 1, Instructions: 17

APIs

EncodePointer.KERNEL32(?,?,?,?,000007FEF3947221,?,?,00000000,000007FEF3946FDD), ref: 000007FEF3947A2E

Part of subcall function 000007FEF394F380: IsProcessorFeaturePresent.KERNEL32 ref: 000007FEF394F3A6

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF394EB34, Relevance: 1.3, APIs: 1, Instructions: 36LIBRARYCODE

APIs

HeapAlloc.KERNEL32 ref: 000007FEF394EB89

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF394F3D8, Relevance: 1.3, APIs: 1, Instructions: 29LIBRARYCODE

APIs

HeapAlloc.KERNEL32 ref: 000007FEF394F416

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Non-executed Functions

Function 000007FEF3947D48, Relevance: 143.7, APIs: 41, Strings: 41, Instructions: 209library

APIs

GetModuleHandleW.KERNEL32 ref: 000007FEF3947D55
GetProcAddress.KERNEL32 ref: 000007FEF3947D68
GetProcAddress.KERNEL32 ref: 000007FEF3947D86
GetProcAddress.KERNEL32 ref: 000007FEF3947DA4
GetProcAddress.KERNEL32 ref: 000007FEF3947DC2
GetProcAddress.KERNEL32 ref: 000007FEF3947DE0
GetProcAddress.KERNEL32 ref: 000007FEF3947DFE
GetProcAddress.KERNEL32 ref: 000007FEF3947E1C
GetProcAddress.KERNEL32 ref: 000007FEF3947E3A
GetProcAddress.KERNEL32 ref: 000007FEF3947E58
GetProcAddress.KERNEL32 ref: 000007FEF3947E76
GetProcAddress.KERNEL32 ref: 000007FEF3947E94
GetProcAddress.KERNEL32 ref: 000007FEF3947EB2
GetProcAddress.KERNEL32 ref: 000007FEF3947ED0
GetProcAddress.KERNEL32 ref: 000007FEF3947EEE
GetProcAddress.KERNEL32 ref: 000007FEF3947F0C
GetProcAddress.KERNEL32 ref: 000007FEF3947F2A
GetProcAddress.KERNEL32 ref: 000007FEF3947F48
GetProcAddress.KERNEL32 ref: 000007FEF3947F66
GetProcAddress.KERNEL32 ref: 000007FEF3947F84
GetProcAddress.KERNEL32 ref: 000007FEF3947FA2
GetProcAddress.KERNEL32 ref: 000007FEF3947FC0
GetProcAddress.KERNEL32 ref: 000007FEF3947FDE
GetProcAddress.KERNEL32 ref: 000007FEF3947FFC
GetProcAddress.KERNEL32 ref: 000007FEF394801A
GetProcAddress.KERNEL32 ref: 000007FEF3948038
GetProcAddress.KERNEL32 ref: 000007FEF3948056
GetProcAddress.KERNEL32 ref: 000007FEF3948074
GetProcAddress.KERNEL32 ref: 000007FEF3948092
GetProcAddress.KERNEL32 ref: 000007FEF39480B0
GetProcAddress.KERNEL32 ref: 000007FEF39480CE
GetProcAddress.KERNEL32 ref: 000007FEF39480EC
GetProcAddress.KERNEL32 ref: 000007FEF394810A
GetProcAddress.KERNEL32 ref: 000007FEF3948128
GetProcAddress.KERNEL32 ref: 000007FEF3948146
GetProcAddress.KERNEL32 ref: 000007FEF3948164
GetProcAddress.KERNEL32 ref: 000007FEF3948182
GetProcAddress.KERNEL32 ref: 000007FEF39481A0
GetProcAddress.KERNEL32 ref: 000007FEF39481BE
GetProcAddress.KERNEL32 ref: 000007FEF39481DC
GetProcAddress.KERNEL32 ref: 000007FEF39481FA

Strings

CloseThreadpoolWait, xrefs: 000007FEF3947F19
kernel32.dll, xrefs: 000007FEF3947D4E
WakeAllConditionVariable, xrefs: 000007FEF3948081
WakeConditionVariable, xrefs: 000007FEF3948063
FlsAlloc, xrefs: 000007FEF3947D5E
SleepConditionVariableCS, xrefs: 000007FEF394809F
WaitForThreadpoolTimerCallbacks, xrefs: 000007FEF3947EA1
GetCurrentProcessorNumber, xrefs: 000007FEF3947F73
InitOnceExecuteOnce, xrefs: 000007FEF3947DED
FlsFree, xrefs: 000007FEF3947D75
CreateThreadpoolWork, xrefs: 000007FEF3948153
InitializeSRWLock, xrefs: 000007FEF39480BD
AcquireSRWLockExclusive, xrefs: 000007FEF39480DB
FlushProcessWriteBuffers, xrefs: 000007FEF3947F37
GetLocaleInfoEx, xrefs: 000007FEF39481CB
CreateThreadpoolWait, xrefs: 000007FEF3947EDD
SetThreadpoolWait, xrefs: 000007FEF3947EFB
CreateThreadpoolTimer, xrefs: 000007FEF3947E65
SleepConditionVariableSRW, xrefs: 000007FEF3948135
FlsSetValue, xrefs: 000007FEF3947DB1
CreateSemaphoreW, xrefs: 000007FEF3947E29
GetFileInformationByHandleEx, xrefs: 000007FEF3947FEB
InitializeCriticalSectionEx, xrefs: 000007FEF3947DCF
SubmitThreadpoolWork, xrefs: 000007FEF3948171
GetSystemTimePreciseAsFileTime, xrefs: 000007FEF3948027
CloseThreadpoolTimer, xrefs: 000007FEF3947EBF
GetTickCount64, xrefs: 000007FEF3947FCD
SetThreadpoolTimer, xrefs: 000007FEF3947E83
LCMapStringEx, xrefs: 000007FEF39481E9
SetFileInformationByHandle, xrefs: 000007FEF3948009
GetCurrentPackageId, xrefs: 000007FEF3947FAF
CreateSemaphoreExW, xrefs: 000007FEF3947E47
FreeLibraryWhenCallbackReturns, xrefs: 000007FEF3947F55
TryAcquireSRWLockExclusive, xrefs: 000007FEF39480F9
CreateEventExW, xrefs: 000007FEF3947E0B
ReleaseSRWLockExclusive, xrefs: 000007FEF3948117
CompareStringEx, xrefs: 000007FEF39481AD
CloseThreadpoolWork, xrefs: 000007FEF394818F
InitializeConditionVariable, xrefs: 000007FEF3948045
CreateSymbolicLinkW, xrefs: 000007FEF3947F91
FlsGetValue, xrefs: 000007FEF3947D93

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3949608, Relevance: 10.6, APIs: 7, Instructions: 70

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 000007FEF3949624
RtlCaptureContext.KERNEL32 ref: 000007FEF394964D
RtlLookupFunctionEntry.KERNEL32 ref: 000007FEF3949667
RtlVirtualUnwind.KERNEL32 ref: 000007FEF39496A8
IsDebuggerPresent.KERNEL32 ref: 000007FEF39496FC
SetUnhandledExceptionFilter.KERNEL32 ref: 000007FEF394971D
UnhandledExceptionFilter.KERNEL32 ref: 000007FEF3949728

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF395D5D8, Relevance: 9.2, APIs: 6, Instructions: 208LIBRARYCODE

APIs

Part of subcall function 000007FEF3955088: GetLastError.KERNEL32(?,?,?,000007FEF394DC48,?,?,00000000,000007FEF394E32C), ref: 000007FEF3955092
Part of subcall function 000007FEF3955088: SetLastError.KERNEL32(?,?,?,000007FEF394DC48,?,?,00000000,000007FEF394E32C), ref: 000007FEF39550FA
Part of subcall function 000007FEF3955088: SetLastError.KERNEL32(?,?,?,000007FEF394DC48,?,?,00000000,000007FEF394E32C), ref: 000007FEF3955110

TranslateName.LIBCMT ref: 000007FEF395D642
TranslateName.LIBCMT ref: 000007FEF395D67D

Part of subcall function 000007FEF395D420: GetACP.KERNEL32(?,?,000000A0,000007FEF395D6BE,?,?,?,FFFFFFFE,?,000007FEF3956B18), ref: 000007FEF395D4BE

IsValidCodePage.KERNEL32(?,?,?,FFFFFFFE,?,000007FEF3956B18), ref: 000007FEF395D6DA

Part of subcall function 000007FEF395CBE4: _invalid_parameter_noinfo.LIBCMT ref: 000007FEF395CC0F

Part of subcall function 000007FEF3955724: GetLocaleInfoW.KERNEL32(?,?,FFFFFFFE,000007FEF3956B9F), ref: 000007FEF395579B

wcschr.LIBVCRUNTIME ref: 000007FEF395D76D
wcschr.LIBVCRUNTIME ref: 000007FEF395D77D

Part of subcall function 000007FEF394D230: GetCurrentProcess.KERNEL32(000007FEF3951F45), ref: 000007FEF394D25D

GetLocaleInfoW.KERNEL32 ref: 000007FEF395D865

Part of subcall function 000007FEF39591D0: _invalid_parameter_noinfo.LIBCMT ref: 000007FEF39591F7
Part of subcall function 000007FEF39591D0: _invalid_parameter_noinfo.LIBCMT ref: 000007FEF3959295

Part of subcall function 000007FEF39486F0: IsProcessorFeaturePresent.KERNEL32 ref: 000007FEF39493A6

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF395DFC4, Relevance: 9.2, APIs: 6, Instructions: 174LIBRARYCODE

APIs

Part of subcall function 000007FEF3955088: GetLastError.KERNEL32(?,?,?,000007FEF394DC48,?,?,00000000,000007FEF394E32C), ref: 000007FEF3955092
Part of subcall function 000007FEF3955088: SetLastError.KERNEL32(?,?,?,000007FEF394DC48,?,?,00000000,000007FEF394E32C), ref: 000007FEF39550FA
Part of subcall function 000007FEF3955088: SetLastError.KERNEL32(?,?,?,000007FEF394DC48,?,?,00000000,000007FEF394E32C), ref: 000007FEF3955110

Part of subcall function 000007FEF395D9B4: EnumSystemLocalesW.KERNEL32(?,?,?,000007FEF395E083,?,FFFFFFFE,?,00000000,00000001,00000000,?,000007FEF3956B11), ref: 000007FEF395DA34

Part of subcall function 000007FEF395D8E4: EnumSystemLocalesW.KERNEL32(?,?,?,000007FEF395E0C7,?,FFFFFFFE,?,00000000,00000001,00000000,?,000007FEF3956B11), ref: 000007FEF395D982

EnumSystemLocalesW.KERNEL32(?,FFFFFFFE,?,00000000,00000001,00000000,?,000007FEF3956B11), ref: 000007FEF395E11B
GetUserDefaultLCID.KERNEL32(?,FFFFFFFE,?,00000000), ref: 000007FEF395E134
IsValidCodePage.KERNEL32 ref: 000007FEF395E17F
IsValidLocale.KERNEL32 ref: 000007FEF395E195
GetLocaleInfoW.KERNEL32 ref: 000007FEF395E1F1
GetLocaleInfoW.KERNEL32 ref: 000007FEF395E20D

Part of subcall function 000007FEF39486F0: IsProcessorFeaturePresent.KERNEL32 ref: 000007FEF39493A6

Part of subcall function 000007FEF395DDDC: GetLocaleInfoW.KERNEL32(?,?,?,?,?,?,?,000007FEF395E163), ref: 000007FEF395DE31
Part of subcall function 000007FEF395DDDC: GetLocaleInfoW.KERNEL32(?,?,?,?,?,?,?,000007FEF395E163), ref: 000007FEF395DE5E
Part of subcall function 000007FEF395DDDC: GetACP.KERNEL32(?,?,?,?,?,?,?,000007FEF395E163), ref: 000007FEF395DE74

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF394CFD4, Relevance: 9.1, APIs: 6, Instructions: 83LIBRARYCODE

APIs

RtlCaptureContext.KERNEL32 ref: 000007FEF394D04D
RtlLookupFunctionEntry.KERNEL32 ref: 000007FEF394D065
RtlVirtualUnwind.KERNEL32 ref: 000007FEF394D0A0
IsDebuggerPresent.KERNEL32 ref: 000007FEF394D0D9
SetUnhandledExceptionFilter.KERNEL32 ref: 000007FEF394D0E3
UnhandledExceptionFilter.KERNEL32 ref: 000007FEF394D0EE

Part of subcall function 000007FEF39486F0: IsProcessorFeaturePresent.KERNEL32 ref: 000007FEF39493A6

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF395DDDC, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50LIBRARYCODE

APIs

GetLocaleInfoW.KERNEL32(?,?,?,?,?,?,?,000007FEF395E163), ref: 000007FEF395DE31
GetLocaleInfoW.KERNEL32(?,?,?,?,?,?,?,000007FEF395E163), ref: 000007FEF395DE5E
GetACP.KERNEL32(?,?,?,?,?,?,?,000007FEF395E163), ref: 000007FEF395DE74

Strings

OCP, xrefs: 000007FEF395DE0D
ACP, xrefs: 000007FEF395DDFD

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF394844C, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42

APIs

GetLastError.KERNEL32 ref: 000007FEF39484AD
IsDebuggerPresent.KERNEL32 ref: 000007FEF39484C5
OutputDebugStringW.KERNEL32 ref: 000007FEF39484D6

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 000007FEF39484CF

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF39499C4, Relevance: 6.0, APIs: 4, Instructions: 39timethreadLIBRARYCODE

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 000007FEF39499F0
GetCurrentThreadId.KERNEL32 ref: 000007FEF39499FE
GetCurrentProcessId.KERNEL32 ref: 000007FEF3949A0A
QueryPerformanceCounter.KERNEL32 ref: 000007FEF3949A1A

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF395938C, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000007FEF39593BC

Part of subcall function 000007FEF395F10C: _invalid_parameter_noinfo.LIBCMT ref: 000007FEF395F137

Part of subcall function 000007FEF3951A40: HeapFree.KERNEL32 ref: 000007FEF3951A56
Part of subcall function 000007FEF3951A40: GetLastError.KERNEL32 ref: 000007FEF3951A68

Part of subcall function 000007FEF394D230: GetCurrentProcess.KERNEL32(000007FEF3951F45), ref: 000007FEF394D25D

Part of subcall function 000007FEF3959598: FindFirstFileExA.KERNEL32 ref: 000007FEF3959778

Strings

., xrefs: 000007FEF39597DC
*?, xrefs: 000007FEF39593E3

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF395DA4C, Relevance: 4.7, APIs: 3, Instructions: 165

APIs

Part of subcall function 000007FEF3955088: GetLastError.KERNEL32(?,?,?,000007FEF394DC48,?,?,00000000,000007FEF394E32C), ref: 000007FEF3955092
Part of subcall function 000007FEF3955088: SetLastError.KERNEL32(?,?,?,000007FEF394DC48,?,?,00000000,000007FEF394E32C), ref: 000007FEF39550FA
Part of subcall function 000007FEF3955088: SetLastError.KERNEL32(?,?,?,000007FEF394DC48,?,?,00000000,000007FEF394E32C), ref: 000007FEF3955110

GetLocaleInfoW.KERNEL32 ref: 000007FEF395DAB9

Part of subcall function 000007FEF39591D0: _invalid_parameter_noinfo.LIBCMT ref: 000007FEF39591F7
Part of subcall function 000007FEF39591D0: _invalid_parameter_noinfo.LIBCMT ref: 000007FEF3959295

GetLocaleInfoW.KERNEL32 ref: 000007FEF395DB0B

Part of subcall function 000007FEF395E254: _invalid_parameter_noinfo.LIBCMT ref: 000007FEF395E280
Part of subcall function 000007FEF395E254: _invalid_parameter_noinfo.LIBCMT ref: 000007FEF395E331

GetLocaleInfoW.KERNEL32 ref: 000007FEF395DBD0

Part of subcall function 000007FEF395DE8C: GetLocaleInfoW.KERNEL32(?,?,?,000007FEF395DC4C), ref: 000007FEF395DEC3

Part of subcall function 000007FEF39486F0: IsProcessorFeaturePresent.KERNEL32 ref: 000007FEF39493A6

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3949364, Relevance: 4.5, APIs: 3, Instructions: 13LIBRARYCODE

APIs

SetUnhandledExceptionFilter.KERNEL32 ref: 000007FEF394936F
UnhandledExceptionFilter.KERNEL32 ref: 000007FEF3949378
GetCurrentProcess.KERNEL32 ref: 000007FEF394937E

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3959598, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97

APIs

Part of subcall function 000007FEF394EB34: HeapAlloc.KERNEL32 ref: 000007FEF394EB89

Part of subcall function 000007FEF395F10C: _invalid_parameter_noinfo.LIBCMT ref: 000007FEF395F137

Part of subcall function 000007FEF394D230: GetCurrentProcess.KERNEL32(000007FEF3951F45), ref: 000007FEF394D25D

FindFirstFileExA.KERNEL32 ref: 000007FEF3959778

Strings

., xrefs: 000007FEF39597DC

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3955724, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42LIBRARYCODE

APIs

Part of subcall function 000007FEF3955320: LoadLibraryExW.KERNELBASE ref: 000007FEF39553BC
Part of subcall function 000007FEF3955320: GetLastError.KERNEL32 ref: 000007FEF39553CA
Part of subcall function 000007FEF3955320: LoadLibraryExW.KERNEL32 ref: 000007FEF39553DD
Part of subcall function 000007FEF3955320: FreeLibrary.KERNEL32 ref: 000007FEF3955416
Part of subcall function 000007FEF3955320: GetProcAddress.KERNEL32 ref: 000007FEF3955442

GetLocaleInfoW.KERNEL32(?,?,FFFFFFFE,000007FEF3956B9F), ref: 000007FEF395579B

Strings

GetLocaleInfoEx, xrefs: 000007FEF3955756

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3958924, Relevance: 3.2, APIs: 2, Instructions: 227LIBRARYCODE

APIs

_clrfp.LIBCMT ref: 000007FEF3958B71
RaiseException.KERNEL32 ref: 000007FEF3958B82

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF39566F4, Relevance: 2.6, Strings: 2, Instructions: 128LIBRARYCODE

Strings

_.,, xrefs: 000007FEF3956769
., xrefs: 000007FEF395672F

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF394EDAC, Relevance: 1.8, APIs: 1, Instructions: 339

APIs

Part of subcall function 000007FEF394EB34: HeapAlloc.KERNEL32 ref: 000007FEF394EB89

Part of subcall function 000007FEF3951A40: HeapFree.KERNEL32 ref: 000007FEF3951A56
Part of subcall function 000007FEF3951A40: GetLastError.KERNEL32 ref: 000007FEF3951A68

GetCPInfo.KERNEL32 ref: 000007FEF394EEF6

Part of subcall function 000007FEF3957FB0: MultiByteToWideChar.KERNEL32 ref: 000007FEF3958023
Part of subcall function 000007FEF3957FB0: MultiByteToWideChar.KERNEL32 ref: 000007FEF39580EC
Part of subcall function 000007FEF3957FB0: GetStringTypeW.KERNEL32 ref: 000007FEF3958106

Part of subcall function 000007FEF3957DE8: GetLastError.KERNEL32 ref: 000007FEF3957E8D

Part of subcall function 000007FEF39486F0: IsProcessorFeaturePresent.KERNEL32 ref: 000007FEF39493A6

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF395696C, Relevance: 1.8, APIs: 1, Instructions: 287LIBRARYCODE

APIs

Part of subcall function 000007FEF39486F0: IsProcessorFeaturePresent.KERNEL32 ref: 000007FEF39493A6

Part of subcall function 000007FEF3955724: GetLocaleInfoW.KERNEL32(?,?,FFFFFFFE,000007FEF3956B9F), ref: 000007FEF395579B

Part of subcall function 000007FEF3955088: GetLastError.KERNEL32(?,?,?,000007FEF394DC48,?,?,00000000,000007FEF394E32C), ref: 000007FEF3955092
Part of subcall function 000007FEF3955088: SetLastError.KERNEL32(?,?,?,000007FEF394DC48,?,?,00000000,000007FEF394E32C), ref: 000007FEF39550FA
Part of subcall function 000007FEF3955088: SetLastError.KERNEL32(?,?,?,000007FEF394DC48,?,?,00000000,000007FEF394E32C), ref: 000007FEF3955110

Part of subcall function 000007FEF395CBE4: _invalid_parameter_noinfo.LIBCMT ref: 000007FEF395CC0F

Part of subcall function 000007FEF395D5D8: TranslateName.LIBCMT ref: 000007FEF395D642
Part of subcall function 000007FEF395D5D8: TranslateName.LIBCMT ref: 000007FEF395D67D
Part of subcall function 000007FEF395D5D8: IsValidCodePage.KERNEL32(?,?,?,FFFFFFFE,?,000007FEF3956B18), ref: 000007FEF395D6DA
Part of subcall function 000007FEF395D5D8: wcschr.LIBVCRUNTIME ref: 000007FEF395D76D
Part of subcall function 000007FEF395D5D8: wcschr.LIBVCRUNTIME ref: 000007FEF395D77D
Part of subcall function 000007FEF395D5D8: GetLocaleInfoW.KERNEL32 ref: 000007FEF395D865

Part of subcall function 000007FEF395DFC4: EnumSystemLocalesW.KERNEL32(?,FFFFFFFE,?,00000000,00000001,00000000,?,000007FEF3956B11), ref: 000007FEF395E11B
Part of subcall function 000007FEF395DFC4: GetUserDefaultLCID.KERNEL32(?,FFFFFFFE,?,00000000), ref: 000007FEF395E134
Part of subcall function 000007FEF395DFC4: IsValidCodePage.KERNEL32 ref: 000007FEF395E17F
Part of subcall function 000007FEF395DFC4: IsValidLocale.KERNEL32 ref: 000007FEF395E195
Part of subcall function 000007FEF395DFC4: GetLocaleInfoW.KERNEL32 ref: 000007FEF395E1F1
Part of subcall function 000007FEF395DFC4: GetLocaleInfoW.KERNEL32 ref: 000007FEF395E20D

Part of subcall function 000007FEF39558A8: IsValidLocale.KERNEL32(?,?,00000000,000007FEF3956B7F), ref: 000007FEF39558FD

GetACP.KERNEL32 ref: 000007FEF3956BAB

Part of subcall function 000007FEF3951C9C: _invalid_parameter_noinfo.LIBCMT ref: 000007FEF3951CC2

Part of subcall function 000007FEF394D230: GetCurrentProcess.KERNEL32(000007FEF3951F45), ref: 000007FEF394D25D

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF395DC90, Relevance: 1.6, APIs: 1, Instructions: 69

APIs

Part of subcall function 000007FEF3955088: GetLastError.KERNEL32(?,?,?,000007FEF394DC48,?,?,00000000,000007FEF394E32C), ref: 000007FEF3955092
Part of subcall function 000007FEF3955088: SetLastError.KERNEL32(?,?,?,000007FEF394DC48,?,?,00000000,000007FEF394E32C), ref: 000007FEF39550FA
Part of subcall function 000007FEF3955088: SetLastError.KERNEL32(?,?,?,000007FEF394DC48,?,?,00000000,000007FEF394E32C), ref: 000007FEF3955110

GetLocaleInfoW.KERNEL32 ref: 000007FEF395DCF9

Part of subcall function 000007FEF39591D0: _invalid_parameter_noinfo.LIBCMT ref: 000007FEF39591F7
Part of subcall function 000007FEF39591D0: _invalid_parameter_noinfo.LIBCMT ref: 000007FEF3959295

Part of subcall function 000007FEF39486F0: IsProcessorFeaturePresent.KERNEL32 ref: 000007FEF39493A6

Part of subcall function 000007FEF395DE8C: GetLocaleInfoW.KERNEL32(?,?,?,000007FEF395DC4C), ref: 000007FEF395DEC3

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF395D8E4, Relevance: 1.6, APIs: 1, Instructions: 61LIBRARYCODE

APIs

Part of subcall function 000007FEF3955088: GetLastError.KERNEL32(?,?,?,000007FEF394DC48,?,?,00000000,000007FEF394E32C), ref: 000007FEF3955092
Part of subcall function 000007FEF3955088: SetLastError.KERNEL32(?,?,?,000007FEF394DC48,?,?,00000000,000007FEF394E32C), ref: 000007FEF39550FA
Part of subcall function 000007FEF3955088: SetLastError.KERNEL32(?,?,?,000007FEF394DC48,?,?,00000000,000007FEF394E32C), ref: 000007FEF3955110

EnumSystemLocalesW.KERNEL32(?,?,?,000007FEF395E0C7,?,FFFFFFFE,?,00000000,00000001,00000000,?,000007FEF3956B11), ref: 000007FEF395D982

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF395DE8C, Relevance: 1.6, APIs: 1, Instructions: 50

APIs

Part of subcall function 000007FEF3955088: GetLastError.KERNEL32(?,?,?,000007FEF394DC48,?,?,00000000,000007FEF394E32C), ref: 000007FEF3955092
Part of subcall function 000007FEF3955088: SetLastError.KERNEL32(?,?,?,000007FEF394DC48,?,?,00000000,000007FEF394E32C), ref: 000007FEF39550FA
Part of subcall function 000007FEF3955088: SetLastError.KERNEL32(?,?,?,000007FEF394DC48,?,?,00000000,000007FEF394E32C), ref: 000007FEF3955110

GetLocaleInfoW.KERNEL32(?,?,?,000007FEF395DC4C), ref: 000007FEF395DEC3

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3955288, Relevance: 1.5, APIs: 1, Instructions: 42LIBRARYCODE

APIs

EnumSystemLocalesW.KERNEL32(?,?,00000000,000007FEF395559D,?,?,?,?,?,?,00000000,000007FEF395CEB6), ref: 000007FEF39552DC

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF395D9B4, Relevance: 1.5, APIs: 1, Instructions: 42LIBRARYCODE

APIs

Part of subcall function 000007FEF3955088: GetLastError.KERNEL32(?,?,?,000007FEF394DC48,?,?,00000000,000007FEF394E32C), ref: 000007FEF3955092
Part of subcall function 000007FEF3955088: SetLastError.KERNEL32(?,?,?,000007FEF394DC48,?,?,00000000,000007FEF394E32C), ref: 000007FEF39550FA
Part of subcall function 000007FEF3955088: SetLastError.KERNEL32(?,?,?,000007FEF394DC48,?,?,00000000,000007FEF394E32C), ref: 000007FEF3955110

EnumSystemLocalesW.KERNEL32(?,?,?,000007FEF395E083,?,FFFFFFFE,?,00000000,00000001,00000000,?,000007FEF3956B11), ref: 000007FEF395DA34

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3952BD0, Relevance: 1.4, Strings: 1, Instructions: 139

Strings

@, xrefs: 000007FEF3952C0C

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3957DE8, Relevance: 1.4, APIs: 1, Instructions: 137

APIs

GetLastError.KERNEL32 ref: 000007FEF3957E8D

Part of subcall function 000007FEF395F10C: _invalid_parameter_noinfo.LIBCMT ref: 000007FEF395F137

Part of subcall function 000007FEF3951A40: HeapFree.KERNEL32 ref: 000007FEF3951A56
Part of subcall function 000007FEF3951A40: GetLastError.KERNEL32 ref: 000007FEF3951A68

Part of subcall function 000007FEF39486F0: IsProcessorFeaturePresent.KERNEL32 ref: 000007FEF39493A6

Part of subcall function 000007FEF3955724: GetLocaleInfoW.KERNEL32(?,?,FFFFFFFE,000007FEF3956B9F), ref: 000007FEF395579B

Part of subcall function 000007FEF394D230: GetCurrentProcess.KERNEL32(000007FEF3951F45), ref: 000007FEF394D25D

Part of subcall function 000007FEF394EB34: HeapAlloc.KERNEL32 ref: 000007FEF394EB89

Part of subcall function 000007FEF3957C48: WideCharToMultiByte.KERNEL32 ref: 000007FEF3957D8A

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF395521C, Relevance: 1.3, APIs: 1, Instructions: 7

APIs

GetProcessHeap.KERNEL32 ref: 000007FEF3955220

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF394F50C, Relevance: .5, Instructions: 535

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF395BDA0, Relevance: .3, Instructions: 338

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF395CF80, Relevance: .3, Instructions: 329

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF395E6F4, Relevance: .2, Instructions: 194LIBRARYCODE

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3958EB0, Relevance: .0, Instructions: 32

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF394A2C8, Relevance: 24.8, APIs: 11, Strings: 3, Instructions: 332LIBRARYCODE

APIs

_GetEstablisherFrame.LIBVCRUNTIME ref: 000007FEF394A324

Part of subcall function 000007FEF394B5BC: RtlLookupFunctionEntry.KERNEL32 ref: 000007FEF394B61E

__GetUnwindTryBlock.LIBVCRUNTIME ref: 000007FEF394A332

Part of subcall function 000007FEF394C858: _GetEstablisherFrame.LIBVCRUNTIME ref: 000007FEF394C866

__SetUnwindTryBlock.LIBVCRUNTIME ref: 000007FEF394A359

Part of subcall function 000007FEF394C890: _GetEstablisherFrame.LIBVCRUNTIME ref: 000007FEF394C8A5

__GetUnwindTryBlock.LIBVCRUNTIME ref: 000007FEF394A363
IsInExceptionSpec.LIBVCRUNTIME ref: 000007FEF394A434
_GetRangeOfTrysToCheck.LIBVCRUNTIME ref: 000007FEF394A4FF
__TypeMatch.LIBVCRUNTIME ref: 000007FEF394A590

Part of subcall function 000007FEF394A17C: _GetEstablisherFrame.LIBVCRUNTIME ref: 000007FEF394A1B4
Part of subcall function 000007FEF394A17C: _UnwindNestedFrames.LIBVCRUNTIME ref: 000007FEF394A21F

_ExecutionInCatch.LIBVCRUNTIME ref: 000007FEF394A663
IsInExceptionSpec.LIBVCRUNTIME ref: 000007FEF394A693

Part of subcall function 000007FEF394AA04: __TypeMatch.LIBVCRUNTIME ref: 000007FEF394AA92

_GetEstablisherFrame.LIBVCRUNTIME ref: 000007FEF394A6A9
_UnwindNestedFrames.LIBVCRUNTIME ref: 000007FEF394A6D6

Part of subcall function 000007FEF394BA54: RtlUnwindEx.KERNEL32 ref: 000007FEF394BB57

Part of subcall function 000007FEF394A798: EncodePointer.KERNEL32(?,000007FEF394BBE5,?,?,?,?,?,?,?,000007FEF39492D8), ref: 000007FEF394A7E7
Part of subcall function 000007FEF394A798: _GetRangeOfTrysToCheck.LIBVCRUNTIME ref: 000007FEF394A875

Part of subcall function 000007FEF394BBF8: RtlPcToFileHeader.KERNEL32 ref: 000007FEF394BC75
Part of subcall function 000007FEF394BBF8: RaiseException.KERNEL32 ref: 000007FEF394BCB4

Strings

csm, xrefs: 000007FEF394A4AA
csm, xrefs: 000007FEF394A3E8
csm, xrefs: 000007FEF394A37C

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF39577F8, Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 197LIBRARYCODE

APIs

Part of subcall function 000007FEF395E4E8: _invalid_parameter_noinfo.LIBCMT ref: 000007FEF395E506
Part of subcall function 000007FEF395E4E8: _invalid_parameter_noinfo.LIBCMT ref: 000007FEF395E589

_invalid_parameter_noinfo.LIBCMT ref: 000007FEF3957A80

Strings

, xrefs: 000007FEF39579FA
UTF-16LEUNICODE, xrefs: 000007FEF3957A28
UTF-8, xrefs: 000007FEF3957A05
=, xrefs: 000007FEF39579F2
w, xrefs: 000007FEF395783C
r, xrefs: 000007FEF3957837
, xrefs: 000007FEF3957A6B
a, xrefs: 000007FEF3957832
, xrefs: 000007FEF395782D
, xrefs: 000007FEF39579ED
, xrefs: 000007FEF39579AB
ccs, xrefs: 000007FEF39579CD

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3943610, Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 142sleep

APIs

GetWindowsDirectoryA.KERNEL32 ref: 000007FEF3943690
FindResourceA.KERNEL32 ref: 000007FEF39436F2
LoadResource.KERNEL32 ref: 000007FEF394370E
LockResource.KERNEL32 ref: 000007FEF3943720
SizeofResource.KERNEL32 ref: 000007FEF3943733

Part of subcall function 000007FEF3942530: CreateProcessA.KERNEL32 ref: 000007FEF39425A4
Part of subcall function 000007FEF3942530: CloseHandle.KERNEL32 ref: 000007FEF39425B3
Part of subcall function 000007FEF3942530: CloseHandle.KERNEL32 ref: 000007FEF39425BE

Sleep.KERNEL32 ref: 000007FEF39437BD

Part of subcall function 000007FEF39434B0: OpenSCManagerA.ADVAPI32 ref: 000007FEF39434C0
Part of subcall function 000007FEF39434B0: OpenServiceA.ADVAPI32 ref: 000007FEF39434E7
Part of subcall function 000007FEF39434B0: ChangeServiceConfigA.ADVAPI32 ref: 000007FEF3943528
Part of subcall function 000007FEF39434B0: StartServiceA.ADVAPI32 ref: 000007FEF3943536
Part of subcall function 000007FEF39434B0: CloseServiceHandle.ADVAPI32 ref: 000007FEF394353F
Part of subcall function 000007FEF39434B0: CloseServiceHandle.ADVAPI32 ref: 000007FEF3943548

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3943809
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3943818
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3943827
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3943833

Part of subcall function 000007FEF39486F0: IsProcessorFeaturePresent.KERNEL32 ref: 000007FEF39493A6

Strings

-service, xrefs: 000007FEF394379B
C:\Windows, xrefs: 000007FEF394365F
\wininit.exe, xrefs: 000007FEF39436D2

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF394871C, Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 81library

APIs

Part of subcall function 000007FEF394C284: try_get_function.LIBVCRUNTIME ref: 000007FEF394C2BA
Part of subcall function 000007FEF394C284: InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,?,000007FEF394873F), ref: 000007FEF394C2E0

GetModuleHandleW.KERNEL32 ref: 000007FEF3948746
GetProcAddress.KERNEL32 ref: 000007FEF3948762
GetProcAddress.KERNEL32 ref: 000007FEF3948775
GetProcAddress.KERNEL32 ref: 000007FEF3948788
CreateEventW.KERNEL32 ref: 000007FEF3948810

Part of subcall function 000007FEF3949608: IsProcessorFeaturePresent.KERNEL32 ref: 000007FEF3949624
Part of subcall function 000007FEF3949608: RtlCaptureContext.KERNEL32 ref: 000007FEF394964D
Part of subcall function 000007FEF3949608: RtlLookupFunctionEntry.KERNEL32 ref: 000007FEF3949667
Part of subcall function 000007FEF3949608: RtlVirtualUnwind.KERNEL32 ref: 000007FEF39496A8
Part of subcall function 000007FEF3949608: IsDebuggerPresent.KERNEL32 ref: 000007FEF39496FC
Part of subcall function 000007FEF3949608: SetUnhandledExceptionFilter.KERNEL32 ref: 000007FEF394971D
Part of subcall function 000007FEF3949608: UnhandledExceptionFilter.KERNEL32 ref: 000007FEF3949728

DeleteCriticalSection.KERNEL32 ref: 000007FEF3948847
CloseHandle.KERNEL32 ref: 000007FEF3948859

Strings

kernel32.dll, xrefs: 000007FEF394873F
WakeAllConditionVariable, xrefs: 000007FEF394877B
SleepConditionVariableCS, xrefs: 000007FEF3948768
InitializeConditionVariable, xrefs: 000007FEF3948758

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3941860, Relevance: 13.6, APIs: 9, Instructions: 127

APIs

Part of subcall function 000007FEF3941710: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39417A3
Part of subcall function 000007FEF3941710: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39417B2
Part of subcall function 000007FEF3941710: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39417C1
Part of subcall function 000007FEF3941710: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39417CD

__std_exception_copy.LIBVCRUNTIME ref: 000007FEF3941945
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3941972
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3941981
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3941990
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF394199C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39419D6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39419E5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39419F4
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3941A00

Part of subcall function 000007FEF39486F0: IsProcessorFeaturePresent.KERNEL32 ref: 000007FEF39493A6

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF39434B0, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 42

APIs

OpenSCManagerA.ADVAPI32 ref: 000007FEF39434C0
OpenServiceA.ADVAPI32 ref: 000007FEF39434E7
ChangeServiceConfigA.ADVAPI32 ref: 000007FEF3943528
StartServiceA.ADVAPI32 ref: 000007FEF3943536
CloseServiceHandle.ADVAPI32 ref: 000007FEF394353F
CloseServiceHandle.ADVAPI32 ref: 000007FEF3943548

Strings

Windows Video, xrefs: 000007FEF39434DD

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF395B240, Relevance: 10.8, APIs: 7, Instructions: 294fileLIBRARYCODE

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000007FEF395B364

Part of subcall function 000007FEF394F3D8: HeapAlloc.KERNEL32 ref: 000007FEF394F416

Part of subcall function 000007FEF3951A40: HeapFree.KERNEL32 ref: 000007FEF3951A56
Part of subcall function 000007FEF3951A40: GetLastError.KERNEL32 ref: 000007FEF3951A68

Part of subcall function 000007FEF395A630: _invalid_parameter_noinfo.LIBCMT ref: 000007FEF395A683

GetConsoleMode.KERNEL32 ref: 000007FEF395B4AE
ReadConsoleW.KERNEL32 ref: 000007FEF395B4DD
GetLastError.KERNEL32 ref: 000007FEF395B4E7
ReadFile.KERNEL32 ref: 000007FEF395B52F

Part of subcall function 000007FEF395ABF8: ReadFile.KERNEL32 ref: 000007FEF395ACDE

Part of subcall function 000007FEF395AE28: ReadFile.KERNEL32 ref: 000007FEF395AEFF
Part of subcall function 000007FEF395AE28: MultiByteToWideChar.KERNEL32 ref: 000007FEF395B0D0
Part of subcall function 000007FEF395AE28: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 000007FEF395B0DC

GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000000,000007FEF394764A,000007FEF395EC16), ref: 000007FEF395B639
_invalid_parameter_noinfo.LIBCMT ref: 000007FEF395B685

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3944310, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 229

APIs

Part of subcall function 000007FEF394CED0: _invalid_parameter_noinfo.LIBCMT ref: 000007FEF394CEFE
Part of subcall function 000007FEF394CED0: _invalid_parameter_noinfo.LIBCMT ref: 000007FEF394CF97

_invalid_parameter_noinfo.LIBCMT ref: 000007FEF3944559

Part of subcall function 000007FEF394DBB0: _invalid_parameter_noinfo.LIBCMT ref: 000007FEF394DBDB

Part of subcall function 000007FEF39463D0: new.LIBCMT ref: 000007FEF3946465
Part of subcall function 000007FEF39463D0: new.LIBCMT ref: 000007FEF3946478
Part of subcall function 000007FEF39463D0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39464D7
Part of subcall function 000007FEF39463D0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39464E6
Part of subcall function 000007FEF39463D0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39464F5
Part of subcall function 000007FEF39463D0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3946501

Part of subcall function 000007FEF3947478: std::invalid_argument::invalid_argument.LIBCONCRT ref: 000007FEF3947484

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3944605
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3944614
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3944623
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF394462F

Part of subcall function 000007FEF39486F0: IsProcessorFeaturePresent.KERNEL32 ref: 000007FEF39493A6

Strings

string too long, xrefs: 000007FEF39445C9, 000007FEF39445D6

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF394DCA0, Relevance: 9.2, APIs: 6, Instructions: 223LIBRARYCODE

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000007FEF394DCFC
WideCharToMultiByte.KERNEL32 ref: 000007FEF394DDCD
WideCharToMultiByte.KERNEL32 ref: 000007FEF394DE19
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,00000000,?,00000000,00000000,?,000007FEF394E037), ref: 000007FEF394DE43
WideCharToMultiByte.KERNEL32 ref: 000007FEF394DE96
WideCharToMultiByte.KERNEL32 ref: 000007FEF394DF71

Part of subcall function 000007FEF39486F0: IsProcessorFeaturePresent.KERNEL32 ref: 000007FEF39493A6

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF39463D0, Relevance: 9.1, APIs: 6, Instructions: 111

APIs

new.LIBCMT ref: 000007FEF3946465
new.LIBCMT ref: 000007FEF3946478
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39464D7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39464E6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39464F5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3946501

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3945B60, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 169

APIs

Part of subcall function 000007FEF394D7F8: _invalid_parameter_noinfo.LIBCMT ref: 000007FEF394D82D

Part of subcall function 000007FEF39463D0: new.LIBCMT ref: 000007FEF3946465
Part of subcall function 000007FEF39463D0: new.LIBCMT ref: 000007FEF3946478
Part of subcall function 000007FEF39463D0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39464D7
Part of subcall function 000007FEF39463D0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39464E6
Part of subcall function 000007FEF39463D0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39464F5
Part of subcall function 000007FEF39463D0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3946501

Part of subcall function 000007FEF3947478: std::invalid_argument::invalid_argument.LIBCONCRT ref: 000007FEF3947484

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3945D72
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3945D81
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3945D90
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3945D9C

Part of subcall function 000007FEF39486F0: IsProcessorFeaturePresent.KERNEL32 ref: 000007FEF39493A6

Strings

string too long, xrefs: 000007FEF3945D3E, 000007FEF3945D4B

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF39523A0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29library

APIs

GetModuleHandleExW.KERNEL32 ref: 000007FEF39523C0
GetProcAddress.KERNEL32 ref: 000007FEF39523D6
FreeLibrary.KERNEL32 ref: 000007FEF39523FB

Strings

mscoree.dll, xrefs: 000007FEF39523B7
CorExitProcess, xrefs: 000007FEF39523CF

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3953E0C, Relevance: 7.6, APIs: 5, Instructions: 142fileLIBRARYCODE

APIs

GetConsoleCP.KERNEL32 ref: 000007FEF3953E69
WideCharToMultiByte.KERNEL32 ref: 000007FEF3953F45
WriteFile.KERNEL32 ref: 000007FEF3953F6B
WriteFile.KERNEL32 ref: 000007FEF3953FAA
GetLastError.KERNEL32 ref: 000007FEF3953FE2

Part of subcall function 000007FEF39486F0: IsProcessorFeaturePresent.KERNEL32 ref: 000007FEF39493A6

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF394E0E0, Relevance: 7.6, APIs: 5, Instructions: 133LIBRARYCODE

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000007FEF394E131
MultiByteToWideChar.KERNEL32 ref: 000007FEF394E1A8
GetLastError.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,000007FEF394E360), ref: 000007FEF394E1B9
MultiByteToWideChar.KERNEL32 ref: 000007FEF394E216
MultiByteToWideChar.KERNEL32 ref: 000007FEF394E269

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF395FF00, Relevance: 7.6, APIs: 5, Instructions: 72LIBRARYCODE

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000007FEF395FF30
MultiByteToWideChar.KERNEL32 ref: 000007FEF395FF67
GetLastError.KERNEL32(?,?,?,?,?,000007FEF395EC86), ref: 000007FEF395FF74

Part of subcall function 000007FEF394F3D8: HeapAlloc.KERNEL32 ref: 000007FEF394F416

MultiByteToWideChar.KERNEL32 ref: 000007FEF395FFAC
GetLastError.KERNEL32(?,?,?,?,?,000007FEF395EC86), ref: 000007FEF395FFB6

Part of subcall function 000007FEF3951A40: HeapFree.KERNEL32 ref: 000007FEF3951A56
Part of subcall function 000007FEF3951A40: GetLastError.KERNEL32 ref: 000007FEF3951A68

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3960D23, Relevance: 7.6, APIs: 5, Instructions: 52

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3960D4B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3960D5E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3960D6D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3960D7C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3960D88

Part of subcall function 000007FEF394BBF8: RtlPcToFileHeader.KERNEL32 ref: 000007FEF394BC75
Part of subcall function 000007FEF394BBF8: RaiseException.KERNEL32 ref: 000007FEF394BCB4

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF394A798, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 161LIBRARYCODE

APIs

EncodePointer.KERNEL32(?,000007FEF394BBE5,?,?,?,?,?,?,?,000007FEF39492D8), ref: 000007FEF394A7E7
_GetRangeOfTrysToCheck.LIBVCRUNTIME ref: 000007FEF394A875

Part of subcall function 000007FEF394A17C: _GetEstablisherFrame.LIBVCRUNTIME ref: 000007FEF394A1B4
Part of subcall function 000007FEF394A17C: _UnwindNestedFrames.LIBVCRUNTIME ref: 000007FEF394A21F

Strings

MOC, xrefs: 000007FEF394A7FB
RCC, xrefs: 000007FEF394A803

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3954238, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileLIBRARYCODE

APIs

WideCharToMultiByte.KERNEL32 ref: 000007FEF395431E
WriteFile.KERNEL32 ref: 000007FEF3954351
GetLastError.KERNEL32 ref: 000007FEF3954373

Part of subcall function 000007FEF39486F0: IsProcessorFeaturePresent.KERNEL32 ref: 000007FEF39493A6

Strings

U, xrefs: 000007FEF39542FC

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF395A3D8, Relevance: 6.1, APIs: 4, Instructions: 74

APIs

GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,000007FEF39527F3), ref: 000007FEF395A3F1
WideCharToMultiByte.KERNEL32 ref: 000007FEF395A453

Part of subcall function 000007FEF394F3D8: HeapAlloc.KERNEL32 ref: 000007FEF394F416

WideCharToMultiByte.KERNEL32 ref: 000007FEF395A48D

Part of subcall function 000007FEF3951A40: HeapFree.KERNEL32 ref: 000007FEF3951A56
Part of subcall function 000007FEF3951A40: GetLastError.KERNEL32 ref: 000007FEF3951A68

FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,000007FEF39527F3), ref: 000007FEF395A4B7

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3941710, Relevance: 6.1, APIs: 4, Instructions: 71

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39417A3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39417B2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39417C1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39417CD

Part of subcall function 000007FEF3943D80: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3943DE9
Part of subcall function 000007FEF3943D80: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3943DEF
Part of subcall function 000007FEF3943D80: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3943DF5
Part of subcall function 000007FEF3943D80: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3943DFB

Part of subcall function 000007FEF39486F0: IsProcessorFeaturePresent.KERNEL32 ref: 000007FEF39493A6

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3946482, Relevance: 6.1, APIs: 4, Instructions: 62

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39464D7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39464E6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39464F5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3946501

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3945330, Relevance: 6.1, APIs: 4, Instructions: 57

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39453C2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39453C8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39453CE
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF39453D4

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3943D80, Relevance: 6.1, APIs: 4, Instructions: 54

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3943DE9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3943DEF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3943DF5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000007FEF3943DFB

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF394B18C, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 166LIBRARYCODE

APIs

__FrameUnwindToEmptyState.LIBVCRUNTIME ref: 000007FEF394B2B5

Part of subcall function 000007FEF394B7B4: _GetEstablisherFrame.LIBVCRUNTIME ref: 000007FEF394B7D1

Part of subcall function 000007FEF394AFF8: __GetCurrentState.LIBVCRUNTIME ref: 000007FEF394B039

Part of subcall function 000007FEF394A2C8: _GetEstablisherFrame.LIBVCRUNTIME ref: 000007FEF394A324
Part of subcall function 000007FEF394A2C8: __GetUnwindTryBlock.LIBVCRUNTIME ref: 000007FEF394A332
Part of subcall function 000007FEF394A2C8: __SetUnwindTryBlock.LIBVCRUNTIME ref: 000007FEF394A359
Part of subcall function 000007FEF394A2C8: __GetUnwindTryBlock.LIBVCRUNTIME ref: 000007FEF394A363
Part of subcall function 000007FEF394A2C8: IsInExceptionSpec.LIBVCRUNTIME ref: 000007FEF394A434
Part of subcall function 000007FEF394A2C8: _GetRangeOfTrysToCheck.LIBVCRUNTIME ref: 000007FEF394A4FF
Part of subcall function 000007FEF394A2C8: __TypeMatch.LIBVCRUNTIME ref: 000007FEF394A590
Part of subcall function 000007FEF394A2C8: _ExecutionInCatch.LIBVCRUNTIME ref: 000007FEF394A663
Part of subcall function 000007FEF394A2C8: IsInExceptionSpec.LIBVCRUNTIME ref: 000007FEF394A693
Part of subcall function 000007FEF394A2C8: _GetEstablisherFrame.LIBVCRUNTIME ref: 000007FEF394A6A9
Part of subcall function 000007FEF394A2C8: _UnwindNestedFrames.LIBVCRUNTIME ref: 000007FEF394A6D6

Strings

csm, xrefs: 000007FEF394B1EC
csm, xrefs: 000007FEF394B305

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3942100, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75

APIs

Part of subcall function 000007FEF3941FB0: FindNextFileW.KERNEL32 ref: 000007FEF3941FF2
Part of subcall function 000007FEF3941FB0: FindClose.KERNEL32 ref: 000007FEF3942015

_Wcsftime.LIBCMT ref: 000007FEF394214E

Part of subcall function 000007FEF394E0C0: _wcstombs_s_l.LIBCMT ref: 000007FEF394E0D4

_Wcsftime.LIBCMT ref: 000007FEF394217D

Strings

?, xrefs: 000007FEF394218D

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF3953B74, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70

APIs

GetStdHandle.KERNEL32 ref: 000007FEF3953BE6
GetFileType.KERNEL32 ref: 000007FEF3953BFC

Strings

@, xrefs: 000007FEF3953C27

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF395D420, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50LIBRARYCODE

APIs

Part of subcall function 000007FEF3955724: GetLocaleInfoW.KERNEL32(?,?,FFFFFFFE,000007FEF3956B9F), ref: 000007FEF395579B

GetACP.KERNEL32(?,?,000000A0,000007FEF395D6BE,?,?,?,FFFFFFFE,?,000007FEF3956B18), ref: 000007FEF395D4BE

Strings

OCP, xrefs: 000007FEF395D451
ACP, xrefs: 000007FEF395D441

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF394C21C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28LIBRARYCODE

APIs

try_get_function.LIBVCRUNTIME ref: 000007FEF394C24A

Part of subcall function 000007FEF394BF58: LoadLibraryExW.KERNELBASE(?,?,?,000007FEF394C2BF,?,?,?,000007FEF394873F), ref: 000007FEF394C004
Part of subcall function 000007FEF394BF58: GetLastError.KERNEL32(?,?,?,000007FEF394C2BF,?,?,?,000007FEF394873F), ref: 000007FEF394C017
Part of subcall function 000007FEF394BF58: LoadLibraryExW.KERNEL32(?,?,?,000007FEF394C2BF,?,?,?,000007FEF394873F), ref: 000007FEF394C02A
Part of subcall function 000007FEF394BF58: FreeLibrary.KERNEL32(?,?,?,000007FEF394C2BF,?,?,?,000007FEF394873F), ref: 000007FEF394C067
Part of subcall function 000007FEF394BF58: GetProcAddress.KERNEL32(?,?,?,000007FEF394C2BF,?,?,?,000007FEF394873F), ref: 000007FEF394C09B

TlsSetValue.KERNEL32(?,?,00000000,000007FEF394C766,?,?,?,000007FEF394C5C1,?,?,?,?,000007FEF3948AED), ref: 000007FEF394C26D

Strings

FlsSetValue, xrefs: 000007FEF394C237

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF394C1C8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23LIBRARYCODE

APIs

try_get_function.LIBVCRUNTIME ref: 000007FEF394C1EE

Part of subcall function 000007FEF394BF58: LoadLibraryExW.KERNELBASE(?,?,?,000007FEF394C2BF,?,?,?,000007FEF394873F), ref: 000007FEF394C004
Part of subcall function 000007FEF394BF58: GetLastError.KERNEL32(?,?,?,000007FEF394C2BF,?,?,?,000007FEF394873F), ref: 000007FEF394C017
Part of subcall function 000007FEF394BF58: LoadLibraryExW.KERNEL32(?,?,?,000007FEF394C2BF,?,?,?,000007FEF394873F), ref: 000007FEF394C02A
Part of subcall function 000007FEF394BF58: FreeLibrary.KERNEL32(?,?,?,000007FEF394C2BF,?,?,?,000007FEF394873F), ref: 000007FEF394C067
Part of subcall function 000007FEF394BF58: GetProcAddress.KERNEL32(?,?,?,000007FEF394C2BF,?,?,?,000007FEF394873F), ref: 000007FEF394C09B

TlsGetValue.KERNEL32 ref: 000007FEF394C20B

Strings

FlsGetValue, xrefs: 000007FEF394C1E7

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Function 000007FEF394C174, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23

APIs

try_get_function.LIBVCRUNTIME ref: 000007FEF394C19A

Part of subcall function 000007FEF394BF58: LoadLibraryExW.KERNELBASE(?,?,?,000007FEF394C2BF,?,?,?,000007FEF394873F), ref: 000007FEF394C004
Part of subcall function 000007FEF394BF58: GetLastError.KERNEL32(?,?,?,000007FEF394C2BF,?,?,?,000007FEF394873F), ref: 000007FEF394C017
Part of subcall function 000007FEF394BF58: LoadLibraryExW.KERNEL32(?,?,?,000007FEF394C2BF,?,?,?,000007FEF394873F), ref: 000007FEF394C02A
Part of subcall function 000007FEF394BF58: FreeLibrary.KERNEL32(?,?,?,000007FEF394C2BF,?,?,?,000007FEF394873F), ref: 000007FEF394C067
Part of subcall function 000007FEF394BF58: GetProcAddress.KERNEL32(?,?,?,000007FEF394C2BF,?,?,?,000007FEF394873F), ref: 000007FEF394C09B

TlsFree.KERNEL32(?,?,?,000007FEF394C820,?,?,?,?,000007FEF394C609), ref: 000007FEF394C1B7

Strings

FlsFree, xrefs: 000007FEF394C193

Memory Dump Source

Source File: 00000007.00000001.12602305081.000007FEF3941000.00000020.sdmp, Offset: 000007FEF3940000, based on PE: true

Associated: 00000007.00000001.12602292636.000007FEF3940000.00000002.sdmp
Associated: 00000007.00000001.12602338561.000007FEF3962000.00000002.sdmp
Associated: 00000007.00000001.12602364161.000007FEF3977000.00000008.sdmp
Associated: 00000007.00000001.12602379194.000007FEF3978000.00000004.sdmp
Associated: 00000007.00000001.12602400584.000007FEF397A000.00000002.sdmp
Associated: 00000007.00000001.12602435587.000007FEF397E000.00000008.sdmp
Associated: 00000007.00000001.12602455310.000007FEF397F000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_1_7fef3940000_msiexec.jbxd

Analysis Process: xbox-service.exe PID: 2772 Parent PID: 1180

Execution Graph

Execution Coverage:	4.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	14.6%
Total number of Nodes:	1162
Total number of Limit Nodes:	17

Executed Functions

Function 000000013F1BB640, Relevance: 44.1, APIs: 16, Strings: 9, Instructions: 312
window

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000000013F1B9000: OpenSCManagerA.SECHOST(?,?,?,000000013F1B8DC3), ref: 000000013F1B901E
Part of subcall function 000000013F1B9000: OpenServiceA.ADVAPI32(?,?,?,000000013F1B8DC3), ref: 000000013F1B9037
Part of subcall function 000000013F1B9000: CloseServiceHandle.ADVAPI32(?,?,?,000000013F1B8DC3), ref: 000000013F1B904A
Part of subcall function 000000013F1B9000: CloseServiceHandle.SECHOST(?,?,?,000000013F1B8DC3), ref: 000000013F1B9053

OpenSCManagerA.ADVAPI32 ref: 000000013F1BB68C
LoadStringA.USER32 ref: 000000013F1BB6CD
MessageBoxA.USER32 ref: 000000013F1BB73A
OpenServiceA.ADVAPI32 ref: 000000013F1BB75F
CloseServiceHandle.ADVAPI32 ref: 000000013F1BB774

Part of subcall function 000000013F1C061C: EnterCriticalSection.KERNEL32(?,?,?,000000013F1B8631), ref: 000000013F1C063A
Part of subcall function 000000013F1C061C: LeaveCriticalSection.KERNEL32(?,?,?,000000013F1B8631), ref: 000000013F1C0658
Part of subcall function 000000013F1C061C: RaiseException.KERNEL32(?,?,?,000000013F1B8631), ref: 000000013F1C0691

LoadStringA.USER32 ref: 000000013F1BB7A9
ControlService.ADVAPI32 ref: 000000013F1BB821
GetLastError.KERNEL32 ref: 000000013F1BB82F
MessageBoxA.USER32 ref: 000000013F1BB8AE
DeleteService.ADVAPI32 ref: 000000013F1BB8B7
CloseServiceHandle.ADVAPI32 ref: 000000013F1BB8C2
CloseServiceHandle.ADVAPI32 ref: 000000013F1BB8CB

Part of subcall function 000000013F1B8600: LoadStringA.USER32 ref: 000000013F1B8650

MessageBoxA.USER32 ref: 000000013F1BB946

Part of subcall function 000000013F1C5494: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1C54B9

Part of subcall function 000000013F1BB640: RegDeleteValueA.ADVAPI32 ref: 000000013F1BBAAF
Part of subcall function 000000013F1BB640: RegCloseKey.ADVAPI32 ref: 000000013F1BBAFD
Part of subcall function 000000013F1BB640: RegCloseKey.ADVAPI32 ref: 000000013F1BBB10

Strings

Could not delete service, xrefs: 000000013F1BB8F5
AppID, xrefs: 000000013F1BBA2C
{23D22352-DC86-4346-B298-C56CB6A1C99F}, xrefs: 000000013F1BBACB
LocalService, xrefs: 000000013F1BBAA8
APPID, xrefs: 000000013F1BBABC
Could not open service, xrefs: 000000013F1BB7CA
{23D22352-DC86-4346-B298-C56CB6A1C99F}, xrefs: 000000013F1BBA71
Could not stop service, xrefs: 000000013F1BB863
Could not open Service Manager, xrefs: 000000013F1BB6EE

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1B8DA0, Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 140
window

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000000013F1B9000: OpenSCManagerA.SECHOST(?,?,?,000000013F1B8DC3), ref: 000000013F1B901E
Part of subcall function 000000013F1B9000: OpenServiceA.ADVAPI32(?,?,?,000000013F1B8DC3), ref: 000000013F1B9037
Part of subcall function 000000013F1B9000: CloseServiceHandle.ADVAPI32(?,?,?,000000013F1B8DC3), ref: 000000013F1B904A
Part of subcall function 000000013F1B9000: CloseServiceHandle.SECHOST(?,?,?,000000013F1B8DC3), ref: 000000013F1B9053

GetModuleFileNameA.KERNEL32 ref: 000000013F1B8DDE
OpenSCManagerA.ADVAPI32 ref: 000000013F1B8E29
CreateServiceA.ADVAPI32 ref: 000000013F1B8F29
CloseServiceHandle.ADVAPI32 ref: 000000013F1B8F37

Part of subcall function 000000013F1B8600: LoadStringA.USER32 ref: 000000013F1B8650

MessageBoxA.USER32 ref: 000000013F1B8EA9

Part of subcall function 000000013F1C5494: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1C54B9

CloseServiceHandle.ADVAPI32 ref: 000000013F1B8F98
CloseServiceHandle.ADVAPI32 ref: 000000013F1B8FA1

Strings

RPCSS, xrefs: 000000013F1B8ED4
", xrefs: 000000013F1B8E02
Could not start service, xrefs: 000000013F1B8F59
Could not open Service Manager, xrefs: 000000013F1B8E57

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1BFC90, Relevance: 3.0, APIs: 2, Instructions: 18

APIs

SetUnhandledExceptionFilter.KERNEL32 ref: 000000013F1BFC99
_invalid_parameter_noinfo.LIBCMT ref: 000000013F1CA704

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1BBE90, Relevance: 24.9, APIs: 11, Strings: 3, Instructions: 367

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 000000013F1BBF05
GetLastError.KERNEL32 ref: 000000013F1BBF0F
EnterCriticalSection.KERNEL32 ref: 000000013F1BBF30
LeaveCriticalSection.KERNEL32 ref: 000000013F1BBF43
DeleteCriticalSection.KERNEL32 ref: 000000013F1BBF57
EnterCriticalSection.KERNEL32 ref: 000000013F1BBFD8

Part of subcall function 000000013F1B87B0: RaiseException.KERNEL32(?,?,?,000000013F1B73DA), ref: 000000013F1B885D
Part of subcall function 000000013F1B87B0: RaiseException.KERNEL32(?,?,?,000000013F1B73DA), ref: 000000013F1B8873
Part of subcall function 000000013F1B87B0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,000000013F1B73DA), ref: 000000013F1B8894
Part of subcall function 000000013F1B87B0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,000000013F1B73DA), ref: 000000013F1B88A8

LeaveCriticalSection.KERNEL32 ref: 000000013F1BBFEB
DeleteCriticalSection.KERNEL32 ref: 000000013F1BBFFF
GetModuleFileNameA.KERNEL32 ref: 000000013F1BC04C
_invalid_parameter_noinfo.LIBCMT ref: 000000013F1BC2E8

Part of subcall function 000000013F1B85D0: GetLastError.KERNEL32 ref: 000000013F1B85D4

Part of subcall function 000000013F1B8500: MultiByteToWideChar.KERNEL32 ref: 000000013F1B8535

Part of subcall function 000000013F1B73B0: EnterCriticalSection.KERNEL32 ref: 000000013F1B73CB
Part of subcall function 000000013F1B73B0: LeaveCriticalSection.KERNEL32 ref: 000000013F1B73DE
Part of subcall function 000000013F1B73B0: DeleteCriticalSection.KERNEL32 ref: 000000013F1B73F2

GetModuleHandleA.KERNEL32 ref: 000000013F1BC1EF

Part of subcall function 000000013F1B7B80: EnterCriticalSection.KERNEL32 ref: 000000013F1B7BD4
Part of subcall function 000000013F1B7B80: LeaveCriticalSection.KERNEL32 ref: 000000013F1B7CB6

Strings

Module_Raw, xrefs: 000000013F1BC31C
Module, xrefs: 000000013F1BC29B
REGISTRY, xrefs: 000000013F1BC360

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1B9F70, Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 106
registry

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000000013F1BB640: OpenSCManagerA.ADVAPI32 ref: 000000013F1BB68C
Part of subcall function 000000013F1BB640: LoadStringA.USER32 ref: 000000013F1BB6CD
Part of subcall function 000000013F1BB640: MessageBoxA.USER32 ref: 000000013F1BB73A
Part of subcall function 000000013F1BB640: OpenServiceA.ADVAPI32 ref: 000000013F1BB75F
Part of subcall function 000000013F1BB640: CloseServiceHandle.ADVAPI32 ref: 000000013F1BB774
Part of subcall function 000000013F1BB640: LoadStringA.USER32 ref: 000000013F1BB7A9
Part of subcall function 000000013F1BB640: ControlService.ADVAPI32 ref: 000000013F1BB821
Part of subcall function 000000013F1BB640: GetLastError.KERNEL32 ref: 000000013F1BB82F
Part of subcall function 000000013F1BB640: MessageBoxA.USER32 ref: 000000013F1BB8AE
Part of subcall function 000000013F1BB640: DeleteService.ADVAPI32 ref: 000000013F1BB8B7
Part of subcall function 000000013F1BB640: CloseServiceHandle.ADVAPI32 ref: 000000013F1BB8C2
Part of subcall function 000000013F1BB640: CloseServiceHandle.ADVAPI32 ref: 000000013F1BB8CB
Part of subcall function 000000013F1BB640: MessageBoxA.USER32 ref: 000000013F1BB946
Part of subcall function 000000013F1BB640: RegDeleteValueA.ADVAPI32 ref: 000000013F1BBAAF
Part of subcall function 000000013F1BB640: RegCloseKey.ADVAPI32 ref: 000000013F1BBAFD
Part of subcall function 000000013F1BB640: RegCloseKey.ADVAPI32 ref: 000000013F1BBB10

Part of subcall function 000000013F1BBE90: InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 000000013F1BBF05
Part of subcall function 000000013F1BBE90: GetLastError.KERNEL32 ref: 000000013F1BBF0F
Part of subcall function 000000013F1BBE90: EnterCriticalSection.KERNEL32 ref: 000000013F1BBF30
Part of subcall function 000000013F1BBE90: LeaveCriticalSection.KERNEL32 ref: 000000013F1BBF43
Part of subcall function 000000013F1BBE90: DeleteCriticalSection.KERNEL32 ref: 000000013F1BBF57
Part of subcall function 000000013F1BBE90: EnterCriticalSection.KERNEL32 ref: 000000013F1BBFD8
Part of subcall function 000000013F1BBE90: LeaveCriticalSection.KERNEL32 ref: 000000013F1BBFEB
Part of subcall function 000000013F1BBE90: DeleteCriticalSection.KERNEL32 ref: 000000013F1BBFFF
Part of subcall function 000000013F1BBE90: GetModuleFileNameA.KERNEL32 ref: 000000013F1BC04C
Part of subcall function 000000013F1BBE90: GetModuleHandleA.KERNEL32 ref: 000000013F1BC1EF
Part of subcall function 000000013F1BBE90: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1BC2E8

Part of subcall function 000000013F1B9590: GetModuleHandleA.KERNEL32 ref: 000000013F1B95CD
Part of subcall function 000000013F1B9590: GetProcAddress.KERNEL32 ref: 000000013F1B95E9
Part of subcall function 000000013F1B9590: RegOpenKeyExA.ADVAPI32 ref: 000000013F1B963F
Part of subcall function 000000013F1B9590: RegCloseKey.ADVAPI32 ref: 000000013F1B9651

RegCreateKeyExA.ADVAPI32 ref: 000000013F1BA06A
RegDeleteValueA.KERNEL32 ref: 000000013F1BA086
RegSetValueExA.ADVAPI32 ref: 000000013F1BA0C6

Part of subcall function 000000013F1B8DA0: GetModuleFileNameA.KERNEL32 ref: 000000013F1B8DDE
Part of subcall function 000000013F1B8DA0: OpenSCManagerA.ADVAPI32 ref: 000000013F1B8E29
Part of subcall function 000000013F1B8DA0: MessageBoxA.USER32 ref: 000000013F1B8EA9
Part of subcall function 000000013F1B8DA0: CreateServiceA.ADVAPI32 ref: 000000013F1B8F29
Part of subcall function 000000013F1B8DA0: CloseServiceHandle.ADVAPI32 ref: 000000013F1B8F37
Part of subcall function 000000013F1B8DA0: CloseServiceHandle.ADVAPI32 ref: 000000013F1B8F98
Part of subcall function 000000013F1B8DA0: CloseServiceHandle.ADVAPI32 ref: 000000013F1B8FA1

RegCloseKey.ADVAPI32 ref: 000000013F1BA0F0
RegCloseKey.ADVAPI32 ref: 000000013F1BA10B

Strings

AppID, xrefs: 000000013F1B9FDC
LocalService, xrefs: 000000013F1BA07C, 000000013F1BA0AA
{23D22352-DC86-4346-B298-C56CB6A1C99F}, xrefs: 000000013F1B9FAF
APPID, xrefs: 000000013F1B9F9E
{23D22352-DC86-4346-B298-C56CB6A1C99F}, xrefs: 000000013F1BA02C

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1BA300, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 209
library

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000000013F1B86B0: WideCharToMultiByte.KERNEL32 ref: 000000013F1B86EF

LoadLibraryExA.KERNELBASE ref: 000000013F1BA41F
LoadLibraryExA.KERNEL32 ref: 000000013F1BA43A
FindResourceA.KERNEL32 ref: 000000013F1BA461
LoadResource.KERNEL32 ref: 000000013F1BA47F
FreeLibrary.KERNEL32 ref: 000000013F1BA552

Part of subcall function 000000013F1B85D0: GetLastError.KERNEL32 ref: 000000013F1B85D4

SizeofResource.KERNEL32 ref: 000000013F1BA4A1

Part of subcall function 000000013F1BA120: lstrcmpi.KERNEL32(00000000,00000000,?,00000000,000000013F1BA548), ref: 000000013F1BA1D8
Part of subcall function 000000013F1BA120: CoTaskMemFree.OLE32 ref: 000000013F1BA210
Part of subcall function 000000013F1BA120: CharNextA.USER32 ref: 000000013F1BA2E4

Strings

REGISTRY, xrefs: 000000013F1BA303

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1B98A0, Relevance: 10.6, APIs: 6, Strings: 1, Instructions: 100

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000000013F1B9690: CharNextA.USER32 ref: 000000013F1B96EE
Part of subcall function 000000013F1B9690: CharNextA.USER32 ref: 000000013F1B96FC
Part of subcall function 000000013F1B9690: CharNextA.USER32 ref: 000000013F1B9724
Part of subcall function 000000013F1B9690: CharNextA.USER32 ref: 000000013F1B97BB
Part of subcall function 000000013F1B9690: CharNextA.USER32 ref: 000000013F1B97CC
Part of subcall function 000000013F1B9690: CharNextA.USER32 ref: 000000013F1B97E2

CharNextA.USER32 ref: 000000013F1B990E
CharNextA.USER32 ref: 000000013F1B991C
CharNextA.USER32 ref: 000000013F1B9944

Part of subcall function 000000013F1BC500: CharUpperA.USER32 ref: 000000013F1BC51E
Part of subcall function 000000013F1BC500: CharUpperA.USER32 ref: 000000013F1BC52B
Part of subcall function 000000013F1BC500: CharNextA.USER32 ref: 000000013F1BC554
Part of subcall function 000000013F1BC500: CharNextA.USER32 ref: 000000013F1BC560
Part of subcall function 000000013F1BC500: CharUpperA.USER32 ref: 000000013F1BC56D
Part of subcall function 000000013F1BC500: CharUpperA.USER32 ref: 000000013F1BC57A

CharNextA.USER32 ref: 000000013F1B998E
CharNextA.USER32 ref: 000000013F1B999C
CharNextA.USER32 ref: 000000013F1B99B2

Part of subcall function 000000013F1B9F70: RegCreateKeyExA.ADVAPI32 ref: 000000013F1BA06A
Part of subcall function 000000013F1B9F70: RegDeleteValueA.KERNEL32 ref: 000000013F1BA086
Part of subcall function 000000013F1B9F70: RegSetValueExA.ADVAPI32 ref: 000000013F1BA0C6
Part of subcall function 000000013F1B9F70: RegCloseKey.ADVAPI32 ref: 000000013F1BA0F0
Part of subcall function 000000013F1B9F70: RegCloseKey.ADVAPI32 ref: 000000013F1BA10B

Strings

Service, xrefs: 000000013F1B9960

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1B9590, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 66
registrylibrary

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32 ref: 000000013F1B95CD
GetProcAddress.KERNEL32 ref: 000000013F1B95E9
RegOpenKeyExA.ADVAPI32 ref: 000000013F1B963F
RegCloseKey.ADVAPI32 ref: 000000013F1B9651

Strings

RegOpenKeyTransactedA, xrefs: 000000013F1B95DF
Advapi32.dll, xrefs: 000000013F1B95C6

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1CF900, Relevance: 7.6, APIs: 5, Instructions: 114
libraryLIBRARYCODE

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE ref: 000000013F1CF99C
GetLastError.KERNEL32 ref: 000000013F1CF9AA
LoadLibraryExW.KERNEL32 ref: 000000013F1CF9BD
FreeLibrary.KERNEL32 ref: 000000013F1CF9F6
GetProcAddress.KERNEL32 ref: 000000013F1CFA22

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1BA120, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 119
string

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000000013F1B9A00: CoTaskMemAlloc.OLE32 ref: 000000013F1B9A8D
Part of subcall function 000000013F1B9A00: CharNextA.USER32 ref: 000000013F1B9AFA
Part of subcall function 000000013F1B9A00: CharNextA.USER32 ref: 000000013F1B9B06
Part of subcall function 000000013F1B9A00: CharNextA.USER32 ref: 000000013F1B9B12
Part of subcall function 000000013F1B9A00: CharNextA.USER32 ref: 000000013F1B9B1E
Part of subcall function 000000013F1B9A00: CharNextA.USER32 ref: 000000013F1B9B59
Part of subcall function 000000013F1B9A00: CharNextA.USER32 ref: 000000013F1B9B6C
Part of subcall function 000000013F1B9A00: CharNextA.USER32 ref: 000000013F1B9B7B
Part of subcall function 000000013F1B9A00: CharNextA.USER32 ref: 000000013F1B9BE8
Part of subcall function 000000013F1B9A00: CharNextA.USER32 ref: 000000013F1B9C95
Part of subcall function 000000013F1B9A00: CharNextA.USER32 ref: 000000013F1B9CA5
Part of subcall function 000000013F1B9A00: CharNextA.USER32 ref: 000000013F1B9CC4
Part of subcall function 000000013F1B9A00: CoTaskMemFree.OLE32 ref: 000000013F1B9D26

Part of subcall function 000000013F1B93B0: CharNextA.USER32 ref: 000000013F1B93E8
Part of subcall function 000000013F1B93B0: CharNextA.USER32 ref: 000000013F1B9423
Part of subcall function 000000013F1B93B0: CharNextA.USER32 ref: 000000013F1B9439
Part of subcall function 000000013F1B93B0: CharNextA.USER32 ref: 000000013F1B944C
Part of subcall function 000000013F1B93B0: CharNextA.USER32 ref: 000000013F1B945B
Part of subcall function 000000013F1B93B0: CharNextA.USER32 ref: 000000013F1B94B5
Part of subcall function 000000013F1B93B0: CharNextA.USER32 ref: 000000013F1B94D9

lstrcmpi.KERNEL32(00000000,00000000,?,00000000,000000013F1BA548), ref: 000000013F1BA1D8
CoTaskMemFree.OLE32 ref: 000000013F1BA210

Part of subcall function 000000013F1BA5F0: lstrcmpiA.KERNEL32(?,00000000,00000000,0000000100002600,000000013F1BA2B9), ref: 000000013F1BA677
Part of subcall function 000000013F1BA5F0: lstrcmpiA.KERNEL32 ref: 000000013F1BA68F
Part of subcall function 000000013F1BA5F0: CharNextA.USER32 ref: 000000013F1BA6E4
Part of subcall function 000000013F1BA5F0: lstrcmpiA.KERNEL32 ref: 000000013F1BA716
Part of subcall function 000000013F1BA5F0: lstrcmpiA.KERNEL32 ref: 000000013F1BA786
Part of subcall function 000000013F1BA5F0: lstrcmpiA.KERNEL32 ref: 000000013F1BA7B8
Part of subcall function 000000013F1BA5F0: RegDeleteValueA.ADVAPI32 ref: 000000013F1BA87D
Part of subcall function 000000013F1BA5F0: RegCloseKey.ADVAPI32 ref: 000000013F1BA896
Part of subcall function 000000013F1BA5F0: CharNextA.USER32 ref: 000000013F1BA8C4
Part of subcall function 000000013F1BA5F0: GetModuleHandleA.KERNEL32 ref: 000000013F1BA949
Part of subcall function 000000013F1BA5F0: GetProcAddress.KERNEL32 ref: 000000013F1BA966
Part of subcall function 000000013F1BA5F0: RegCreateKeyExA.ADVAPI32 ref: 000000013F1BA9F6
Part of subcall function 000000013F1BA5F0: RegCloseKey.ADVAPI32 ref: 000000013F1BAA0F
Part of subcall function 000000013F1BA5F0: lstrcmpiA.KERNEL32 ref: 000000013F1BAC07
Part of subcall function 000000013F1BA5F0: RegCloseKey.ADVAPI32 ref: 000000013F1BAC5D
Part of subcall function 000000013F1BA5F0: RegCloseKey.ADVAPI32 ref: 000000013F1BACC5
Part of subcall function 000000013F1BA5F0: RegCloseKey.ADVAPI32 ref: 000000013F1BACDF
Part of subcall function 000000013F1BA5F0: RegCloseKey.ADVAPI32(?,00000000,00000000,0000000100002600,000000013F1BA2B9), ref: 000000013F1BAD28

CharNextA.USER32 ref: 000000013F1BA2E4

Strings

{, xrefs: 000000013F1BA265

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1BB590, Relevance: 6.1, APIs: 4, Instructions: 78
windowstring

Control-flow Graph

Executed
Not Executed

APIs

EnterCriticalSection.KERNEL32 ref: 000000013F1BB5B2
lstrcmpiA.KERNEL32 ref: 000000013F1BB5CE
LeaveCriticalSection.KERNEL32 ref: 000000013F1BB5E7

Part of subcall function 000000013F1B8600: LoadStringA.USER32 ref: 000000013F1B8650

Part of subcall function 000000013F1BB640: RegDeleteValueA.ADVAPI32 ref: 000000013F1BBAAF
Part of subcall function 000000013F1BB640: RegCloseKey.ADVAPI32 ref: 000000013F1BBAFD
Part of subcall function 000000013F1BB640: RegCloseKey.ADVAPI32 ref: 000000013F1BBB10

RaiseException.KERNEL32 ref: 000000013F1BB633

Part of subcall function 000000013F1B9000: OpenSCManagerA.SECHOST(?,?,?,000000013F1B8DC3), ref: 000000013F1B901E
Part of subcall function 000000013F1B9000: OpenServiceA.ADVAPI32(?,?,?,000000013F1B8DC3), ref: 000000013F1B9037
Part of subcall function 000000013F1B9000: CloseServiceHandle.ADVAPI32(?,?,?,000000013F1B8DC3), ref: 000000013F1B904A
Part of subcall function 000000013F1B9000: CloseServiceHandle.SECHOST(?,?,?,000000013F1B8DC3), ref: 000000013F1B9053

OpenSCManagerA.ADVAPI32 ref: 000000013F1BB68C
LoadStringA.USER32 ref: 000000013F1BB6CD
MessageBoxA.USER32 ref: 000000013F1BB73A
OpenServiceA.ADVAPI32 ref: 000000013F1BB75F
CloseServiceHandle.ADVAPI32 ref: 000000013F1BB774

Part of subcall function 000000013F1C061C: EnterCriticalSection.KERNEL32(?,?,?,000000013F1B8631), ref: 000000013F1C063A
Part of subcall function 000000013F1C061C: LeaveCriticalSection.KERNEL32(?,?,?,000000013F1B8631), ref: 000000013F1C0658
Part of subcall function 000000013F1C061C: RaiseException.KERNEL32(?,?,?,000000013F1B8631), ref: 000000013F1C0691

LoadStringA.USER32 ref: 000000013F1BB7A9
ControlService.ADVAPI32 ref: 000000013F1BB821
GetLastError.KERNEL32 ref: 000000013F1BB82F
MessageBoxA.USER32 ref: 000000013F1BB8AE
DeleteService.ADVAPI32 ref: 000000013F1BB8B7
CloseServiceHandle.ADVAPI32 ref: 000000013F1BB8C2
CloseServiceHandle.ADVAPI32 ref: 000000013F1BB8CB
MessageBoxA.USER32 ref: 000000013F1BB946

Part of subcall function 000000013F1C5494: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1C54B9

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1D4214, Relevance: 6.1, APIs: 4, Instructions: 74

Control-flow Graph

Executed
Not Executed

APIs

GetEnvironmentStringsW.KERNELBASE(?,?,?,?,?,?,?,000000013F1C88CB), ref: 000000013F1D422D
WideCharToMultiByte.KERNEL32 ref: 000000013F1D428F

Part of subcall function 000000013F1CB4A0: HeapAlloc.KERNEL32 ref: 000000013F1CB4DE

WideCharToMultiByte.KERNEL32 ref: 000000013F1D42C9

Part of subcall function 000000013F1CB460: HeapFree.KERNEL32 ref: 000000013F1CB476
Part of subcall function 000000013F1CB460: GetLastError.KERNEL32 ref: 000000013F1CB488

FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,000000013F1C88CB), ref: 000000013F1D42F3

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1B9000, Relevance: 6.0, APIs: 4, Instructions: 30

Control-flow Graph

Executed
Not Executed

APIs

OpenSCManagerA.SECHOST(?,?,?,000000013F1B8DC3), ref: 000000013F1B901E
OpenServiceA.ADVAPI32(?,?,?,000000013F1B8DC3), ref: 000000013F1B9037
CloseServiceHandle.ADVAPI32(?,?,?,000000013F1B8DC3), ref: 000000013F1B904A
CloseServiceHandle.SECHOST(?,?,?,000000013F1B8DC3), ref: 000000013F1B9053

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1C476C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32

Control-flow Graph

Executed
Not Executed

APIs

try_get_function.LIBVCRUNTIME ref: 000000013F1C47A2

Part of subcall function 000000013F1C4440: LoadLibraryExW.KERNELBASE(?,?,?,000000013F1C47A7,?,?,?,000000013F1C4D08,?,?,00000001,000000013F1C43FF), ref: 000000013F1C44EC
Part of subcall function 000000013F1C4440: GetLastError.KERNEL32(?,?,?,000000013F1C47A7,?,?,?,000000013F1C4D08,?,?,00000001,000000013F1C43FF), ref: 000000013F1C44FF
Part of subcall function 000000013F1C4440: LoadLibraryExW.KERNEL32(?,?,?,000000013F1C47A7,?,?,?,000000013F1C4D08,?,?,00000001,000000013F1C43FF), ref: 000000013F1C4512
Part of subcall function 000000013F1C4440: FreeLibrary.KERNEL32(?,?,?,000000013F1C47A7,?,?,?,000000013F1C4D08,?,?,00000001,000000013F1C43FF), ref: 000000013F1C454F
Part of subcall function 000000013F1C4440: GetProcAddress.KERNEL32(?,?,?,000000013F1C47A7,?,?,?,000000013F1C4D08,?,?,00000001,000000013F1C43FF), ref: 000000013F1C4583

InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,?,000000013F1C4D08,?,?,00000001,000000013F1C43FF,?,?,?,?,000000013F1BF4FB), ref: 000000013F1C47C8

Strings

InitializeCriticalSectionEx, xrefs: 000000013F1C4796

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1C4608, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22

Control-flow Graph

Executed
Not Executed

APIs

try_get_function.LIBVCRUNTIME ref: 000000013F1C462F

Part of subcall function 000000013F1C4440: LoadLibraryExW.KERNELBASE(?,?,?,000000013F1C47A7,?,?,?,000000013F1C4D08,?,?,00000001,000000013F1C43FF), ref: 000000013F1C44EC
Part of subcall function 000000013F1C4440: GetLastError.KERNEL32(?,?,?,000000013F1C47A7,?,?,?,000000013F1C4D08,?,?,00000001,000000013F1C43FF), ref: 000000013F1C44FF
Part of subcall function 000000013F1C4440: LoadLibraryExW.KERNEL32(?,?,?,000000013F1C47A7,?,?,?,000000013F1C4D08,?,?,00000001,000000013F1C43FF), ref: 000000013F1C4512
Part of subcall function 000000013F1C4440: FreeLibrary.KERNEL32(?,?,?,000000013F1C47A7,?,?,?,000000013F1C4D08,?,?,00000001,000000013F1C43FF), ref: 000000013F1C454F
Part of subcall function 000000013F1C4440: GetProcAddress.KERNEL32(?,?,?,000000013F1C47A7,?,?,?,000000013F1C4D08,?,?,00000001,000000013F1C43FF), ref: 000000013F1C4583

TlsAlloc.KERNEL32(?,?,?,000000013F1C4A7C,?,?,?,?,000000013F1C440C,?,?,?,?,000000013F1BF4FB), ref: 000000013F1C464B

Strings

FlsAlloc, xrefs: 000000013F1C4628

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1D7C5C, Relevance: 4.7, APIs: 3, Instructions: 238
LIBRARYCODE

Control-flow Graph

Executed
Not Executed

APIs

MultiByteToWideChar.KERNEL32 ref: 000000013F1D7CE3
MultiByteToWideChar.KERNEL32 ref: 000000013F1D7DA8

Part of subcall function 000000013F1CFFD4: LCMapStringW.KERNEL32 ref: 000000013F1D00A2

Part of subcall function 000000013F1CB4A0: HeapAlloc.KERNEL32 ref: 000000013F1CB4DE

WideCharToMultiByte.KERNEL32 ref: 000000013F1D7F38

Part of subcall function 000000013F1CB460: HeapFree.KERNEL32 ref: 000000013F1CB476
Part of subcall function 000000013F1CB460: GetLastError.KERNEL32 ref: 000000013F1CB488

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1C83D4, Relevance: 4.5, APIs: 3, Instructions: 19

APIs

GetCurrentProcess.KERNEL32(?,?,?,000000013F1C83B8), ref: 000000013F1C83FC
TerminateProcess.KERNEL32(?,?,?,000000013F1C83B8), ref: 000000013F1C8407

Part of subcall function 000000013F1C8420: GetModuleHandleExW.KERNEL32 ref: 000000013F1C8440
Part of subcall function 000000013F1C8420: GetProcAddress.KERNEL32 ref: 000000013F1C8456
Part of subcall function 000000013F1C8420: FreeLibrary.KERNEL32 ref: 000000013F1C847B

ExitProcess.KERNEL32 ref: 000000013F1C8416

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1D3AC0, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 126

APIs

GetCPInfo.KERNEL32 ref: 000000013F1D3AF6

Part of subcall function 000000013F1D5D3C: MultiByteToWideChar.KERNEL32 ref: 000000013F1D5DAF
Part of subcall function 000000013F1D5D3C: MultiByteToWideChar.KERNEL32 ref: 000000013F1D5E78
Part of subcall function 000000013F1D5D3C: GetStringTypeW.KERNEL32 ref: 000000013F1D5E92

Strings

, xrefs: 000000013F1D3B3B

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1CFFD4, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56LIBRARYCODE

APIs

Part of subcall function 000000013F1CF900: LoadLibraryExW.KERNELBASE ref: 000000013F1CF99C
Part of subcall function 000000013F1CF900: GetLastError.KERNEL32 ref: 000000013F1CF9AA
Part of subcall function 000000013F1CF900: LoadLibraryExW.KERNEL32 ref: 000000013F1CF9BD
Part of subcall function 000000013F1CF900: FreeLibrary.KERNEL32 ref: 000000013F1CF9F6
Part of subcall function 000000013F1CF900: GetProcAddress.KERNEL32 ref: 000000013F1CFA22

LCMapStringW.KERNEL32 ref: 000000013F1D00A2

Strings

LCMapStringEx, xrefs: 000000013F1D0006

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1CFE68, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32LIBRARYCODE

APIs

Part of subcall function 000000013F1CF900: LoadLibraryExW.KERNELBASE ref: 000000013F1CF99C
Part of subcall function 000000013F1CF900: GetLastError.KERNEL32 ref: 000000013F1CF9AA
Part of subcall function 000000013F1CF900: LoadLibraryExW.KERNEL32 ref: 000000013F1CF9BD
Part of subcall function 000000013F1CF900: FreeLibrary.KERNEL32 ref: 000000013F1CF9F6
Part of subcall function 000000013F1CF900: GetProcAddress.KERNEL32 ref: 000000013F1CFA22

InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,-00000018,000000013F1D0BCE,?,?,?,000000013F1D0A9A,?,?,?,000000013F1CB3DE), ref: 000000013F1CFEC5

Strings

InitializeCriticalSectionEx, xrefs: 000000013F1CFE92

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1CFB94, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22

APIs

Part of subcall function 000000013F1CF900: LoadLibraryExW.KERNELBASE ref: 000000013F1CF99C
Part of subcall function 000000013F1CF900: GetLastError.KERNEL32 ref: 000000013F1CF9AA
Part of subcall function 000000013F1CF900: LoadLibraryExW.KERNEL32 ref: 000000013F1CF9BD
Part of subcall function 000000013F1CF900: FreeLibrary.KERNEL32 ref: 000000013F1CF9F6
Part of subcall function 000000013F1CF900: GetProcAddress.KERNEL32 ref: 000000013F1CFA22

TlsAlloc.KERNEL32(?,?,?,000000013F1CF730), ref: 000000013F1CFBD8

Strings

FlsAlloc, xrefs: 000000013F1CFBB4

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1D3F44, Relevance: 3.2, APIs: 2, Instructions: 186

APIs

Part of subcall function 000000013F1D39B0: GetOEMCP.KERNEL32(?,?,?,?,?,?,FFFFFFFD,000000013F1D3CCD,?,?,?,?,?,?,?,000000013F1D3E75), ref: 000000013F1D39DA
Part of subcall function 000000013F1D39B0: GetACP.KERNEL32(?,?,?,?,?,?,FFFFFFFD,000000013F1D3CCD,?,?,?,?,?,?,?,000000013F1D3E75), ref: 000000013F1D39F1

IsValidCodePage.KERNEL32(?,?,?,00000000,?,00000000,00000001,000000013F1D3D80,?,?,?,?,?,?,?,000000013F1D3E75), ref: 000000013F1D3FBE
GetCPInfo.KERNEL32(?,?,?,00000000,?,00000000,00000001,000000013F1D3D80,?,?,?,?,?,?,?,000000013F1D3E75), ref: 000000013F1D3FD3

Part of subcall function 000000013F1D3AC0: GetCPInfo.KERNEL32 ref: 000000013F1D3AF6

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1BFCAC, Relevance: 3.1, APIs: 2, Instructions: 89

APIs

__scrt_acquire_startup_lock.LIBCMT ref: 000000013F1BFCD7

Part of subcall function 000000013F1C0294: GetStartupInfoW.KERNEL32 ref: 000000013F1C02B0

Part of subcall function 000000013F1BEFA0: GetCommandLineA.KERNEL32 ref: 000000013F1BEFCA

__scrt_is_managed_app.LIBCMT ref: 000000013F1BFDC5

Part of subcall function 000000013F1C02D0: GetModuleHandleW.KERNEL32(?,?,?,?,000000013F1BFDCA), ref: 000000013F1C02D6

Part of subcall function 000000013F1C014C: IsProcessorFeaturePresent.KERNEL32 ref: 000000013F1C0168
Part of subcall function 000000013F1C014C: RtlCaptureContext.KERNEL32 ref: 000000013F1C0191
Part of subcall function 000000013F1C014C: RtlLookupFunctionEntry.KERNEL32 ref: 000000013F1C01AB
Part of subcall function 000000013F1C014C: RtlVirtualUnwind.KERNEL32 ref: 000000013F1C01EC
Part of subcall function 000000013F1C014C: IsDebuggerPresent.KERNEL32 ref: 000000013F1C0240
Part of subcall function 000000013F1C014C: SetUnhandledExceptionFilter.KERNEL32 ref: 000000013F1C0261
Part of subcall function 000000013F1C014C: UnhandledExceptionFilter.KERNEL32 ref: 000000013F1C026C

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1B7B80, Relevance: 2.6, APIs: 2, Instructions: 117

APIs

EnterCriticalSection.KERNEL32 ref: 000000013F1B7BD4

Part of subcall function 000000013F1B86B0: WideCharToMultiByte.KERNEL32 ref: 000000013F1B86EF

LeaveCriticalSection.KERNEL32 ref: 000000013F1B7CB6

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1C8268, Relevance: 1.6, APIs: 1, Instructions: 96

APIs

GetModuleHandleW.KERNEL32 ref: 000000013F1C8290

Part of subcall function 000000013F1C8420: GetModuleHandleExW.KERNEL32 ref: 000000013F1C8440
Part of subcall function 000000013F1C8420: GetProcAddress.KERNEL32 ref: 000000013F1C8456
Part of subcall function 000000013F1C8420: FreeLibrary.KERNEL32 ref: 000000013F1C847B

Part of subcall function 000000013F1C83D4: GetCurrentProcess.KERNEL32(?,?,?,000000013F1C83B8), ref: 000000013F1C83FC
Part of subcall function 000000013F1C83D4: TerminateProcess.KERNEL32(?,?,?,000000013F1C83B8), ref: 000000013F1C8407
Part of subcall function 000000013F1C83D4: ExitProcess.KERNEL32 ref: 000000013F1C8416

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1D49A4, Relevance: 1.6, APIs: 1, Instructions: 51

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000013F1D49D8

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1B86B0, Relevance: 1.5, APIs: 1, Instructions: 31

APIs

WideCharToMultiByte.KERNEL32 ref: 000000013F1B86EF

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1BEFA0, Relevance: 1.5, APIs: 1, Instructions: 27

APIs

GetCommandLineA.KERNEL32 ref: 000000013F1BEFCA

Part of subcall function 000000013F1B98A0: CharNextA.USER32 ref: 000000013F1B990E
Part of subcall function 000000013F1B98A0: CharNextA.USER32 ref: 000000013F1B991C
Part of subcall function 000000013F1B98A0: CharNextA.USER32 ref: 000000013F1B9944
Part of subcall function 000000013F1B98A0: CharNextA.USER32 ref: 000000013F1B998E
Part of subcall function 000000013F1B98A0: CharNextA.USER32 ref: 000000013F1B999C
Part of subcall function 000000013F1B98A0: CharNextA.USER32 ref: 000000013F1B99B2

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1CA7FC, Relevance: 1.3, APIs: 1, Instructions: 36LIBRARYCODE

APIs

HeapAlloc.KERNEL32 ref: 000000013F1CA851

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Non-executed Functions

Function 000000013F1C1770, Relevance: 145.5, APIs: 42, Strings: 41, Instructions: 226library

APIs

EncodePointer.KERNEL32(?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C178A

Part of subcall function 000000013F1CB500: IsProcessorFeaturePresent.KERNEL32 ref: 000000013F1CB526

GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C17BD
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C17D0
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C17EE
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C180C
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C182A
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C1848
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C1866
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C1884
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C18A2
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C18C0
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C18DE
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C18FC
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C191A
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C1938
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C1956
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C1974
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C1992
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C19B0
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C19CE
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C19EC
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C1A0A
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C1A28
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C1A46
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C1A64
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C1A82
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C1AA0
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C1ABE
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C1ADC
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C1AFA
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C1B18
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C1B36
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C1B54
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C1B72
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C1B90
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C1BAE
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C1BCC
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C1BEA
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C1C08
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C1C26
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C1C44
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013F1C10B9,?,?,?,000000013F1C0E75), ref: 000000013F1C1C62

Strings

ReleaseSRWLockExclusive, xrefs: 000000013F1C1B7F
FlsSetValue, xrefs: 000000013F1C1819
SetFileInformationByHandle, xrefs: 000000013F1C1A71
CloseThreadpoolWait, xrefs: 000000013F1C1981
FlushProcessWriteBuffers, xrefs: 000000013F1C199F
SetThreadpoolWait, xrefs: 000000013F1C1963
GetCurrentPackageId, xrefs: 000000013F1C1A17
GetSystemTimePreciseAsFileTime, xrefs: 000000013F1C1A8F
SubmitThreadpoolWork, xrefs: 000000013F1C1BD9
CompareStringEx, xrefs: 000000013F1C1C15
LCMapStringEx, xrefs: 000000013F1C1C51
TryAcquireSRWLockExclusive, xrefs: 000000013F1C1B61
AcquireSRWLockExclusive, xrefs: 000000013F1C1B43
GetTickCount64, xrefs: 000000013F1C1A35
CreateSemaphoreW, xrefs: 000000013F1C1891
CreateThreadpoolWork, xrefs: 000000013F1C1BBB
CreateEventExW, xrefs: 000000013F1C1873
WakeConditionVariable, xrefs: 000000013F1C1ACB
SleepConditionVariableCS, xrefs: 000000013F1C1B07
SleepConditionVariableSRW, xrefs: 000000013F1C1B9D
CreateSymbolicLinkW, xrefs: 000000013F1C19F9
CloseThreadpoolTimer, xrefs: 000000013F1C1927
GetLocaleInfoEx, xrefs: 000000013F1C1C33
WakeAllConditionVariable, xrefs: 000000013F1C1AE9
GetFileInformationByHandleEx, xrefs: 000000013F1C1A53
FreeLibraryWhenCallbackReturns, xrefs: 000000013F1C19BD
FlsFree, xrefs: 000000013F1C17DD
InitializeSRWLock, xrefs: 000000013F1C1B25
InitOnceExecuteOnce, xrefs: 000000013F1C1855
SetThreadpoolTimer, xrefs: 000000013F1C18EB
InitializeConditionVariable, xrefs: 000000013F1C1AAD
WaitForThreadpoolTimerCallbacks, xrefs: 000000013F1C1909
CloseThreadpoolWork, xrefs: 000000013F1C1BF7
kernel32.dll, xrefs: 000000013F1C17B6
CreateSemaphoreExW, xrefs: 000000013F1C18AF
GetCurrentProcessorNumber, xrefs: 000000013F1C19DB
FlsAlloc, xrefs: 000000013F1C17C6
InitializeCriticalSectionEx, xrefs: 000000013F1C1837
FlsGetValue, xrefs: 000000013F1C17FB
CreateThreadpoolWait, xrefs: 000000013F1C1945
CreateThreadpoolTimer, xrefs: 000000013F1C18CD

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1BA5F0, Relevance: 42.5, APIs: 18, Strings: 6, Instructions: 482stringregistry

APIs

Part of subcall function 000000013F1B93B0: CharNextA.USER32 ref: 000000013F1B93E8
Part of subcall function 000000013F1B93B0: CharNextA.USER32 ref: 000000013F1B9423
Part of subcall function 000000013F1B93B0: CharNextA.USER32 ref: 000000013F1B9439
Part of subcall function 000000013F1B93B0: CharNextA.USER32 ref: 000000013F1B944C
Part of subcall function 000000013F1B93B0: CharNextA.USER32 ref: 000000013F1B945B
Part of subcall function 000000013F1B93B0: CharNextA.USER32 ref: 000000013F1B94B5
Part of subcall function 000000013F1B93B0: CharNextA.USER32 ref: 000000013F1B94D9

lstrcmpiA.KERNEL32(?,00000000,00000000,0000000100002600,000000013F1BA2B9), ref: 000000013F1BA677
lstrcmpiA.KERNEL32 ref: 000000013F1BA68F
CharNextA.USER32 ref: 000000013F1BA6E4
lstrcmpiA.KERNEL32 ref: 000000013F1BA716

Part of subcall function 000000013F1B9D70: RegEnumKeyExA.ADVAPI32 ref: 000000013F1B9DFE
Part of subcall function 000000013F1B9D70: RegEnumKeyExA.ADVAPI32 ref: 000000013F1B9E57
Part of subcall function 000000013F1B9D70: RegCloseKey.ADVAPI32 ref: 000000013F1B9E6B
Part of subcall function 000000013F1B9D70: RegCloseKey.ADVAPI32 ref: 000000013F1B9E91

lstrcmpiA.KERNEL32 ref: 000000013F1BA786
lstrcmpiA.KERNEL32 ref: 000000013F1BA7B8

Part of subcall function 000000013F1B7EA0: CharNextA.USER32 ref: 000000013F1B7F50
Part of subcall function 000000013F1B7EA0: CharNextA.USER32 ref: 000000013F1B8033
Part of subcall function 000000013F1B7EA0: CharNextA.USER32 ref: 000000013F1B804C
Part of subcall function 000000013F1B7EA0: IsDBCSLeadByte.KERNEL32 ref: 000000013F1B805C
Part of subcall function 000000013F1B7EA0: VarUI4FromStr.OLEAUT32 ref: 000000013F1B818D
Part of subcall function 000000013F1B7EA0: RegSetValueExA.ADVAPI32 ref: 000000013F1B8359
Part of subcall function 000000013F1B7EA0: RegSetValueExA.ADVAPI32 ref: 000000013F1B83AC

Part of subcall function 000000013F1BA5F0: RegDeleteValueA.ADVAPI32 ref: 000000013F1BA87D
Part of subcall function 000000013F1BA5F0: RegCloseKey.ADVAPI32 ref: 000000013F1BA896
Part of subcall function 000000013F1BA5F0: CharNextA.USER32 ref: 000000013F1BA8C4
Part of subcall function 000000013F1BA5F0: GetModuleHandleA.KERNEL32 ref: 000000013F1BA949
Part of subcall function 000000013F1BA5F0: GetProcAddress.KERNEL32 ref: 000000013F1BA966
Part of subcall function 000000013F1BA5F0: RegCreateKeyExA.ADVAPI32 ref: 000000013F1BA9F6
Part of subcall function 000000013F1BA5F0: RegCloseKey.ADVAPI32 ref: 000000013F1BAA0F
Part of subcall function 000000013F1BA5F0: lstrcmpiA.KERNEL32 ref: 000000013F1BAC07
Part of subcall function 000000013F1BA5F0: RegCloseKey.ADVAPI32 ref: 000000013F1BAC5D
Part of subcall function 000000013F1BA5F0: RegCloseKey.ADVAPI32 ref: 000000013F1BACC5
Part of subcall function 000000013F1BA5F0: RegCloseKey.ADVAPI32 ref: 000000013F1BACDF

Part of subcall function 000000013F1B9590: GetModuleHandleA.KERNEL32 ref: 000000013F1B95CD
Part of subcall function 000000013F1B9590: GetProcAddress.KERNEL32 ref: 000000013F1B95E9
Part of subcall function 000000013F1B9590: RegOpenKeyExA.ADVAPI32 ref: 000000013F1B963F
Part of subcall function 000000013F1B9590: RegCloseKey.ADVAPI32 ref: 000000013F1B9651

Part of subcall function 000000013F1BB270: CharNextA.USER32 ref: 000000013F1BB2D0

RegCloseKey.ADVAPI32(?,00000000,00000000,0000000100002600,000000013F1BA2B9), ref: 000000013F1BAD28

Strings

Val, xrefs: 000000013F1BA7AE
Delete, xrefs: 000000013F1BA66D
NoRemove, xrefs: 000000013F1BA77C
RegCreateKeyTransactedA, xrefs: 000000013F1BA95C
ForceRemove, xrefs: 000000013F1BA685
Advapi32.dll, xrefs: 000000013F1BA942

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1DA388, Relevance: 18.8, APIs: 6, Strings: 4, Instructions: 1323

APIs

fegetenv.LIBCMT ref: 000000013F1DA3D1

Part of subcall function 000000013F1DD2B8: fegetenv.LIBCMT ref: 000000013F1DD2D0

_invalid_parameter_noinfo.LIBCMT ref: 000000013F1DAA4A
_invalid_parameter_noinfo.LIBCMT ref: 000000013F1DAC0D
_invalid_parameter_noinfo.LIBCMT ref: 000000013F1DAE1D
_invalid_parameter_noinfo.LIBCMT ref: 000000013F1DB0AC
_invalid_parameter_noinfo.LIBCMT ref: 000000013F1DB2A6

Part of subcall function 000000013F1CBAB0: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1CBAE2

Part of subcall function 000000013F1C5494: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1C54B9

Part of subcall function 000000013F1C516C: GetCurrentProcess.KERNEL32(000000013F1C52DD), ref: 000000013F1C5199

Part of subcall function 000000013F1DD26C: fegetenv.LIBCMT ref: 000000013F1DD293

Strings

1#SNAN, xrefs: 000000013F1DB601
1#QNAN, xrefs: 000000013F1DB620
1#INF, xrefs: 000000013F1DB63F
1#IND, xrefs: 000000013F1DB5E2

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1BB330, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 114registry

APIs

Part of subcall function 000000013F1B9590: GetModuleHandleA.KERNEL32 ref: 000000013F1B95CD
Part of subcall function 000000013F1B9590: GetProcAddress.KERNEL32 ref: 000000013F1B95E9
Part of subcall function 000000013F1B9590: RegOpenKeyExA.ADVAPI32 ref: 000000013F1B963F
Part of subcall function 000000013F1B9590: RegCloseKey.ADVAPI32 ref: 000000013F1B9651

RegQueryValueExA.ADVAPI32 ref: 000000013F1BB407
StartServiceCtrlDispatcherA.ADVAPI32 ref: 000000013F1BB487
GetLastError.KERNEL32 ref: 000000013F1BB491

Part of subcall function 000000013F1C7E70: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1C7E94
Part of subcall function 000000013F1C7E70: CreateThread.KERNEL32 ref: 000000013F1C7ED5
Part of subcall function 000000013F1C7E70: GetLastError.KERNEL32(?,?,?,?,?,000000013F1BB17F), ref: 000000013F1C7EE3
Part of subcall function 000000013F1C7E70: CloseHandle.KERNEL32 ref: 000000013F1C7F00
Part of subcall function 000000013F1C7E70: FreeLibrary.KERNEL32(?,?,?,?,?,000000013F1BB17F), ref: 000000013F1C7F0F

Part of subcall function 000000013F1BB040: SetServiceStatus.ADVAPI32 ref: 000000013F1BB083
Part of subcall function 000000013F1BB040: GetMessageA.USER32 ref: 000000013F1BB096
Part of subcall function 000000013F1BB040: TranslateMessage.USER32 ref: 000000013F1BB0A5
Part of subcall function 000000013F1BB040: DispatchMessageA.USER32 ref: 000000013F1BB0B0
Part of subcall function 000000013F1BB040: GetMessageA.USER32 ref: 000000013F1BB0C3

RegCloseKey.ADVAPI32 ref: 000000013F1BB4E1
RegCloseKey.ADVAPI32 ref: 000000013F1BB4F3

Strings

AppID, xrefs: 000000013F1BB35D
LocalService, xrefs: 000000013F1BB400
{23D22352-DC86-4346-B298-C56CB6A1C99F}, xrefs: 000000013F1BB3A6

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1B1490, Relevance: 10.9, APIs: 1, Strings: 5, Instructions: 424

APIs

Part of subcall function 000000013F1B5920: SetFilePointer.KERNEL32 ref: 000000013F1B5997
Part of subcall function 000000013F1B5920: SetFilePointer.KERNEL32 ref: 000000013F1B5D92
Part of subcall function 000000013F1B5920: SetFilePointer.KERNEL32 ref: 000000013F1B5E36

Part of subcall function 000000013F1B5650: SetFilePointer.KERNEL32 ref: 000000013F1B569E

SetFilePointer.KERNEL32 ref: 000000013F1B1668

Part of subcall function 000000013F1B4A40: ReadFile.KERNEL32 ref: 000000013F1B4A7C

Part of subcall function 000000013F1C4E0C: strstr.LIBVCRUNTIME ref: 000000013F1C4E43
Part of subcall function 000000013F1C4E0C: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1C4E60

Part of subcall function 000000013F1B2340: SystemTimeToFileTime.KERNEL32 ref: 000000013F1B23BB

Strings

, xrefs: 000000013F1B186C
/../, xrefs: 000000013F1B1799
\../, xrefs: 000000013F1B177F
/..\, xrefs: 000000013F1B17B3
\..\, xrefs: 000000013F1B1765

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1B7EA0, Relevance: 10.9, APIs: 7, Instructions: 367registry

APIs

Part of subcall function 000000013F1B93B0: CharNextA.USER32 ref: 000000013F1B93E8
Part of subcall function 000000013F1B93B0: CharNextA.USER32 ref: 000000013F1B9423
Part of subcall function 000000013F1B93B0: CharNextA.USER32 ref: 000000013F1B9439
Part of subcall function 000000013F1B93B0: CharNextA.USER32 ref: 000000013F1B944C
Part of subcall function 000000013F1B93B0: CharNextA.USER32 ref: 000000013F1B945B
Part of subcall function 000000013F1B93B0: CharNextA.USER32 ref: 000000013F1B94B5
Part of subcall function 000000013F1B93B0: CharNextA.USER32 ref: 000000013F1B94D9

Part of subcall function 000000013F1BC3D0: lstrcmpiA.KERNEL32 ref: 000000013F1BC427

CharNextA.USER32 ref: 000000013F1B7F50
CharNextA.USER32 ref: 000000013F1B8033
CharNextA.USER32 ref: 000000013F1B804C
IsDBCSLeadByte.KERNEL32 ref: 000000013F1B805C

Part of subcall function 000000013F1BB210: RegSetValueExA.ADVAPI32 ref: 000000013F1BB264

Part of subcall function 000000013F1B8500: MultiByteToWideChar.KERNEL32 ref: 000000013F1B8535

VarUI4FromStr.OLEAUT32 ref: 000000013F1B818D

Part of subcall function 000000013F1BB1D0: RegSetValueExA.ADVAPI32 ref: 000000013F1BB1F7

RegSetValueExA.ADVAPI32 ref: 000000013F1B8359
RegSetValueExA.ADVAPI32 ref: 000000013F1B83AC

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1C014C, Relevance: 10.6, APIs: 7, Instructions: 70

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 000000013F1C0168
RtlCaptureContext.KERNEL32 ref: 000000013F1C0191
RtlLookupFunctionEntry.KERNEL32 ref: 000000013F1C01AB
RtlVirtualUnwind.KERNEL32 ref: 000000013F1C01EC
IsDebuggerPresent.KERNEL32 ref: 000000013F1C0240
SetUnhandledExceptionFilter.KERNEL32 ref: 000000013F1C0261
UnhandledExceptionFilter.KERNEL32 ref: 000000013F1C026C

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1D6B68, Relevance: 9.2, APIs: 6, Instructions: 208LIBRARYCODE

APIs

Part of subcall function 000000013F1CF5EC: GetLastError.KERNEL32(?,?,?,000000013F1CAA8D,?,?,?,?,000000013F1C096E), ref: 000000013F1CF5F6
Part of subcall function 000000013F1CF5EC: SetLastError.KERNEL32(?,?,?,000000013F1CAA8D,?,?,?,?,000000013F1C096E), ref: 000000013F1CF65E
Part of subcall function 000000013F1CF5EC: SetLastError.KERNEL32(?,?,?,000000013F1CAA8D,?,?,?,?,000000013F1C096E), ref: 000000013F1CF674

TranslateName.LIBCMT ref: 000000013F1D6BD2
TranslateName.LIBCMT ref: 000000013F1D6C0D

Part of subcall function 000000013F1D69B0: GetACP.KERNEL32(?,?,000000A0,000000013F1D6C4E,?,?,?,00000000,?,000000013F1C9BE4), ref: 000000013F1D6A4E

IsValidCodePage.KERNEL32(?,?,?,00000000,?,000000013F1C9BE4), ref: 000000013F1D6C6A

Part of subcall function 000000013F1D47D8: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1D4803

Part of subcall function 000000013F1CFD04: GetLocaleInfoW.KERNEL32(?,?,00000000,000000013F1C9C6B), ref: 000000013F1CFD7B

wcschr.LIBVCRUNTIME ref: 000000013F1D6CFD
wcschr.LIBVCRUNTIME ref: 000000013F1D6D0D

Part of subcall function 000000013F1C516C: GetCurrentProcess.KERNEL32(000000013F1C52DD), ref: 000000013F1C5199

GetLocaleInfoW.KERNEL32 ref: 000000013F1D6DF5

Part of subcall function 000000013F1D92C0: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1D92E7
Part of subcall function 000000013F1D92C0: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1D9385

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1D7554, Relevance: 9.2, APIs: 6, Instructions: 174LIBRARYCODE

APIs

Part of subcall function 000000013F1CF5EC: GetLastError.KERNEL32(?,?,?,000000013F1CAA8D,?,?,?,?,000000013F1C096E), ref: 000000013F1CF5F6
Part of subcall function 000000013F1CF5EC: SetLastError.KERNEL32(?,?,?,000000013F1CAA8D,?,?,?,?,000000013F1C096E), ref: 000000013F1CF65E
Part of subcall function 000000013F1CF5EC: SetLastError.KERNEL32(?,?,?,000000013F1CAA8D,?,?,?,?,000000013F1C096E), ref: 000000013F1CF674

Part of subcall function 000000013F1D6F44: EnumSystemLocalesW.KERNEL32(?,?,?,000000013F1D7613,?,00000000,?,00000000,00000001,00000000,?,000000013F1C9BDD), ref: 000000013F1D6FC4

Part of subcall function 000000013F1D6E74: EnumSystemLocalesW.KERNEL32(?,?,?,000000013F1D7657,?,00000000,?,00000000,00000001,00000000,?,000000013F1C9BDD), ref: 000000013F1D6F12

EnumSystemLocalesW.KERNEL32(?,00000000,?,00000000,00000001,00000000,?,000000013F1C9BDD), ref: 000000013F1D76AB
GetUserDefaultLCID.KERNEL32(?,00000000,?,00000000), ref: 000000013F1D76C4

Part of subcall function 000000013F1D736C: GetLocaleInfoW.KERNEL32(?,?,?,?,?,?,?,000000013F1D76F3), ref: 000000013F1D73C1
Part of subcall function 000000013F1D736C: GetLocaleInfoW.KERNEL32(?,?,?,?,?,?,?,000000013F1D76F3), ref: 000000013F1D73EE
Part of subcall function 000000013F1D736C: GetACP.KERNEL32(?,?,?,?,?,?,?,000000013F1D76F3), ref: 000000013F1D7404

IsValidCodePage.KERNEL32 ref: 000000013F1D770F
IsValidLocale.KERNEL32 ref: 000000013F1D7725
GetLocaleInfoW.KERNEL32 ref: 000000013F1D7781
GetLocaleInfoW.KERNEL32 ref: 000000013F1D779D

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1C4F10, Relevance: 9.1, APIs: 6, Instructions: 83LIBRARYCODE

APIs

RtlCaptureContext.KERNEL32 ref: 000000013F1C4F89
RtlLookupFunctionEntry.KERNEL32 ref: 000000013F1C4FA1
RtlVirtualUnwind.KERNEL32 ref: 000000013F1C4FDC
IsDebuggerPresent.KERNEL32 ref: 000000013F1C5015
SetUnhandledExceptionFilter.KERNEL32 ref: 000000013F1C501F
UnhandledExceptionFilter.KERNEL32 ref: 000000013F1C502A

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1D736C, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50LIBRARYCODE

APIs

GetLocaleInfoW.KERNEL32(?,?,?,?,?,?,?,000000013F1D76F3), ref: 000000013F1D73C1
GetLocaleInfoW.KERNEL32(?,?,?,?,?,?,?,000000013F1D76F3), ref: 000000013F1D73EE
GetACP.KERNEL32(?,?,?,?,?,?,?,000000013F1D76F3), ref: 000000013F1D7404

Strings

OCP, xrefs: 000000013F1D739D
ACP, xrefs: 000000013F1D738D

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1CB0BC, Relevance: 6.2, APIs: 4, Instructions: 191LIBRARYCODE

APIs

_Wcsftime.LIBCMT ref: 000000013F1CB10C

Part of subcall function 000000013F1D835C: _mbstowcs_s_l.LIBCMT ref: 000000013F1D8370

_Wcsftime.LIBCMT ref: 000000013F1CB145

Part of subcall function 000000013F1C9E9C: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1C9EC7

Part of subcall function 000000013F1C516C: GetCurrentProcess.KERNEL32(000000013F1C52DD), ref: 000000013F1C5199

Part of subcall function 000000013F1CF5EC: GetLastError.KERNEL32(?,?,?,000000013F1CAA8D,?,?,?,?,000000013F1C096E), ref: 000000013F1CF5F6
Part of subcall function 000000013F1CF5EC: SetLastError.KERNEL32(?,?,?,000000013F1CAA8D,?,?,?,?,000000013F1C096E), ref: 000000013F1CF65E
Part of subcall function 000000013F1CF5EC: SetLastError.KERNEL32(?,?,?,000000013F1CAA8D,?,?,?,?,000000013F1C096E), ref: 000000013F1CF674

_wcstombs_s_l.LIBCMT ref: 000000013F1CB21A

Part of subcall function 000000013F1D86B0: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1D873B

Part of subcall function 000000013F1CB4A0: HeapAlloc.KERNEL32 ref: 000000013F1CB4DE

_wcstombs_s_l.LIBCMT ref: 000000013F1CB26C

Part of subcall function 000000013F1CB460: HeapFree.KERNEL32 ref: 000000013F1CB476
Part of subcall function 000000013F1CB460: GetLastError.KERNEL32 ref: 000000013F1CB488

Part of subcall function 000000013F1CA7FC: HeapAlloc.KERNEL32 ref: 000000013F1CA851

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1C5370, Relevance: 6.1, APIs: 4, Instructions: 81

APIs

VirtualQuery.KERNEL32 ref: 000000013F1C53C1
GetSystemInfo.KERNEL32 ref: 000000013F1C53D8
VirtualAlloc.KERNEL32 ref: 000000013F1C543C
VirtualProtect.KERNEL32 ref: 000000013F1C5456

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1D31C8, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000013F1D31F8

Part of subcall function 000000013F1D9688: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1D96B3

Part of subcall function 000000013F1CB460: HeapFree.KERNEL32 ref: 000000013F1CB476
Part of subcall function 000000013F1CB460: GetLastError.KERNEL32 ref: 000000013F1CB488

Part of subcall function 000000013F1C516C: GetCurrentProcess.KERNEL32(000000013F1C52DD), ref: 000000013F1C5199

Part of subcall function 000000013F1D33D4: FindFirstFileExA.KERNEL32 ref: 000000013F1D35B4

Strings

*?, xrefs: 000000013F1D321F
., xrefs: 000000013F1D3618

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1B5920, Relevance: 5.0, APIs: 3, Instructions: 450

APIs

SetFilePointer.KERNEL32 ref: 000000013F1B5997

Part of subcall function 000000013F1B60A0: ReadFile.KERNEL32 ref: 000000013F1B60DC

SetFilePointer.KERNEL32 ref: 000000013F1B5D92
SetFilePointer.KERNEL32 ref: 000000013F1B5E36

Part of subcall function 000000013F1B4A40: ReadFile.KERNEL32 ref: 000000013F1B4A7C

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1D6FDC, Relevance: 4.7, APIs: 3, Instructions: 165

APIs

Part of subcall function 000000013F1CF5EC: GetLastError.KERNEL32(?,?,?,000000013F1CAA8D,?,?,?,?,000000013F1C096E), ref: 000000013F1CF5F6
Part of subcall function 000000013F1CF5EC: SetLastError.KERNEL32(?,?,?,000000013F1CAA8D,?,?,?,?,000000013F1C096E), ref: 000000013F1CF65E
Part of subcall function 000000013F1CF5EC: SetLastError.KERNEL32(?,?,?,000000013F1CAA8D,?,?,?,?,000000013F1C096E), ref: 000000013F1CF674

GetLocaleInfoW.KERNEL32 ref: 000000013F1D7049

Part of subcall function 000000013F1D92C0: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1D92E7
Part of subcall function 000000013F1D92C0: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1D9385

GetLocaleInfoW.KERNEL32 ref: 000000013F1D709B

Part of subcall function 000000013F1DBDA4: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1DBDD0
Part of subcall function 000000013F1DBDA4: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1DBE81

GetLocaleInfoW.KERNEL32 ref: 000000013F1D7160

Part of subcall function 000000013F1D741C: GetLocaleInfoW.KERNEL32(?,?,?,000000013F1D71DC), ref: 000000013F1D7453

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1BF114, Relevance: 4.5, APIs: 3, Instructions: 13LIBRARYCODE

APIs

SetUnhandledExceptionFilter.KERNEL32 ref: 000000013F1BF11F
UnhandledExceptionFilter.KERNEL32 ref: 000000013F1BF128
GetCurrentProcess.KERNEL32(?,?,?,000000013F1BF2C6,?,?,?,?,000000013F1BF22A,?,?,?,?,000000013F1B148A), ref: 000000013F1BF12E

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1D33D4, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97

APIs

Part of subcall function 000000013F1CA7FC: HeapAlloc.KERNEL32 ref: 000000013F1CA851

Part of subcall function 000000013F1D9688: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1D96B3

Part of subcall function 000000013F1C516C: GetCurrentProcess.KERNEL32(000000013F1C52DD), ref: 000000013F1C5199

FindFirstFileExA.KERNEL32 ref: 000000013F1D35B4

Strings

., xrefs: 000000013F1D3618

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1CFD04, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42LIBRARYCODE

APIs

Part of subcall function 000000013F1CF900: LoadLibraryExW.KERNELBASE ref: 000000013F1CF99C
Part of subcall function 000000013F1CF900: GetLastError.KERNEL32 ref: 000000013F1CF9AA
Part of subcall function 000000013F1CF900: LoadLibraryExW.KERNEL32 ref: 000000013F1CF9BD
Part of subcall function 000000013F1CF900: FreeLibrary.KERNEL32 ref: 000000013F1CF9F6
Part of subcall function 000000013F1CF900: GetProcAddress.KERNEL32 ref: 000000013F1CFA22

GetLocaleInfoW.KERNEL32(?,?,00000000,000000013F1C9C6B), ref: 000000013F1CFD7B

Strings

GetLocaleInfoEx, xrefs: 000000013F1CFD36

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1D8B6C, Relevance: 3.2, APIs: 2, Instructions: 227LIBRARYCODE

APIs

_clrfp.LIBCMT ref: 000000013F1D8DB9
RaiseException.KERNEL32 ref: 000000013F1D8DCA

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1B3284, Relevance: 2.9, Strings: 2, Instructions: 409

Strings

too many length or distance symbols, xrefs: 000000013F1B3766
invalid bit length repeat, xrefs: 000000013F1B3833

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1CAAE8, Relevance: 1.8, APIs: 1, Instructions: 339

APIs

Part of subcall function 000000013F1CA7FC: HeapAlloc.KERNEL32 ref: 000000013F1CA851

Part of subcall function 000000013F1CB460: HeapFree.KERNEL32 ref: 000000013F1CB476
Part of subcall function 000000013F1CB460: GetLastError.KERNEL32 ref: 000000013F1CB488

GetCPInfo.KERNEL32 ref: 000000013F1CAC32

Part of subcall function 000000013F1D5D3C: MultiByteToWideChar.KERNEL32 ref: 000000013F1D5DAF
Part of subcall function 000000013F1D5D3C: MultiByteToWideChar.KERNEL32 ref: 000000013F1D5E78
Part of subcall function 000000013F1D5D3C: GetStringTypeW.KERNEL32 ref: 000000013F1D5E92

Part of subcall function 000000013F1D7A94: GetLastError.KERNEL32 ref: 000000013F1D7B39

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1C9A38, Relevance: 1.8, APIs: 1, Instructions: 287LIBRARYCODE

APIs

Part of subcall function 000000013F1CF5EC: GetLastError.KERNEL32(?,?,?,000000013F1CAA8D,?,?,?,?,000000013F1C096E), ref: 000000013F1CF5F6
Part of subcall function 000000013F1CF5EC: SetLastError.KERNEL32(?,?,?,000000013F1CAA8D,?,?,?,?,000000013F1C096E), ref: 000000013F1CF65E
Part of subcall function 000000013F1CF5EC: SetLastError.KERNEL32(?,?,?,000000013F1CAA8D,?,?,?,?,000000013F1C096E), ref: 000000013F1CF674

Part of subcall function 000000013F1D47D8: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1D4803

Part of subcall function 000000013F1D6B68: TranslateName.LIBCMT ref: 000000013F1D6BD2
Part of subcall function 000000013F1D6B68: TranslateName.LIBCMT ref: 000000013F1D6C0D
Part of subcall function 000000013F1D6B68: IsValidCodePage.KERNEL32(?,?,?,00000000,?,000000013F1C9BE4), ref: 000000013F1D6C6A
Part of subcall function 000000013F1D6B68: wcschr.LIBVCRUNTIME ref: 000000013F1D6CFD
Part of subcall function 000000013F1D6B68: wcschr.LIBVCRUNTIME ref: 000000013F1D6D0D
Part of subcall function 000000013F1D6B68: GetLocaleInfoW.KERNEL32 ref: 000000013F1D6DF5

Part of subcall function 000000013F1D7554: EnumSystemLocalesW.KERNEL32(?,00000000,?,00000000,00000001,00000000,?,000000013F1C9BDD), ref: 000000013F1D76AB
Part of subcall function 000000013F1D7554: GetUserDefaultLCID.KERNEL32(?,00000000,?,00000000), ref: 000000013F1D76C4
Part of subcall function 000000013F1D7554: IsValidCodePage.KERNEL32 ref: 000000013F1D770F
Part of subcall function 000000013F1D7554: IsValidLocale.KERNEL32 ref: 000000013F1D7725
Part of subcall function 000000013F1D7554: GetLocaleInfoW.KERNEL32 ref: 000000013F1D7781
Part of subcall function 000000013F1D7554: GetLocaleInfoW.KERNEL32 ref: 000000013F1D779D

Part of subcall function 000000013F1CFEE0: IsValidLocale.KERNEL32(?,?,00000000,000000013F1C9C4B), ref: 000000013F1CFF35

Part of subcall function 000000013F1CFD04: GetLocaleInfoW.KERNEL32(?,?,00000000,000000013F1C9C6B), ref: 000000013F1CFD7B

GetACP.KERNEL32 ref: 000000013F1C9C77

Part of subcall function 000000013F1CE0A8: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1CE0CE

Part of subcall function 000000013F1C516C: GetCurrentProcess.KERNEL32(000000013F1C52DD), ref: 000000013F1C5199

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1D7220, Relevance: 1.6, APIs: 1, Instructions: 69

APIs

Part of subcall function 000000013F1CF5EC: GetLastError.KERNEL32(?,?,?,000000013F1CAA8D,?,?,?,?,000000013F1C096E), ref: 000000013F1CF5F6
Part of subcall function 000000013F1CF5EC: SetLastError.KERNEL32(?,?,?,000000013F1CAA8D,?,?,?,?,000000013F1C096E), ref: 000000013F1CF65E
Part of subcall function 000000013F1CF5EC: SetLastError.KERNEL32(?,?,?,000000013F1CAA8D,?,?,?,?,000000013F1C096E), ref: 000000013F1CF674

GetLocaleInfoW.KERNEL32 ref: 000000013F1D7289

Part of subcall function 000000013F1D92C0: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1D92E7
Part of subcall function 000000013F1D92C0: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1D9385

Part of subcall function 000000013F1D741C: GetLocaleInfoW.KERNEL32(?,?,?,000000013F1D71DC), ref: 000000013F1D7453

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1D6E74, Relevance: 1.6, APIs: 1, Instructions: 61LIBRARYCODE

APIs

Part of subcall function 000000013F1CF5EC: GetLastError.KERNEL32(?,?,?,000000013F1CAA8D,?,?,?,?,000000013F1C096E), ref: 000000013F1CF5F6
Part of subcall function 000000013F1CF5EC: SetLastError.KERNEL32(?,?,?,000000013F1CAA8D,?,?,?,?,000000013F1C096E), ref: 000000013F1CF65E
Part of subcall function 000000013F1CF5EC: SetLastError.KERNEL32(?,?,?,000000013F1CAA8D,?,?,?,?,000000013F1C096E), ref: 000000013F1CF674

EnumSystemLocalesW.KERNEL32(?,?,?,000000013F1D7657,?,00000000,?,00000000,00000001,00000000,?,000000013F1C9BDD), ref: 000000013F1D6F12

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1D741C, Relevance: 1.6, APIs: 1, Instructions: 50

APIs

Part of subcall function 000000013F1CF5EC: GetLastError.KERNEL32(?,?,?,000000013F1CAA8D,?,?,?,?,000000013F1C096E), ref: 000000013F1CF5F6
Part of subcall function 000000013F1CF5EC: SetLastError.KERNEL32(?,?,?,000000013F1CAA8D,?,?,?,?,000000013F1C096E), ref: 000000013F1CF65E
Part of subcall function 000000013F1CF5EC: SetLastError.KERNEL32(?,?,?,000000013F1CAA8D,?,?,?,?,000000013F1C096E), ref: 000000013F1CF674

GetLocaleInfoW.KERNEL32(?,?,?,000000013F1D71DC), ref: 000000013F1D7453

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1D6F44, Relevance: 1.5, APIs: 1, Instructions: 42LIBRARYCODE

APIs

Part of subcall function 000000013F1CF5EC: GetLastError.KERNEL32(?,?,?,000000013F1CAA8D,?,?,?,?,000000013F1C096E), ref: 000000013F1CF5F6
Part of subcall function 000000013F1CF5EC: SetLastError.KERNEL32(?,?,?,000000013F1CAA8D,?,?,?,?,000000013F1C096E), ref: 000000013F1CF65E
Part of subcall function 000000013F1CF5EC: SetLastError.KERNEL32(?,?,?,000000013F1CAA8D,?,?,?,?,000000013F1C096E), ref: 000000013F1CF674

EnumSystemLocalesW.KERNEL32(?,?,?,000000013F1D7613,?,00000000,?,00000000,00000001,00000000,?,000000013F1C9BDD), ref: 000000013F1D6FC4

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1CF868, Relevance: 1.5, APIs: 1, Instructions: 42LIBRARYCODE

APIs

EnumSystemLocalesW.KERNEL32(?,?,00000000,000000013F1CFB7D,?,?,?,?,?,?,00000000,000000013F1D6446), ref: 000000013F1CF8BC

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1B6360, Relevance: 1.5, APIs: 1, Instructions: 35com

APIs

CoCreateInstance.OLE32 ref: 000000013F1B63A7

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1C715C, Relevance: 1.4, Strings: 1, Instructions: 199

Strings

0, xrefs: 000000013F1C72F6

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1C8CA8, Relevance: 1.4, Strings: 1, Instructions: 139

Strings

@, xrefs: 000000013F1C8CE4

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1D7A94, Relevance: 1.4, APIs: 1, Instructions: 137

APIs

GetLastError.KERNEL32 ref: 000000013F1D7B39

Part of subcall function 000000013F1D9688: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1D96B3

Part of subcall function 000000013F1CB460: HeapFree.KERNEL32 ref: 000000013F1CB476
Part of subcall function 000000013F1CB460: GetLastError.KERNEL32 ref: 000000013F1CB488

Part of subcall function 000000013F1CFD04: GetLocaleInfoW.KERNEL32(?,?,00000000,000000013F1C9C6B), ref: 000000013F1CFD7B

Part of subcall function 000000013F1C516C: GetCurrentProcess.KERNEL32(000000013F1C52DD), ref: 000000013F1C5199

Part of subcall function 000000013F1CA7FC: HeapAlloc.KERNEL32 ref: 000000013F1CA851

Part of subcall function 000000013F1D78F4: WideCharToMultiByte.KERNEL32 ref: 000000013F1D7A36

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1C9754, Relevance: 1.4, Strings: 1, Instructions: 128LIBRARYCODE

Strings

_.,, xrefs: 000000013F1C97C9

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1CBB89, Relevance: .5, Instructions: 537

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1CB5E0, Relevance: .3, Instructions: 340

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1D4ED4, Relevance: .3, Instructions: 338

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1D6510, Relevance: .3, Instructions: 329

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1DC274, Relevance: .2, Instructions: 194LIBRARYCODE

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1B4AE0, Relevance: .1, Instructions: 95

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1C0324, Relevance: .0, Instructions: 2

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1B88C0, Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 164process

APIs

CreateProcessA.KERNEL32 ref: 000000013F1B89A7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B89D1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B89E0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B89EF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B89FB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B8A37
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B8A46
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B8A55
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B8A61
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B8A9D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B8AAC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B8ABB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B8AC7
CloseHandle.KERNEL32 ref: 000000013F1B8ADF
CloseHandle.KERNEL32 ref: 000000013F1B8AEA

Part of subcall function 000000013F1B72E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B7349
Part of subcall function 000000013F1B72E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B734F
Part of subcall function 000000013F1B72E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B7355
Part of subcall function 000000013F1B72E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B735B

Strings

h, xrefs: 000000013F1B8909
,dll, xrefs: 000000013F1B8959
rundll32 , xrefs: 000000013F1B8937

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1B9A00, Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 232

APIs

CoTaskMemAlloc.OLE32 ref: 000000013F1B9A8D
CharNextA.USER32 ref: 000000013F1B9C95

Part of subcall function 000000013F1C4E0C: strstr.LIBVCRUNTIME ref: 000000013F1C4E43
Part of subcall function 000000013F1C4E0C: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1C4E60

CharNextA.USER32 ref: 000000013F1B9AFA
CharNextA.USER32 ref: 000000013F1B9B06
CharNextA.USER32 ref: 000000013F1B9B12
CharNextA.USER32 ref: 000000013F1B9B1E
CharNextA.USER32 ref: 000000013F1B9B59
CharNextA.USER32 ref: 000000013F1B9B6C
CharNextA.USER32 ref: 000000013F1B9B7B
CharNextA.USER32 ref: 000000013F1B9BE8

Part of subcall function 000000013F1BB530: CharNextA.USER32 ref: 000000013F1BB55C

Part of subcall function 000000013F1BB590: EnterCriticalSection.KERNEL32 ref: 000000013F1BB5B2
Part of subcall function 000000013F1BB590: lstrcmpiA.KERNEL32 ref: 000000013F1BB5CE
Part of subcall function 000000013F1BB590: LeaveCriticalSection.KERNEL32 ref: 000000013F1BB5E7
Part of subcall function 000000013F1BB590: RaiseException.KERNEL32 ref: 000000013F1BB633
Part of subcall function 000000013F1BB590: OpenSCManagerA.ADVAPI32 ref: 000000013F1BB68C
Part of subcall function 000000013F1BB590: LoadStringA.USER32 ref: 000000013F1BB6CD
Part of subcall function 000000013F1BB590: MessageBoxA.USER32 ref: 000000013F1BB73A
Part of subcall function 000000013F1BB590: OpenServiceA.ADVAPI32 ref: 000000013F1BB75F
Part of subcall function 000000013F1BB590: CloseServiceHandle.ADVAPI32 ref: 000000013F1BB774
Part of subcall function 000000013F1BB590: LoadStringA.USER32 ref: 000000013F1BB7A9
Part of subcall function 000000013F1BB590: ControlService.ADVAPI32 ref: 000000013F1BB821
Part of subcall function 000000013F1BB590: GetLastError.KERNEL32 ref: 000000013F1BB82F
Part of subcall function 000000013F1BB590: MessageBoxA.USER32 ref: 000000013F1BB8AE
Part of subcall function 000000013F1BB590: DeleteService.ADVAPI32 ref: 000000013F1BB8B7
Part of subcall function 000000013F1BB590: CloseServiceHandle.ADVAPI32 ref: 000000013F1BB8C2
Part of subcall function 000000013F1BB590: CloseServiceHandle.ADVAPI32 ref: 000000013F1BB8CB
Part of subcall function 000000013F1BB590: MessageBoxA.USER32 ref: 000000013F1BB946
Part of subcall function 000000013F1BB590: RegDeleteValueA.ADVAPI32 ref: 000000013F1BBAAF
Part of subcall function 000000013F1BB590: RegCloseKey.ADVAPI32 ref: 000000013F1BBAFD
Part of subcall function 000000013F1BB590: RegCloseKey.ADVAPI32 ref: 000000013F1BBB10

CharNextA.USER32 ref: 000000013F1B9CA5

Part of subcall function 000000013F1B8430: CoTaskMemRealloc.OLE32(?,?,?,000000013F1B7E47), ref: 000000013F1B8485

CharNextA.USER32 ref: 000000013F1B9CC4
CoTaskMemFree.OLE32 ref: 000000013F1B9D26

Strings

HKCR, xrefs: 000000013F1B9ADE
}}, xrefs: 000000013F1B9BBD
HKCU{Software{Classes, xrefs: 000000013F1B9B27

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1C2DE0, Relevance: 24.8, APIs: 11, Strings: 3, Instructions: 332LIBRARYCODE

APIs

_GetEstablisherFrame.LIBVCRUNTIME ref: 000000013F1C2E3C

Part of subcall function 000000013F1C1F28: RtlLookupFunctionEntry.KERNEL32 ref: 000000013F1C1F8A

__GetUnwindTryBlock.LIBVCRUNTIME ref: 000000013F1C2E4A

Part of subcall function 000000013F1C4AF8: _GetEstablisherFrame.LIBVCRUNTIME ref: 000000013F1C4B06

__SetUnwindTryBlock.LIBVCRUNTIME ref: 000000013F1C2E71

Part of subcall function 000000013F1C4B30: _GetEstablisherFrame.LIBVCRUNTIME ref: 000000013F1C4B45

__GetUnwindTryBlock.LIBVCRUNTIME ref: 000000013F1C2E7B
IsInExceptionSpec.LIBVCRUNTIME ref: 000000013F1C2F4C
_GetRangeOfTrysToCheck.LIBVCRUNTIME ref: 000000013F1C3017
__TypeMatch.LIBVCRUNTIME ref: 000000013F1C30A8

Part of subcall function 000000013F1C2C94: _GetEstablisherFrame.LIBVCRUNTIME ref: 000000013F1C2CCC
Part of subcall function 000000013F1C2C94: _UnwindNestedFrames.LIBVCRUNTIME ref: 000000013F1C2D37

_ExecutionInCatch.LIBVCRUNTIME ref: 000000013F1C317B
IsInExceptionSpec.LIBVCRUNTIME ref: 000000013F1C31AB

Part of subcall function 000000013F1C351C: __TypeMatch.LIBVCRUNTIME ref: 000000013F1C35AA

_GetEstablisherFrame.LIBVCRUNTIME ref: 000000013F1C31C1
_UnwindNestedFrames.LIBVCRUNTIME ref: 000000013F1C31EE

Part of subcall function 000000013F1C23C0: RtlUnwindEx.KERNEL32 ref: 000000013F1C24C3

Part of subcall function 000000013F1C32B0: EncodePointer.KERNEL32(?,000000013F1C2551,?,?,?,?,?,?,?,000000013F1BFAB0), ref: 000000013F1C32FF
Part of subcall function 000000013F1C32B0: _GetRangeOfTrysToCheck.LIBVCRUNTIME ref: 000000013F1C338D

Part of subcall function 000000013F1C4118: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000013F1C0917), ref: 000000013F1C4195
Part of subcall function 000000013F1C4118: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000013F1C0917), ref: 000000013F1C41D4

Strings

csm, xrefs: 000000013F1C2E94
csm, xrefs: 000000013F1C2F00
csm, xrefs: 000000013F1C2FC2

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1D879C, Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 197LIBRARYCODE

APIs

Part of subcall function 000000013F1DC068: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1DC086
Part of subcall function 000000013F1DC068: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1DC109

_invalid_parameter_noinfo.LIBCMT ref: 000000013F1D8A24

Strings

w, xrefs: 000000013F1D87E0
, xrefs: 000000013F1D87D1
a, xrefs: 000000013F1D87D6
UTF-16LEUNICODE, xrefs: 000000013F1D89CC
r, xrefs: 000000013F1D87DB
, xrefs: 000000013F1D8A0F
, xrefs: 000000013F1D894F
, xrefs: 000000013F1D8991
=, xrefs: 000000013F1D8996
ccs, xrefs: 000000013F1D8971
, xrefs: 000000013F1D899E
UTF-8, xrefs: 000000013F1D89A9

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1BBB30, Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 206

APIs

Part of subcall function 000000013F1B1C90: new.LIBCMT ref: 000000013F1B1CCE
Part of subcall function 000000013F1B1C90: new.LIBCMT ref: 000000013F1B1D5D

GetWindowsDirectoryA.KERNEL32 ref: 000000013F1BBC36
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BBCCD
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BBCDC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BBCEB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BBCF7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BBE07
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BBE16
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BBE25
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BBE31

Part of subcall function 000000013F1B72E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B7349
Part of subcall function 000000013F1B72E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B734F
Part of subcall function 000000013F1B72E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B7355
Part of subcall function 000000013F1B72E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B735B

Strings

P0p159753, xrefs: 000000013F1BBB8F
\pagefile.sys, xrefs: 000000013F1BBC8E

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1BF740, Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 81library

APIs

Part of subcall function 000000013F1C476C: try_get_function.LIBVCRUNTIME ref: 000000013F1C47A2
Part of subcall function 000000013F1C476C: InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,?,000000013F1C4D08,?,?,00000001,000000013F1C43FF,?,?,?,?,000000013F1BF4FB), ref: 000000013F1C47C8

GetModuleHandleW.KERNEL32 ref: 000000013F1BF76A
GetProcAddress.KERNEL32 ref: 000000013F1BF786
GetProcAddress.KERNEL32 ref: 000000013F1BF799
GetProcAddress.KERNEL32 ref: 000000013F1BF7AC
CreateEventW.KERNEL32 ref: 000000013F1BF834

Part of subcall function 000000013F1C014C: IsProcessorFeaturePresent.KERNEL32 ref: 000000013F1C0168
Part of subcall function 000000013F1C014C: RtlCaptureContext.KERNEL32 ref: 000000013F1C0191
Part of subcall function 000000013F1C014C: RtlLookupFunctionEntry.KERNEL32 ref: 000000013F1C01AB
Part of subcall function 000000013F1C014C: RtlVirtualUnwind.KERNEL32 ref: 000000013F1C01EC
Part of subcall function 000000013F1C014C: IsDebuggerPresent.KERNEL32 ref: 000000013F1C0240
Part of subcall function 000000013F1C014C: SetUnhandledExceptionFilter.KERNEL32 ref: 000000013F1C0261
Part of subcall function 000000013F1C014C: UnhandledExceptionFilter.KERNEL32 ref: 000000013F1C026C

DeleteCriticalSection.KERNEL32 ref: 000000013F1BF86B
CloseHandle.KERNEL32 ref: 000000013F1BF87D

Strings

WakeAllConditionVariable, xrefs: 000000013F1BF79F
kernel32.dll, xrefs: 000000013F1BF763
SleepConditionVariableCS, xrefs: 000000013F1BF78C
InitializeConditionVariable, xrefs: 000000013F1BF77C

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1B9170, Relevance: 16.6, APIs: 11, Instructions: 145sleep

APIs

Sleep.KERNEL32 ref: 000000013F1B91E1
FindResourceA.KERNEL32 ref: 000000013F1B9200
LoadResource.KERNEL32 ref: 000000013F1B921C
LockResource.KERNEL32 ref: 000000013F1B922E
SizeofResource.KERNEL32 ref: 000000013F1B9241

Part of subcall function 000000013F1B8BE0: GetTempPathA.KERNEL32 ref: 000000013F1B8C41
Part of subcall function 000000013F1B8BE0: GetTempFileNameA.KERNEL32 ref: 000000013F1B8CA0

Part of subcall function 000000013F1BBB30: GetWindowsDirectoryA.KERNEL32 ref: 000000013F1BBC36
Part of subcall function 000000013F1BBB30: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BBCCD
Part of subcall function 000000013F1BBB30: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BBCDC
Part of subcall function 000000013F1BBB30: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BBCEB
Part of subcall function 000000013F1BBB30: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BBCF7
Part of subcall function 000000013F1BBB30: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BBE07
Part of subcall function 000000013F1BBB30: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BBE16
Part of subcall function 000000013F1BBB30: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BBE25
Part of subcall function 000000013F1BBB30: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BBE31

Part of subcall function 000000013F1B88C0: CreateProcessA.KERNEL32 ref: 000000013F1B89A7
Part of subcall function 000000013F1B88C0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B89D1
Part of subcall function 000000013F1B88C0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B89E0
Part of subcall function 000000013F1B88C0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B89EF
Part of subcall function 000000013F1B88C0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B89FB
Part of subcall function 000000013F1B88C0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B8A37
Part of subcall function 000000013F1B88C0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B8A46
Part of subcall function 000000013F1B88C0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B8A55
Part of subcall function 000000013F1B88C0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B8A61
Part of subcall function 000000013F1B88C0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B8A9D
Part of subcall function 000000013F1B88C0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B8AAC
Part of subcall function 000000013F1B88C0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B8ABB
Part of subcall function 000000013F1B88C0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B8AC7
Part of subcall function 000000013F1B88C0: CloseHandle.KERNEL32 ref: 000000013F1B8ADF
Part of subcall function 000000013F1B88C0: CloseHandle.KERNEL32 ref: 000000013F1B8AEA

DeleteFileA.KERNEL32 ref: 000000013F1B931B
Sleep.KERNEL32 ref: 000000013F1B9383
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B938E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B9394
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B939A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B93A0

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1D2E14, Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 117

APIs

Part of subcall function 000000013F1C5494: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1C54B9

Part of subcall function 000000013F1C516C: GetCurrentProcess.KERNEL32(000000013F1C52DD), ref: 000000013F1C5199

Part of subcall function 000000013F1DA388: fegetenv.LIBCMT ref: 000000013F1DA3D1
Part of subcall function 000000013F1DA388: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1DAA4A
Part of subcall function 000000013F1DA388: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1DAC0D
Part of subcall function 000000013F1DA388: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1DAE1D
Part of subcall function 000000013F1DA388: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1DB0AC
Part of subcall function 000000013F1DA388: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1DB2A6

Part of subcall function 000000013F1DA2C8: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1DA2E1

Part of subcall function 000000013F1D2588: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1D25EC
Part of subcall function 000000013F1D2588: strrchr.LIBVCRUNTIME ref: 000000013F1D2657

_invalid_parameter_noinfo.LIBCMT ref: 000000013F1D2F91

Strings

NAN, xrefs: 000000013F1D2E75
nan(snan), xrefs: 000000013F1D2EB4
inf, xrefs: 000000013F1D2E9A
nan, xrefs: 000000013F1D2E7C
NAN(IND), xrefs: 000000013F1D2EBF
INF, xrefs: 000000013F1D2E87
NAN(SNAN), xrefs: 000000013F1D2EA9
nan(ind), xrefs: 000000013F1D2ECA

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1B9690, Relevance: 15.1, APIs: 6, Strings: 4, Instructions: 142

APIs

CharNextA.USER32 ref: 000000013F1B96EE
CharNextA.USER32 ref: 000000013F1B96FC
CharNextA.USER32 ref: 000000013F1B9724

Part of subcall function 000000013F1BC500: CharUpperA.USER32 ref: 000000013F1BC51E
Part of subcall function 000000013F1BC500: CharUpperA.USER32 ref: 000000013F1BC52B
Part of subcall function 000000013F1BC500: CharNextA.USER32 ref: 000000013F1BC554
Part of subcall function 000000013F1BC500: CharNextA.USER32 ref: 000000013F1BC560
Part of subcall function 000000013F1BC500: CharUpperA.USER32 ref: 000000013F1BC56D
Part of subcall function 000000013F1BC500: CharUpperA.USER32 ref: 000000013F1BC57A

CharNextA.USER32 ref: 000000013F1B97BB
CharNextA.USER32 ref: 000000013F1B97CC
CharNextA.USER32 ref: 000000013F1B97E2

Part of subcall function 000000013F1BBA10: RegDeleteValueA.ADVAPI32 ref: 000000013F1BBAAF
Part of subcall function 000000013F1BBA10: RegCloseKey.ADVAPI32 ref: 000000013F1BBAFD
Part of subcall function 000000013F1BBA10: RegCloseKey.ADVAPI32 ref: 000000013F1BBB10

Part of subcall function 000000013F1B9F70: RegCreateKeyExA.ADVAPI32 ref: 000000013F1BA06A
Part of subcall function 000000013F1B9F70: RegDeleteValueA.KERNEL32 ref: 000000013F1BA086
Part of subcall function 000000013F1B9F70: RegSetValueExA.ADVAPI32 ref: 000000013F1BA0C6
Part of subcall function 000000013F1B9F70: RegCloseKey.ADVAPI32 ref: 000000013F1BA0F0
Part of subcall function 000000013F1B9F70: RegCloseKey.ADVAPI32 ref: 000000013F1BA10B

Strings

UnregServer, xrefs: 000000013F1B9740
UnregServerPerUser, xrefs: 000000013F1B976E
RegServerPerUser, xrefs: 000000013F1B9785
RegServer, xrefs: 000000013F1B9757

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1BC500, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 59

APIs

CharUpperA.USER32 ref: 000000013F1BC51E
CharUpperA.USER32 ref: 000000013F1BC52B
CharNextA.USER32 ref: 000000013F1BC554
CharNextA.USER32 ref: 000000013F1BC560
CharUpperA.USER32 ref: 000000013F1BC56D
CharUpperA.USER32 ref: 000000013F1BC57A

Strings

, xrefs: 000000013F1BC58A
, xrefs: 000000013F1BC547

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1DC89C, Relevance: 13.8, APIs: 9, Instructions: 272LIBRARYCODE

APIs

Part of subcall function 000000013F1DC508: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1DC549
Part of subcall function 000000013F1DC508: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1DC5C6
Part of subcall function 000000013F1DC508: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1DC617

Part of subcall function 000000013F1D4B64: EnterCriticalSection.KERNEL32(?,?,?,?,?,000000013F1DC92C), ref: 000000013F1D4C11
Part of subcall function 000000013F1D4B64: LeaveCriticalSection.KERNEL32(?,?,?,?,?,000000013F1DC92C), ref: 000000013F1D4C20

CreateFileW.KERNEL32 ref: 000000013F1DC99D
CreateFileW.KERNEL32 ref: 000000013F1DC9F9
GetLastError.KERNEL32 ref: 000000013F1DCA2D
GetFileType.KERNEL32 ref: 000000013F1DCA42
GetLastError.KERNEL32 ref: 000000013F1DCA4C
CloseHandle.KERNEL32 ref: 000000013F1DCA7F

Part of subcall function 000000013F1D4A80: SetStdHandle.KERNEL32 ref: 000000013F1D4AFB

CloseHandle.KERNEL32 ref: 000000013F1DCBD8
CreateFileW.KERNEL32 ref: 000000013F1DCC10
GetLastError.KERNEL32 ref: 000000013F1DCC1F

Part of subcall function 000000013F1D4C94: SetStdHandle.KERNEL32(?,?,?,000000013F1D0A10,?,?,?,000000013F1D08C7,?,?,00000000,000000013F1D096F), ref: 000000013F1D4D0E

Part of subcall function 000000013F1D0994: CloseHandle.KERNEL32 ref: 000000013F1D09F7
Part of subcall function 000000013F1D0994: GetLastError.KERNEL32(?,?,?,000000013F1D08C7,?,?,00000000,000000013F1D096F,?,?,?,?,?,?,000000013F1C574A), ref: 000000013F1D0A01

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1B8B20, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 90library

APIs

GetModuleHandleA.KERNEL32 ref: 000000013F1B8B5E
GetProcAddress.KERNEL32 ref: 000000013F1B8B73
GetModuleHandleA.KERNEL32 ref: 000000013F1B9EE5
GetProcAddress.KERNEL32 ref: 000000013F1B9EFA

Strings

RegDeleteKeyExA, xrefs: 000000013F1B8B69
RegDeleteKeyTransactedA, xrefs: 000000013F1B9EF0
Advapi32.dll, xrefs: 000000013F1B8B57, 000000013F1B9EDE

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1BC6F0, Relevance: 12.1, APIs: 8, Instructions: 119

APIs

new.LIBCMT ref: 000000013F1BC785
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BC78F
new.LIBCMT ref: 000000013F1BC7A3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BC7B0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BC80D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BC81C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BC82B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BC837

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1D9E60, Relevance: 10.8, APIs: 7, Instructions: 294fileLIBRARYCODE

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000013F1D9F84

Part of subcall function 000000013F1CB4A0: HeapAlloc.KERNEL32 ref: 000000013F1CB4DE

Part of subcall function 000000013F1CB460: HeapFree.KERNEL32 ref: 000000013F1CB476
Part of subcall function 000000013F1CB460: GetLastError.KERNEL32 ref: 000000013F1CB488

Part of subcall function 000000013F1D975C: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1D97AF

GetConsoleMode.KERNEL32 ref: 000000013F1DA0CE
ReadConsoleW.KERNEL32 ref: 000000013F1DA0FD
GetLastError.KERNEL32 ref: 000000013F1DA107
ReadFile.KERNEL32 ref: 000000013F1DA14F

Part of subcall function 000000013F1D9818: ReadFile.KERNEL32 ref: 000000013F1D98FE

Part of subcall function 000000013F1D9A48: ReadFile.KERNEL32 ref: 000000013F1D9B1F
Part of subcall function 000000013F1D9A48: MultiByteToWideChar.KERNEL32 ref: 000000013F1D9CF0
Part of subcall function 000000013F1D9A48: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 000000013F1D9CFC

GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000000,000000013F1C1402,000000013F1DC796), ref: 000000013F1DA259
_invalid_parameter_noinfo.LIBCMT ref: 000000013F1DA2A5

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1BE8C0, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 229

APIs

Part of subcall function 000000013F1C5A24: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1C5A52
Part of subcall function 000000013F1C5A24: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1C5AEB

_invalid_parameter_noinfo.LIBCMT ref: 000000013F1BEB09

Part of subcall function 000000013F1C66D8: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1C6703

Part of subcall function 000000013F1BC6F0: new.LIBCMT ref: 000000013F1BC785
Part of subcall function 000000013F1BC6F0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BC78F
Part of subcall function 000000013F1BC6F0: new.LIBCMT ref: 000000013F1BC7A3
Part of subcall function 000000013F1BC6F0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BC7B0
Part of subcall function 000000013F1BC6F0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BC80D
Part of subcall function 000000013F1BC6F0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BC81C
Part of subcall function 000000013F1BC6F0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BC82B
Part of subcall function 000000013F1BC6F0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BC837

Part of subcall function 000000013F1C0918: std::invalid_argument::invalid_argument.LIBCONCRT ref: 000000013F1C0924

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BEBB5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BEBC4
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BEBD3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BEBDF

Strings

string too long, xrefs: 000000013F1BEB79, 000000013F1BEB86

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1BB0E0, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 49registrythread

APIs

GetCurrentThreadId.KERNEL32 ref: 000000013F1BB0F8
RegisterServiceCtrlHandlerA.ADVAPI32 ref: 000000013F1BB10F
SetServiceStatus.ADVAPI32 ref: 000000013F1BB14E

Part of subcall function 000000013F1C7E70: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1C7E94
Part of subcall function 000000013F1C7E70: CreateThread.KERNEL32 ref: 000000013F1C7ED5
Part of subcall function 000000013F1C7E70: GetLastError.KERNEL32(?,?,?,?,?,000000013F1BB17F), ref: 000000013F1C7EE3
Part of subcall function 000000013F1C7E70: CloseHandle.KERNEL32 ref: 000000013F1C7F00
Part of subcall function 000000013F1C7E70: FreeLibrary.KERNEL32(?,?,?,?,?,000000013F1BB17F), ref: 000000013F1C7F0F

Part of subcall function 000000013F1BB040: SetServiceStatus.ADVAPI32 ref: 000000013F1BB083
Part of subcall function 000000013F1BB040: GetMessageA.USER32 ref: 000000013F1BB096
Part of subcall function 000000013F1BB040: TranslateMessage.USER32 ref: 000000013F1BB0A5
Part of subcall function 000000013F1BB040: DispatchMessageA.USER32 ref: 000000013F1BB0B0
Part of subcall function 000000013F1BB040: GetMessageA.USER32 ref: 000000013F1BB0C3

SetServiceStatus.ADVAPI32 ref: 000000013F1BB1A8

Strings

Service stopped, xrefs: 000000013F1BB1AE
Handler not installed, xrefs: 000000013F1BB121

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1BB040, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 37window

APIs

SetServiceStatus.ADVAPI32 ref: 000000013F1BB083
GetMessageA.USER32 ref: 000000013F1BB096
TranslateMessage.USER32 ref: 000000013F1BB0A5
DispatchMessageA.USER32 ref: 000000013F1BB0B0
GetMessageA.USER32 ref: 000000013F1BB0C3

Part of subcall function 000000013F1B9070: RegisterEventSourceA.ADVAPI32 ref: 000000013F1B90FC
Part of subcall function 000000013F1B9070: ReportEventA.ADVAPI32 ref: 000000013F1B9138
Part of subcall function 000000013F1B9070: DeregisterEventSource.ADVAPI32 ref: 000000013F1B9141

Strings

Service started/resumed, xrefs: 000000013F1BB066

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1D837C, Relevance: 9.2, APIs: 6, Instructions: 223LIBRARYCODE

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000013F1D83D8
WideCharToMultiByte.KERNEL32 ref: 000000013F1D84A9
WideCharToMultiByte.KERNEL32 ref: 000000013F1D84F5
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,00000000,?,00000000,00000000,?,000000013F1D8713), ref: 000000013F1D851F
WideCharToMultiByte.KERNEL32 ref: 000000013F1D8572
WideCharToMultiByte.KERNEL32 ref: 000000013F1D864D

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1B6C90, Relevance: 9.1, APIs: 6, Instructions: 110

APIs

Part of subcall function 000000013F1BCF90: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BD023
Part of subcall function 000000013F1BCF90: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BD032
Part of subcall function 000000013F1BCF90: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BD041
Part of subcall function 000000013F1BCF90: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BD04D

__std_exception_copy.LIBVCRUNTIME ref: 000000013F1B6D2C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B6DAD
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B6DB3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B6DB9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B6DBF
__std_exception_copy.LIBVCRUNTIME ref: 000000013F1B6DFB

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1BC8A0, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 171

APIs

Part of subcall function 000000013F1C61A8: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1C61DD

Part of subcall function 000000013F1BC6F0: new.LIBCMT ref: 000000013F1BC785
Part of subcall function 000000013F1BC6F0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BC78F
Part of subcall function 000000013F1BC6F0: new.LIBCMT ref: 000000013F1BC7A3
Part of subcall function 000000013F1BC6F0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BC7B0
Part of subcall function 000000013F1BC6F0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BC80D
Part of subcall function 000000013F1BC6F0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BC81C
Part of subcall function 000000013F1BC6F0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BC82B
Part of subcall function 000000013F1BC6F0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BC837

Part of subcall function 000000013F1C0918: std::invalid_argument::invalid_argument.LIBCONCRT ref: 000000013F1C0924

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BCAB3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BCAC2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BCAD1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BCADD

Strings

string too long, xrefs: 000000013F1BCA7F, 000000013F1BCA8C

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1B93B0, Relevance: 8.9, APIs: 7, Instructions: 117

APIs

CharNextA.USER32 ref: 000000013F1B93E8
CharNextA.USER32 ref: 000000013F1B9423
CharNextA.USER32 ref: 000000013F1B9439
CharNextA.USER32 ref: 000000013F1B944C
CharNextA.USER32 ref: 000000013F1B945B
CharNextA.USER32 ref: 000000013F1B94B5
CharNextA.USER32 ref: 000000013F1B94D9

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1C8420, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29library

APIs

GetModuleHandleExW.KERNEL32 ref: 000000013F1C8440
GetProcAddress.KERNEL32 ref: 000000013F1C8456
FreeLibrary.KERNEL32 ref: 000000013F1C847B

Strings

CorExitProcess, xrefs: 000000013F1C844F
mscoree.dll, xrefs: 000000013F1C8437

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1D13B0, Relevance: 7.7, APIs: 5, Instructions: 203fileLIBRARYCODE

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000013F1D13F5

Part of subcall function 000000013F1D975C: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1D97AF

GetLastError.KERNEL32 ref: 000000013F1D15EA

Part of subcall function 000000013F1CF5EC: GetLastError.KERNEL32(?,?,?,000000013F1CAA8D,?,?,?,?,000000013F1C096E), ref: 000000013F1CF5F6
Part of subcall function 000000013F1CF5EC: SetLastError.KERNEL32(?,?,?,000000013F1CAA8D,?,?,?,?,000000013F1C096E), ref: 000000013F1CF65E
Part of subcall function 000000013F1CF5EC: SetLastError.KERNEL32(?,?,?,000000013F1CAA8D,?,?,?,?,000000013F1C096E), ref: 000000013F1CF674

GetConsoleMode.KERNEL32 ref: 000000013F1D14B8
GetLastError.KERNEL32 ref: 000000013F1D1533

Part of subcall function 000000013F1D0D24: GetConsoleCP.KERNEL32 ref: 000000013F1D0D81
Part of subcall function 000000013F1D0D24: WideCharToMultiByte.KERNEL32 ref: 000000013F1D0E5D
Part of subcall function 000000013F1D0D24: WriteFile.KERNEL32 ref: 000000013F1D0E83
Part of subcall function 000000013F1D0D24: WriteFile.KERNEL32 ref: 000000013F1D0EC2
Part of subcall function 000000013F1D0D24: GetLastError.KERNEL32 ref: 000000013F1D0EFA

Part of subcall function 000000013F1D97BC: WriteConsoleW.KERNEL32 ref: 000000013F1D9801

Part of subcall function 000000013F1D1150: WideCharToMultiByte.KERNEL32 ref: 000000013F1D1236
Part of subcall function 000000013F1D1150: WriteFile.KERNEL32 ref: 000000013F1D1269
Part of subcall function 000000013F1D1150: GetLastError.KERNEL32 ref: 000000013F1D128B

Part of subcall function 000000013F1D1034: WriteFile.KERNEL32 ref: 000000013F1D1101
Part of subcall function 000000013F1D1034: GetLastError.KERNEL32 ref: 000000013F1D111D

Part of subcall function 000000013F1D0F2C: WriteFile.KERNEL32 ref: 000000013F1D0FE2
Part of subcall function 000000013F1D0F2C: GetLastError.KERNEL32 ref: 000000013F1D0FFE

WriteFile.KERNEL32 ref: 000000013F1D15E0

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1D0D24, Relevance: 7.6, APIs: 5, Instructions: 142fileLIBRARYCODE

APIs

GetConsoleCP.KERNEL32 ref: 000000013F1D0D81
WideCharToMultiByte.KERNEL32 ref: 000000013F1D0E5D
WriteFile.KERNEL32 ref: 000000013F1D0E83
WriteFile.KERNEL32 ref: 000000013F1D0EC2
GetLastError.KERNEL32 ref: 000000013F1D0EFA

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1D8050, Relevance: 7.6, APIs: 5, Instructions: 133LIBRARYCODE

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000013F1D80A1
MultiByteToWideChar.KERNEL32 ref: 000000013F1D8118
GetLastError.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,000000013F1D82D0), ref: 000000013F1D8129
MultiByteToWideChar.KERNEL32 ref: 000000013F1D8186
MultiByteToWideChar.KERNEL32 ref: 000000013F1D81D9

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1DD97C, Relevance: 7.6, APIs: 5, Instructions: 72LIBRARYCODE

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000013F1DD9AC
MultiByteToWideChar.KERNEL32 ref: 000000013F1DD9E3
GetLastError.KERNEL32(?,?,?,?,?,000000013F1DC806), ref: 000000013F1DD9F0

Part of subcall function 000000013F1CB4A0: HeapAlloc.KERNEL32 ref: 000000013F1CB4DE

MultiByteToWideChar.KERNEL32 ref: 000000013F1DDA28
GetLastError.KERNEL32(?,?,?,?,?,000000013F1DC806), ref: 000000013F1DDA32

Part of subcall function 000000013F1CB460: HeapFree.KERNEL32 ref: 000000013F1CB476
Part of subcall function 000000013F1CB460: GetLastError.KERNEL32 ref: 000000013F1CB488

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1C7E70, Relevance: 7.6, APIs: 5, Instructions: 60thread

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000013F1C7E94

Part of subcall function 000000013F1C7E10: GetModuleHandleExW.KERNEL32(?,?,00000000,000000013F1C7EAB,?,?,?,?,?,000000013F1BB17F), ref: 000000013F1C7E54

CreateThread.KERNEL32 ref: 000000013F1C7ED5
GetLastError.KERNEL32(?,?,?,?,?,000000013F1BB17F), ref: 000000013F1C7EE3
CloseHandle.KERNEL32 ref: 000000013F1C7F00
FreeLibrary.KERNEL32(?,?,?,?,?,000000013F1BB17F), ref: 000000013F1C7F0F

Part of subcall function 000000013F1CB460: HeapFree.KERNEL32 ref: 000000013F1CB476
Part of subcall function 000000013F1CB460: GetLastError.KERNEL32 ref: 000000013F1CB488

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1DE873, Relevance: 7.6, APIs: 5, Instructions: 52

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1DE89B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1DE8AE
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1DE8BD
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1DE8CC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1DE8D8

Part of subcall function 000000013F1C4118: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000013F1C0917), ref: 000000013F1C4195
Part of subcall function 000000013F1C4118: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000013F1C0917), ref: 000000013F1C41D4

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1C7D9C, Relevance: 7.5, APIs: 5, Instructions: 31thread

APIs

Part of subcall function 000000013F1CF680: GetLastError.KERNEL32 ref: 000000013F1CF68F
Part of subcall function 000000013F1CF680: SetLastError.KERNEL32 ref: 000000013F1CF6F9
Part of subcall function 000000013F1CF680: SetLastError.KERNEL32 ref: 000000013F1CF703

ExitThread.KERNEL32 ref: 000000013F1C7DB4
ExitThread.KERNEL32 ref: 000000013F1C7DC9
CloseHandle.KERNEL32 ref: 000000013F1C7DE9
FreeLibraryAndExitThread.KERNEL32(?,?,?,000000013F1C7F4D,?,?,?,?,000000013F1C7D88), ref: 000000013F1C7DFF
ExitThread.KERNEL32 ref: 000000013F1C7E08

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1C32B0, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 161LIBRARYCODE

APIs

EncodePointer.KERNEL32(?,000000013F1C2551,?,?,?,?,?,?,?,000000013F1BFAB0), ref: 000000013F1C32FF
_GetRangeOfTrysToCheck.LIBVCRUNTIME ref: 000000013F1C338D

Part of subcall function 000000013F1C2C94: _GetEstablisherFrame.LIBVCRUNTIME ref: 000000013F1C2CCC
Part of subcall function 000000013F1C2C94: _UnwindNestedFrames.LIBVCRUNTIME ref: 000000013F1C2D37

Strings

RCC, xrefs: 000000013F1C331B
MOC, xrefs: 000000013F1C3313

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1C6CC0, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 153

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000013F1C6CED

Part of subcall function 000000013F1C6FE0: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1C7023

Part of subcall function 000000013F1C6ED4: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1C6F3B

_invalid_parameter_noinfo.LIBCMT ref: 000000013F1C6EC9

Strings

*, xrefs: 000000013F1C6DF2
, xrefs: 000000013F1C6E47

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1D1150, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileLIBRARYCODE

APIs

WideCharToMultiByte.KERNEL32 ref: 000000013F1D1236
WriteFile.KERNEL32 ref: 000000013F1D1269
GetLastError.KERNEL32 ref: 000000013F1D128B

Strings

U, xrefs: 000000013F1D1214

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1C0540, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42

APIs

GetLastError.KERNEL32 ref: 000000013F1C05A1
IsDebuggerPresent.KERNEL32 ref: 000000013F1C05B9
OutputDebugStringW.KERNEL32 ref: 000000013F1C05CA

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 000000013F1C05C3

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1BE2C0, Relevance: 6.2, APIs: 4, Instructions: 185

APIs

Part of subcall function 000000013F1C61A8: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1C61DD

Part of subcall function 000000013F1C5B8C: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1C5BBC
Part of subcall function 000000013F1C5B8C: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1C5C58

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BE509
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BE518
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BE527
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BE533

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1D2388, Relevance: 6.1, APIs: 4, Instructions: 104

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000013F1D23DB
WideCharToMultiByte.KERNEL32 ref: 000000013F1D24AD
GetLastError.KERNEL32 ref: 000000013F1D24D0
_invalid_parameter_noinfo.LIBCMT ref: 000000013F1D2502

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1B48F0, Relevance: 6.1, APIs: 4, Instructions: 96

APIs

CreateFileA.KERNEL32 ref: 000000013F1B496E
SetFilePointer.KERNEL32 ref: 000000013F1B49A3
new.LIBCMT ref: 000000013F1B49BA
SetFilePointer.KERNEL32 ref: 000000013F1B4A0B

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1B1330, Relevance: 6.1, APIs: 4, Instructions: 91

APIs

CreateDirectoryA.KERNEL32 ref: 000000013F1B1456

Part of subcall function 000000013F1B1330: GetFileAttributesA.KERNEL32 ref: 000000013F1B135A
Part of subcall function 000000013F1B1330: CreateDirectoryA.KERNEL32 ref: 000000013F1B136A

GetFileAttributesA.KERNEL32 ref: 000000013F1B1444

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1B9D70, Relevance: 6.1, APIs: 4, Instructions: 80registry

APIs

Part of subcall function 000000013F1B9590: GetModuleHandleA.KERNEL32 ref: 000000013F1B95CD
Part of subcall function 000000013F1B9590: GetProcAddress.KERNEL32 ref: 000000013F1B95E9
Part of subcall function 000000013F1B9590: RegOpenKeyExA.ADVAPI32 ref: 000000013F1B963F
Part of subcall function 000000013F1B9590: RegCloseKey.ADVAPI32 ref: 000000013F1B9651

RegEnumKeyExA.ADVAPI32 ref: 000000013F1B9DFE
RegCloseKey.ADVAPI32 ref: 000000013F1B9E6B

Part of subcall function 000000013F1B8B20: GetModuleHandleA.KERNEL32 ref: 000000013F1B8B5E
Part of subcall function 000000013F1B8B20: GetProcAddress.KERNEL32 ref: 000000013F1B8B73
Part of subcall function 000000013F1B8B20: GetModuleHandleA.KERNEL32 ref: 000000013F1B9EE5
Part of subcall function 000000013F1B8B20: GetProcAddress.KERNEL32 ref: 000000013F1B9EFA

Part of subcall function 000000013F1B9D70: RegEnumKeyExA.ADVAPI32 ref: 000000013F1B9E57

RegCloseKey.ADVAPI32 ref: 000000013F1B9E91

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1BCF90, Relevance: 6.1, APIs: 4, Instructions: 79

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BD023
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BD032
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BD041
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BD04D

Part of subcall function 000000013F1B72E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B7349
Part of subcall function 000000013F1B72E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B734F
Part of subcall function 000000013F1B72E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B7355
Part of subcall function 000000013F1B72E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B735B

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1B87B0, Relevance: 6.1, APIs: 4, Instructions: 78

APIs

RaiseException.KERNEL32(?,?,?,000000013F1B73DA), ref: 000000013F1B885D
RaiseException.KERNEL32(?,?,?,000000013F1B73DA), ref: 000000013F1B8873
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,000000013F1B73DA), ref: 000000013F1B8894

Part of subcall function 000000013F1B87B0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,000000013F1B73DA), ref: 000000013F1B88A8

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1BC7B8, Relevance: 6.1, APIs: 4, Instructions: 62

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BC80D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BC81C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BC82B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BC837

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1DEF22, Relevance: 6.1, APIs: 4, Instructions: 57

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1DEFC2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1DEFC8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1DEFCE
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1DEFD4

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1B72E0, Relevance: 6.1, APIs: 4, Instructions: 56

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B7349
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B734F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B7355
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1B735B

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1BD200, Relevance: 6.0, APIs: 4, Instructions: 46

APIs

new.LIBCMT ref: 000000013F1BD222
new.LIBCMT ref: 000000013F1BD243
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BD255
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013F1BD25B

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1C038C, Relevance: 6.0, APIs: 4, Instructions: 39timethread

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 000000013F1C03B8
GetCurrentThreadId.KERNEL32 ref: 000000013F1C03C6
GetCurrentProcessId.KERNEL32 ref: 000000013F1C03D2
QueryPerformanceCounter.KERNEL32 ref: 000000013F1C03E2

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1D2588, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 245string

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000013F1D25EC
strrchr.LIBVCRUNTIME ref: 000000013F1D2657

Strings

gfffffff, xrefs: 000000013F1D287A

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1C3CA4, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 166LIBRARYCODE

APIs

__FrameUnwindToEmptyState.LIBVCRUNTIME ref: 000000013F1C3DCD

Part of subcall function 000000013F1C2120: _GetEstablisherFrame.LIBVCRUNTIME ref: 000000013F1C213D

Part of subcall function 000000013F1C3B10: __GetCurrentState.LIBVCRUNTIME ref: 000000013F1C3B51

Part of subcall function 000000013F1C2DE0: _GetEstablisherFrame.LIBVCRUNTIME ref: 000000013F1C2E3C
Part of subcall function 000000013F1C2DE0: __GetUnwindTryBlock.LIBVCRUNTIME ref: 000000013F1C2E4A
Part of subcall function 000000013F1C2DE0: __SetUnwindTryBlock.LIBVCRUNTIME ref: 000000013F1C2E71
Part of subcall function 000000013F1C2DE0: __GetUnwindTryBlock.LIBVCRUNTIME ref: 000000013F1C2E7B
Part of subcall function 000000013F1C2DE0: IsInExceptionSpec.LIBVCRUNTIME ref: 000000013F1C2F4C
Part of subcall function 000000013F1C2DE0: _GetRangeOfTrysToCheck.LIBVCRUNTIME ref: 000000013F1C3017
Part of subcall function 000000013F1C2DE0: __TypeMatch.LIBVCRUNTIME ref: 000000013F1C30A8
Part of subcall function 000000013F1C2DE0: _ExecutionInCatch.LIBVCRUNTIME ref: 000000013F1C317B
Part of subcall function 000000013F1C2DE0: IsInExceptionSpec.LIBVCRUNTIME ref: 000000013F1C31AB
Part of subcall function 000000013F1C2DE0: _GetEstablisherFrame.LIBVCRUNTIME ref: 000000013F1C31C1
Part of subcall function 000000013F1C2DE0: _UnwindNestedFrames.LIBVCRUNTIME ref: 000000013F1C31EE

Strings

csm, xrefs: 000000013F1C3D04
csm, xrefs: 000000013F1C3E1D

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1D29B8, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000013F1D29FB

Part of subcall function 000000013F1C5494: _invalid_parameter_noinfo.LIBCMT ref: 000000013F1C54B9

Part of subcall function 000000013F1C516C: GetCurrentProcess.KERNEL32(000000013F1C52DD), ref: 000000013F1C5199

Strings

e+000, xrefs: 000000013F1D2AA3
gfff, xrefs: 000000013F1D2B26

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1C8730, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000013F1C875A
GetModuleFileNameA.KERNEL32(?,?,?,?,?,000000013F1BFC1A), ref: 000000013F1C877B

Part of subcall function 000000013F1CB460: HeapFree.KERNEL32 ref: 000000013F1CB476
Part of subcall function 000000013F1CB460: GetLastError.KERNEL32 ref: 000000013F1CB488

Strings

C:\Windows\system32\xbox-service.exe, xrefs: 000000013F1C8769

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1B8BE0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 78

APIs

GetTempPathA.KERNEL32 ref: 000000013F1B8C41
GetTempFileNameA.KERNEL32 ref: 000000013F1B8CA0

Strings

tmp, xrefs: 000000013F1B8C94

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1D0704, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70

APIs

GetStdHandle.KERNEL32 ref: 000000013F1D0776
GetFileType.KERNEL32 ref: 000000013F1D078C

Strings

@, xrefs: 000000013F1D07B7

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1D69B0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50LIBRARYCODE

APIs

Part of subcall function 000000013F1CFD04: GetLocaleInfoW.KERNEL32(?,?,00000000,000000013F1C9C6B), ref: 000000013F1CFD7B

GetACP.KERNEL32(?,?,000000A0,000000013F1D6C4E,?,?,?,00000000,?,000000013F1C9BE4), ref: 000000013F1D6A4E

Strings

OCP, xrefs: 000000013F1D69E1
ACP, xrefs: 000000013F1D69D1

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1C4704, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28LIBRARYCODE

APIs

try_get_function.LIBVCRUNTIME ref: 000000013F1C4732

Part of subcall function 000000013F1C4440: LoadLibraryExW.KERNELBASE(?,?,?,000000013F1C47A7,?,?,?,000000013F1C4D08,?,?,00000001,000000013F1C43FF), ref: 000000013F1C44EC
Part of subcall function 000000013F1C4440: GetLastError.KERNEL32(?,?,?,000000013F1C47A7,?,?,?,000000013F1C4D08,?,?,00000001,000000013F1C43FF), ref: 000000013F1C44FF
Part of subcall function 000000013F1C4440: LoadLibraryExW.KERNEL32(?,?,?,000000013F1C47A7,?,?,?,000000013F1C4D08,?,?,00000001,000000013F1C43FF), ref: 000000013F1C4512
Part of subcall function 000000013F1C4440: FreeLibrary.KERNEL32(?,?,?,000000013F1C47A7,?,?,?,000000013F1C4D08,?,?,00000001,000000013F1C43FF), ref: 000000013F1C454F
Part of subcall function 000000013F1C4440: GetProcAddress.KERNEL32(?,?,?,000000013F1C47A7,?,?,?,000000013F1C4D08,?,?,00000001,000000013F1C43FF), ref: 000000013F1C4583

TlsSetValue.KERNEL32(?,?,?,000000013F1C4A99,?,?,?,?,000000013F1C440C,?,?,?,?,000000013F1BF4FB), ref: 000000013F1C4755

Strings

FlsSetValue, xrefs: 000000013F1C471F

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1C465C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23

APIs

try_get_function.LIBVCRUNTIME ref: 000000013F1C4682

Part of subcall function 000000013F1C4440: LoadLibraryExW.KERNELBASE(?,?,?,000000013F1C47A7,?,?,?,000000013F1C4D08,?,?,00000001,000000013F1C43FF), ref: 000000013F1C44EC
Part of subcall function 000000013F1C4440: GetLastError.KERNEL32(?,?,?,000000013F1C47A7,?,?,?,000000013F1C4D08,?,?,00000001,000000013F1C43FF), ref: 000000013F1C44FF
Part of subcall function 000000013F1C4440: LoadLibraryExW.KERNEL32(?,?,?,000000013F1C47A7,?,?,?,000000013F1C4D08,?,?,00000001,000000013F1C43FF), ref: 000000013F1C4512
Part of subcall function 000000013F1C4440: FreeLibrary.KERNEL32(?,?,?,000000013F1C47A7,?,?,?,000000013F1C4D08,?,?,00000001,000000013F1C43FF), ref: 000000013F1C454F
Part of subcall function 000000013F1C4440: GetProcAddress.KERNEL32(?,?,?,000000013F1C47A7,?,?,?,000000013F1C4D08,?,?,00000001,000000013F1C43FF), ref: 000000013F1C4583

TlsFree.KERNEL32(?,?,?,000000013F1C4AC0,?,?,?,?,000000013F1C4AA2,?,?,?,?,000000013F1C440C), ref: 000000013F1C469F

Strings

FlsFree, xrefs: 000000013F1C467B

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Function 000000013F1C46B0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23LIBRARYCODE

APIs

try_get_function.LIBVCRUNTIME ref: 000000013F1C46D6

Part of subcall function 000000013F1C4440: LoadLibraryExW.KERNELBASE(?,?,?,000000013F1C47A7,?,?,?,000000013F1C4D08,?,?,00000001,000000013F1C43FF), ref: 000000013F1C44EC
Part of subcall function 000000013F1C4440: GetLastError.KERNEL32(?,?,?,000000013F1C47A7,?,?,?,000000013F1C4D08,?,?,00000001,000000013F1C43FF), ref: 000000013F1C44FF
Part of subcall function 000000013F1C4440: LoadLibraryExW.KERNEL32(?,?,?,000000013F1C47A7,?,?,?,000000013F1C4D08,?,?,00000001,000000013F1C43FF), ref: 000000013F1C4512
Part of subcall function 000000013F1C4440: FreeLibrary.KERNEL32(?,?,?,000000013F1C47A7,?,?,?,000000013F1C4D08,?,?,00000001,000000013F1C43FF), ref: 000000013F1C454F
Part of subcall function 000000013F1C4440: GetProcAddress.KERNEL32(?,?,?,000000013F1C47A7,?,?,?,000000013F1C4D08,?,?,00000001,000000013F1C43FF), ref: 000000013F1C4583

TlsGetValue.KERNEL32 ref: 000000013F1C46F3

Strings

FlsGetValue, xrefs: 000000013F1C46CF

Memory Dump Source

Source File: 00000008.00000002.12609909878.000000013F1B1000.00000020.sdmp, Offset: 000000013F1B0000, based on PE: true

Associated: 00000008.00000002.12609881742.000000013F1B0000.00000002.sdmp
Associated: 00000008.00000002.12610203953.000000013F1E0000.00000002.sdmp
Associated: 00000008.00000002.12610295325.000000013F1F9000.00000004.sdmp
Associated: 00000008.00000002.12610361354.000000013F1FC000.00000002.sdmp
Associated: 00000008.00000002.12610388870.000000013F200000.00000008.sdmp
Associated: 00000008.00000002.12610423640.000000013F201000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_13f1b0000_xbox-service.jbxd

Analysis Process: xbox-service.exe PID: 2572 Parent PID: 432

Executed Functions

Function 000000013FBD1770, Relevance: 145.5, APIs: 42, Strings: 41, Instructions: 226
library

Control-flow Graph

Executed
Not Executed

APIs

EncodePointer.KERNEL32(?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD178A

Part of subcall function 000000013FBDB500: IsProcessorFeaturePresent.KERNEL32 ref: 000000013FBDB526

GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD17BD
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD17D0
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD17EE
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD180C
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD182A
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD1848
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD1866
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD1884
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD18A2
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD18C0
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD18DE
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD18FC
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD191A
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD1938
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD1956
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD1974
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD1992
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD19B0
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD19CE
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD19EC
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD1A0A
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD1A28
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD1A46
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD1A64
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD1A82
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD1AA0
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD1ABE
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD1ADC
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD1AFA
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD1B18
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD1B36
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD1B54
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD1B72
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD1B90
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD1BAE
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD1BCC
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD1BEA
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD1C08
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD1C26
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD1C44
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,000000013FBD10B9,?,?,?,000000013FBD0E75), ref: 000000013FBD1C62

Strings

CloseThreadpoolTimer, xrefs: 000000013FBD1927
SetFileInformationByHandle, xrefs: 000000013FBD1A71
SubmitThreadpoolWork, xrefs: 000000013FBD1BD9
CreateSymbolicLinkW, xrefs: 000000013FBD19F9
GetFileInformationByHandleEx, xrefs: 000000013FBD1A53
SetThreadpoolWait, xrefs: 000000013FBD1963
WakeConditionVariable, xrefs: 000000013FBD1ACB
GetLocaleInfoEx, xrefs: 000000013FBD1C33
CreateThreadpoolWork, xrefs: 000000013FBD1BBB
GetCurrentProcessorNumber, xrefs: 000000013FBD19DB
kernel32.dll, xrefs: 000000013FBD17B6
CompareStringEx, xrefs: 000000013FBD1C15
GetCurrentPackageId, xrefs: 000000013FBD1A17
SetThreadpoolTimer, xrefs: 000000013FBD18EB
CloseThreadpoolWork, xrefs: 000000013FBD1BF7
ReleaseSRWLockExclusive, xrefs: 000000013FBD1B7F
InitializeConditionVariable, xrefs: 000000013FBD1AAD
WaitForThreadpoolTimerCallbacks, xrefs: 000000013FBD1909
InitializeSRWLock, xrefs: 000000013FBD1B25
WakeAllConditionVariable, xrefs: 000000013FBD1AE9
AcquireSRWLockExclusive, xrefs: 000000013FBD1B43
InitOnceExecuteOnce, xrefs: 000000013FBD1855
CreateSemaphoreExW, xrefs: 000000013FBD18AF
CreateEventExW, xrefs: 000000013FBD1873
CreateThreadpoolWait, xrefs: 000000013FBD1945
FlsSetValue, xrefs: 000000013FBD1819
FlsAlloc, xrefs: 000000013FBD17C6
FlushProcessWriteBuffers, xrefs: 000000013FBD199F
CreateThreadpoolTimer, xrefs: 000000013FBD18CD
FlsGetValue, xrefs: 000000013FBD17FB
TryAcquireSRWLockExclusive, xrefs: 000000013FBD1B61
SleepConditionVariableCS, xrefs: 000000013FBD1B07
GetTickCount64, xrefs: 000000013FBD1A35
InitializeCriticalSectionEx, xrefs: 000000013FBD1837
CreateSemaphoreW, xrefs: 000000013FBD1891
SleepConditionVariableSRW, xrefs: 000000013FBD1B9D
GetSystemTimePreciseAsFileTime, xrefs: 000000013FBD1A8F
LCMapStringEx, xrefs: 000000013FBD1C51
FreeLibraryWhenCallbackReturns, xrefs: 000000013FBD19BD
CloseThreadpoolWait, xrefs: 000000013FBD1981
FlsFree, xrefs: 000000013FBD17DD

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBCB330, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 114
registry

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000000013FBC9590: GetModuleHandleA.KERNEL32 ref: 000000013FBC95CD
Part of subcall function 000000013FBC9590: GetProcAddress.KERNEL32 ref: 000000013FBC95E9
Part of subcall function 000000013FBC9590: RegOpenKeyExA.ADVAPI32 ref: 000000013FBC963F
Part of subcall function 000000013FBC9590: RegCloseKey.ADVAPI32 ref: 000000013FBC9651

RegQueryValueExA.ADVAPI32 ref: 000000013FBCB407
StartServiceCtrlDispatcherA.SECHOST ref: 000000013FBCB487
GetLastError.KERNEL32 ref: 000000013FBCB491

Part of subcall function 000000013FBD7E70: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBD7E94
Part of subcall function 000000013FBD7E70: CreateThread.KERNEL32 ref: 000000013FBD7ED5
Part of subcall function 000000013FBD7E70: GetLastError.KERNEL32(?,?,?,?,?,000000013FBCB17F), ref: 000000013FBD7EE3
Part of subcall function 000000013FBD7E70: CloseHandle.KERNEL32 ref: 000000013FBD7F00
Part of subcall function 000000013FBD7E70: FreeLibrary.KERNEL32(?,?,?,?,?,000000013FBCB17F), ref: 000000013FBD7F0F

Part of subcall function 000000013FBCB040: SetServiceStatus.ADVAPI32 ref: 000000013FBCB083
Part of subcall function 000000013FBCB040: GetMessageA.USER32 ref: 000000013FBCB096
Part of subcall function 000000013FBCB040: TranslateMessage.USER32 ref: 000000013FBCB0A5
Part of subcall function 000000013FBCB040: DispatchMessageA.USER32 ref: 000000013FBCB0B0
Part of subcall function 000000013FBCB040: GetMessageA.USER32 ref: 000000013FBCB0C3

RegCloseKey.ADVAPI32 ref: 000000013FBCB4E1
RegCloseKey.ADVAPI32 ref: 000000013FBCB4F3

Strings

LocalService, xrefs: 000000013FBCB400
{23D22352-DC86-4346-B298-C56CB6A1C99F}, xrefs: 000000013FBCB3A6
AppID, xrefs: 000000013FBCB35D

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBC1490, Relevance: 10.9, APIs: 1, Strings: 5, Instructions: 424

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000000013FBC5920: SetFilePointer.KERNELBASE ref: 000000013FBC5997
Part of subcall function 000000013FBC5920: SetFilePointer.KERNEL32 ref: 000000013FBC5D92
Part of subcall function 000000013FBC5920: SetFilePointer.KERNEL32 ref: 000000013FBC5E36

Part of subcall function 000000013FBC5650: SetFilePointer.KERNELBASE ref: 000000013FBC569E

SetFilePointer.KERNELBASE ref: 000000013FBC1668

Part of subcall function 000000013FBC4A40: ReadFile.KERNEL32 ref: 000000013FBC4A7C

Part of subcall function 000000013FBD4E0C: strstr.LIBVCRUNTIME ref: 000000013FBD4E43
Part of subcall function 000000013FBD4E0C: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBD4E60

Part of subcall function 000000013FBC2340: SystemTimeToFileTime.KERNEL32 ref: 000000013FBC23BB

Strings

\../, xrefs: 000000013FBC177F
/../, xrefs: 000000013FBC1799
, xrefs: 000000013FBC186C
/..\, xrefs: 000000013FBC17B3
\..\, xrefs: 000000013FBC1765

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBDB0BC, Relevance: 6.2, APIs: 4, Instructions: 191
LIBRARYCODE

Control-flow Graph

Executed
Not Executed

APIs

_Wcsftime.LIBCMT ref: 000000013FBDB10C

Part of subcall function 000000013FBE835C: _mbstowcs_s_l.LIBCMT ref: 000000013FBE8370

_Wcsftime.LIBCMT ref: 000000013FBDB145

Part of subcall function 000000013FBD9E9C: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBD9EC7

Part of subcall function 000000013FBD516C: GetCurrentProcess.KERNEL32(000000013FBD52DD), ref: 000000013FBD5199

Part of subcall function 000000013FBDF5EC: GetLastError.KERNEL32(?,?,?,000000013FBDAA8D,?,?,?,?,000000013FBD096E), ref: 000000013FBDF5F6
Part of subcall function 000000013FBDF5EC: SetLastError.KERNEL32(?,?,?,000000013FBDAA8D,?,?,?,?,000000013FBD096E), ref: 000000013FBDF65E
Part of subcall function 000000013FBDF5EC: SetLastError.KERNEL32(?,?,?,000000013FBDAA8D,?,?,?,?,000000013FBD096E), ref: 000000013FBDF674

_wcstombs_s_l.LIBCMT ref: 000000013FBDB21A

Part of subcall function 000000013FBE86B0: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBE873B

Part of subcall function 000000013FBDB4A0: HeapAlloc.KERNEL32 ref: 000000013FBDB4DE

_wcstombs_s_l.LIBCMT ref: 000000013FBDB26C

Part of subcall function 000000013FBDB460: HeapFree.KERNEL32 ref: 000000013FBDB476
Part of subcall function 000000013FBDB460: GetLastError.KERNEL32 ref: 000000013FBDB488

Part of subcall function 000000013FBDA7FC: HeapAlloc.KERNEL32 ref: 000000013FBDA851

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBC5920, Relevance: 5.0, APIs: 3, Instructions: 450

APIs

SetFilePointer.KERNELBASE ref: 000000013FBC5997

Part of subcall function 000000013FBC60A0: ReadFile.KERNEL32 ref: 000000013FBC60DC

SetFilePointer.KERNEL32 ref: 000000013FBC5D92
SetFilePointer.KERNEL32 ref: 000000013FBC5E36

Part of subcall function 000000013FBC4A40: ReadFile.KERNEL32 ref: 000000013FBC4A7C

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBCFC90, Relevance: 3.0, APIs: 2, Instructions: 18

APIs

SetUnhandledExceptionFilter.KERNEL32 ref: 000000013FBCFC99
_invalid_parameter_noinfo.LIBCMT ref: 000000013FBDA704

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBC3284, Relevance: 2.9, Strings: 2, Instructions: 409

Strings

invalid bit length repeat, xrefs: 000000013FBC3833
too many length or distance symbols, xrefs: 000000013FBC3766

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBC88C0, Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 164
process

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNEL32 ref: 000000013FBC89A7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC89D1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC89E0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC89EF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC89FB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC8A37
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC8A46
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC8A55
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC8A61
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC8A9D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC8AAC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC8ABB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC8AC7
CloseHandle.KERNEL32 ref: 000000013FBC8ADF
CloseHandle.KERNEL32 ref: 000000013FBC8AEA

Part of subcall function 000000013FBC72E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC7349
Part of subcall function 000000013FBC72E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC734F
Part of subcall function 000000013FBC72E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC7355
Part of subcall function 000000013FBC72E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC735B

Strings

,dll, xrefs: 000000013FBC8959
rundll32 , xrefs: 000000013FBC8937
h, xrefs: 000000013FBC8909

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBCBB30, Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 206

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000000013FBC1C90: new.LIBCMT ref: 000000013FBC1CCE
Part of subcall function 000000013FBC1C90: new.LIBCMT ref: 000000013FBC1D5D

GetWindowsDirectoryA.KERNEL32 ref: 000000013FBCBC36
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCBCCD
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCBCDC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCBCEB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCBCF7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCBE07
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCBE16
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCBE25
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCBE31

Part of subcall function 000000013FBC72E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC7349
Part of subcall function 000000013FBC72E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC734F
Part of subcall function 000000013FBC72E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC7355
Part of subcall function 000000013FBC72E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC735B

Strings

P0p159753, xrefs: 000000013FBCBB8F
\pagefile.sys, xrefs: 000000013FBCBC8E

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBC9170, Relevance: 16.6, APIs: 11, Instructions: 145
sleep

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE ref: 000000013FBC91E1
FindResourceA.KERNEL32 ref: 000000013FBC9200
LoadResource.KERNEL32 ref: 000000013FBC921C
LockResource.KERNEL32 ref: 000000013FBC922E
SizeofResource.KERNEL32 ref: 000000013FBC9241

Part of subcall function 000000013FBC8BE0: GetTempPathA.KERNEL32 ref: 000000013FBC8C41
Part of subcall function 000000013FBC8BE0: GetTempFileNameA.KERNEL32 ref: 000000013FBC8CA0

Part of subcall function 000000013FBCBB30: GetWindowsDirectoryA.KERNEL32 ref: 000000013FBCBC36
Part of subcall function 000000013FBCBB30: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCBCCD
Part of subcall function 000000013FBCBB30: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCBCDC
Part of subcall function 000000013FBCBB30: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCBCEB
Part of subcall function 000000013FBCBB30: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCBCF7
Part of subcall function 000000013FBCBB30: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCBE07
Part of subcall function 000000013FBCBB30: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCBE16
Part of subcall function 000000013FBCBB30: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCBE25
Part of subcall function 000000013FBCBB30: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCBE31

Part of subcall function 000000013FBC88C0: CreateProcessA.KERNEL32 ref: 000000013FBC89A7
Part of subcall function 000000013FBC88C0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC89D1
Part of subcall function 000000013FBC88C0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC89E0
Part of subcall function 000000013FBC88C0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC89EF
Part of subcall function 000000013FBC88C0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC89FB
Part of subcall function 000000013FBC88C0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC8A37
Part of subcall function 000000013FBC88C0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC8A46
Part of subcall function 000000013FBC88C0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC8A55
Part of subcall function 000000013FBC88C0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC8A61
Part of subcall function 000000013FBC88C0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC8A9D
Part of subcall function 000000013FBC88C0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC8AAC
Part of subcall function 000000013FBC88C0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC8ABB
Part of subcall function 000000013FBC88C0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC8AC7
Part of subcall function 000000013FBC88C0: CloseHandle.KERNEL32 ref: 000000013FBC8ADF
Part of subcall function 000000013FBC88C0: CloseHandle.KERNEL32 ref: 000000013FBC8AEA

DeleteFileA.KERNELBASE ref: 000000013FBC931B
Sleep.KERNELBASE ref: 000000013FBC9383
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC938E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC9394
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC939A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC93A0

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBEC89C, Relevance: 13.8, APIs: 9, Instructions: 272
LIBRARYCODE

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000000013FBEC508: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBEC549
Part of subcall function 000000013FBEC508: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBEC5C6
Part of subcall function 000000013FBEC508: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBEC617

Part of subcall function 000000013FBE4B64: EnterCriticalSection.KERNEL32(?,?,?,?,?,000000013FBEC92C), ref: 000000013FBE4C11
Part of subcall function 000000013FBE4B64: LeaveCriticalSection.KERNEL32(?,?,?,?,?,000000013FBEC92C), ref: 000000013FBE4C20

CreateFileW.KERNEL32 ref: 000000013FBEC99D
CreateFileW.KERNEL32 ref: 000000013FBEC9F9
GetLastError.KERNEL32 ref: 000000013FBECA2D
GetFileType.KERNEL32 ref: 000000013FBECA42
GetLastError.KERNEL32 ref: 000000013FBECA4C
CloseHandle.KERNEL32 ref: 000000013FBECA7F

Part of subcall function 000000013FBE4A80: SetStdHandle.KERNEL32 ref: 000000013FBE4AFB

CloseHandle.KERNEL32 ref: 000000013FBECBD8
CreateFileW.KERNEL32 ref: 000000013FBECC10
GetLastError.KERNEL32 ref: 000000013FBECC1F

Part of subcall function 000000013FBE4C94: SetStdHandle.KERNEL32(?,?,?,000000013FBE0A10,?,?,?,000000013FBE08C7,?,?,00000000,000000013FBE096F), ref: 000000013FBE4D0E

Part of subcall function 000000013FBE0994: CloseHandle.KERNEL32 ref: 000000013FBE09F7
Part of subcall function 000000013FBE0994: GetLastError.KERNEL32(?,?,?,000000013FBE08C7,?,?,00000000,000000013FBE096F,?,?,?,?,?,?,000000013FBD574A), ref: 000000013FBE0A01

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBC9590, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 66
registrylibrary

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32 ref: 000000013FBC95CD
GetProcAddress.KERNEL32 ref: 000000013FBC95E9
RegOpenKeyExA.ADVAPI32 ref: 000000013FBC963F
RegCloseKey.ADVAPI32 ref: 000000013FBC9651

Strings

Advapi32.dll, xrefs: 000000013FBC95C6
RegOpenKeyTransactedA, xrefs: 000000013FBC95DF

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBCB0E0, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 49
registrythread

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThreadId.KERNEL32 ref: 000000013FBCB0F8
RegisterServiceCtrlHandlerA.ADVAPI32 ref: 000000013FBCB10F
SetServiceStatus.SECHOST ref: 000000013FBCB14E

Part of subcall function 000000013FBD7E70: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBD7E94
Part of subcall function 000000013FBD7E70: CreateThread.KERNEL32 ref: 000000013FBD7ED5
Part of subcall function 000000013FBD7E70: GetLastError.KERNEL32(?,?,?,?,?,000000013FBCB17F), ref: 000000013FBD7EE3
Part of subcall function 000000013FBD7E70: CloseHandle.KERNEL32 ref: 000000013FBD7F00
Part of subcall function 000000013FBD7E70: FreeLibrary.KERNEL32(?,?,?,?,?,000000013FBCB17F), ref: 000000013FBD7F0F

Part of subcall function 000000013FBCB040: SetServiceStatus.ADVAPI32 ref: 000000013FBCB083
Part of subcall function 000000013FBCB040: GetMessageA.USER32 ref: 000000013FBCB096
Part of subcall function 000000013FBCB040: TranslateMessage.USER32 ref: 000000013FBCB0A5
Part of subcall function 000000013FBCB040: DispatchMessageA.USER32 ref: 000000013FBCB0B0
Part of subcall function 000000013FBCB040: GetMessageA.USER32 ref: 000000013FBCB0C3

SetServiceStatus.ADVAPI32 ref: 000000013FBCB1A8

Strings

Service stopped, xrefs: 000000013FBCB1AE
Handler not installed, xrefs: 000000013FBCB121

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBCB040, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 37
window

Control-flow Graph

Executed
Not Executed

APIs

SetServiceStatus.ADVAPI32 ref: 000000013FBCB083
GetMessageA.USER32 ref: 000000013FBCB096
TranslateMessage.USER32 ref: 000000013FBCB0A5
DispatchMessageA.USER32 ref: 000000013FBCB0B0
GetMessageA.USER32 ref: 000000013FBCB0C3

Part of subcall function 000000013FBC9070: RegisterEventSourceA.ADVAPI32 ref: 000000013FBC90FC
Part of subcall function 000000013FBC9070: ReportEventA.ADVAPI32 ref: 000000013FBC9138
Part of subcall function 000000013FBC9070: DeregisterEventSource.ADVAPI32 ref: 000000013FBC9141

Strings

Service started/resumed, xrefs: 000000013FBCB066

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBE13B0, Relevance: 7.7, APIs: 5, Instructions: 203
fileLIBRARYCODE

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000013FBE13F5

Part of subcall function 000000013FBE975C: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBE97AF

GetLastError.KERNEL32 ref: 000000013FBE15EA

Part of subcall function 000000013FBDF5EC: GetLastError.KERNEL32(?,?,?,000000013FBDAA8D,?,?,?,?,000000013FBD096E), ref: 000000013FBDF5F6
Part of subcall function 000000013FBDF5EC: SetLastError.KERNEL32(?,?,?,000000013FBDAA8D,?,?,?,?,000000013FBD096E), ref: 000000013FBDF65E
Part of subcall function 000000013FBDF5EC: SetLastError.KERNEL32(?,?,?,000000013FBDAA8D,?,?,?,?,000000013FBD096E), ref: 000000013FBDF674

GetConsoleMode.KERNEL32 ref: 000000013FBE14B8
GetLastError.KERNEL32 ref: 000000013FBE1533

Part of subcall function 000000013FBE0D24: GetConsoleCP.KERNEL32 ref: 000000013FBE0D81
Part of subcall function 000000013FBE0D24: WideCharToMultiByte.KERNEL32 ref: 000000013FBE0E5D
Part of subcall function 000000013FBE0D24: WriteFile.KERNEL32 ref: 000000013FBE0E83
Part of subcall function 000000013FBE0D24: WriteFile.KERNEL32 ref: 000000013FBE0EC2
Part of subcall function 000000013FBE0D24: GetLastError.KERNEL32 ref: 000000013FBE0EFA

Part of subcall function 000000013FBE97BC: WriteConsoleW.KERNEL32 ref: 000000013FBE9801

Part of subcall function 000000013FBE1150: WideCharToMultiByte.KERNEL32 ref: 000000013FBE1236
Part of subcall function 000000013FBE1150: WriteFile.KERNEL32 ref: 000000013FBE1269
Part of subcall function 000000013FBE1150: GetLastError.KERNEL32 ref: 000000013FBE128B

Part of subcall function 000000013FBE1034: WriteFile.KERNEL32 ref: 000000013FBE1101
Part of subcall function 000000013FBE1034: GetLastError.KERNEL32 ref: 000000013FBE111D

Part of subcall function 000000013FBE0F2C: WriteFile.KERNEL32 ref: 000000013FBE0FE2
Part of subcall function 000000013FBE0F2C: GetLastError.KERNEL32 ref: 000000013FBE0FFE

WriteFile.KERNEL32 ref: 000000013FBE15E0

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBDF900, Relevance: 7.6, APIs: 5, Instructions: 114
libraryLIBRARYCODE

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE ref: 000000013FBDF99C
GetLastError.KERNEL32 ref: 000000013FBDF9AA
LoadLibraryExW.KERNEL32 ref: 000000013FBDF9BD
FreeLibrary.KERNEL32 ref: 000000013FBDF9F6
GetProcAddress.KERNEL32 ref: 000000013FBDFA22

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBD7E70, Relevance: 7.6, APIs: 5, Instructions: 60
thread

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000013FBD7E94

Part of subcall function 000000013FBD7E10: GetModuleHandleExW.KERNEL32(?,?,00000000,000000013FBD7EAB,?,?,?,?,?,000000013FBCB17F), ref: 000000013FBD7E54

CreateThread.KERNEL32 ref: 000000013FBD7ED5
GetLastError.KERNEL32(?,?,?,?,?,000000013FBCB17F), ref: 000000013FBD7EE3
CloseHandle.KERNEL32 ref: 000000013FBD7F00
FreeLibrary.KERNEL32(?,?,?,?,?,000000013FBCB17F), ref: 000000013FBD7F0F

Part of subcall function 000000013FBDB460: HeapFree.KERNEL32 ref: 000000013FBDB476
Part of subcall function 000000013FBDB460: GetLastError.KERNEL32 ref: 000000013FBDB488

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBCE2C0, Relevance: 6.2, APIs: 4, Instructions: 185

APIs

Part of subcall function 000000013FBD61A8: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBD61DD

Part of subcall function 000000013FBD5B8C: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBD5BBC
Part of subcall function 000000013FBD5B8C: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBD5C58

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCE509
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCE518
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCE527
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCE533

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBC48F0, Relevance: 6.1, APIs: 4, Instructions: 96

APIs

CreateFileA.KERNEL32 ref: 000000013FBC496E
SetFilePointer.KERNELBASE ref: 000000013FBC49A3
new.LIBCMT ref: 000000013FBC49BA
SetFilePointer.KERNELBASE ref: 000000013FBC4A0B

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBE4214, Relevance: 6.1, APIs: 4, Instructions: 74

APIs

GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,000000013FBD88CB), ref: 000000013FBE422D
WideCharToMultiByte.KERNEL32 ref: 000000013FBE428F

Part of subcall function 000000013FBDB4A0: HeapAlloc.KERNEL32 ref: 000000013FBDB4DE

WideCharToMultiByte.KERNEL32 ref: 000000013FBE42C9

Part of subcall function 000000013FBDB460: HeapFree.KERNEL32 ref: 000000013FBDB476
Part of subcall function 000000013FBDB460: GetLastError.KERNEL32 ref: 000000013FBDB488

FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,000000013FBD88CB), ref: 000000013FBE42F3

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBC8BE0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 78

APIs

GetTempPathA.KERNEL32 ref: 000000013FBC8C41
GetTempFileNameA.KERNEL32 ref: 000000013FBC8CA0

Strings

tmp, xrefs: 000000013FBC8C94

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBD476C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32

APIs

try_get_function.LIBVCRUNTIME ref: 000000013FBD47A2

Part of subcall function 000000013FBD4440: LoadLibraryExW.KERNELBASE(?,?,?,000000013FBD47A7,?,?,?,000000013FBD4D08,?,?,00000001,000000013FBD43FF), ref: 000000013FBD44EC
Part of subcall function 000000013FBD4440: GetLastError.KERNEL32(?,?,?,000000013FBD47A7,?,?,?,000000013FBD4D08,?,?,00000001,000000013FBD43FF), ref: 000000013FBD44FF
Part of subcall function 000000013FBD4440: LoadLibraryExW.KERNEL32(?,?,?,000000013FBD47A7,?,?,?,000000013FBD4D08,?,?,00000001,000000013FBD43FF), ref: 000000013FBD4512
Part of subcall function 000000013FBD4440: FreeLibrary.KERNEL32(?,?,?,000000013FBD47A7,?,?,?,000000013FBD4D08,?,?,00000001,000000013FBD43FF), ref: 000000013FBD454F
Part of subcall function 000000013FBD4440: GetProcAddress.KERNEL32(?,?,?,000000013FBD47A7,?,?,?,000000013FBD4D08,?,?,00000001,000000013FBD43FF), ref: 000000013FBD4583

InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,?,000000013FBD4D08,?,?,00000001,000000013FBD43FF,?,?,?,?,000000013FBCF4FB), ref: 000000013FBD47C8

Strings

InitializeCriticalSectionEx, xrefs: 000000013FBD4796

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBD4608, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22

APIs

try_get_function.LIBVCRUNTIME ref: 000000013FBD462F

Part of subcall function 000000013FBD4440: LoadLibraryExW.KERNELBASE(?,?,?,000000013FBD47A7,?,?,?,000000013FBD4D08,?,?,00000001,000000013FBD43FF), ref: 000000013FBD44EC
Part of subcall function 000000013FBD4440: GetLastError.KERNEL32(?,?,?,000000013FBD47A7,?,?,?,000000013FBD4D08,?,?,00000001,000000013FBD43FF), ref: 000000013FBD44FF
Part of subcall function 000000013FBD4440: LoadLibraryExW.KERNEL32(?,?,?,000000013FBD47A7,?,?,?,000000013FBD4D08,?,?,00000001,000000013FBD43FF), ref: 000000013FBD4512
Part of subcall function 000000013FBD4440: FreeLibrary.KERNEL32(?,?,?,000000013FBD47A7,?,?,?,000000013FBD4D08,?,?,00000001,000000013FBD43FF), ref: 000000013FBD454F
Part of subcall function 000000013FBD4440: GetProcAddress.KERNEL32(?,?,?,000000013FBD47A7,?,?,?,000000013FBD4D08,?,?,00000001,000000013FBD43FF), ref: 000000013FBD4583

TlsAlloc.KERNEL32(?,?,?,000000013FBD4A7C,?,?,?,?,000000013FBD440C,?,?,?,?,000000013FBCF4FB), ref: 000000013FBD464B

Strings

FlsAlloc, xrefs: 000000013FBD4628

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBE7C5C, Relevance: 4.7, APIs: 3, Instructions: 238LIBRARYCODE

APIs

MultiByteToWideChar.KERNEL32 ref: 000000013FBE7CE3
MultiByteToWideChar.KERNEL32 ref: 000000013FBE7DA8

Part of subcall function 000000013FBDFFD4: LCMapStringW.KERNEL32 ref: 000000013FBE00A2

Part of subcall function 000000013FBDB4A0: HeapAlloc.KERNEL32 ref: 000000013FBDB4DE

WideCharToMultiByte.KERNEL32 ref: 000000013FBE7F38

Part of subcall function 000000013FBDB460: HeapFree.KERNEL32 ref: 000000013FBDB476
Part of subcall function 000000013FBDB460: GetLastError.KERNEL32 ref: 000000013FBDB488

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBC5EF0, Relevance: 4.6, APIs: 3, Instructions: 123

APIs

SetFilePointer.KERNELBASE(?,?,?,?,?,?,000000013FBC50A8), ref: 000000013FBC5F14
SetFilePointer.KERNELBASE(?,?,?,?,?,?,000000013FBC50A8), ref: 000000013FBC5F55
SetFilePointer.KERNELBASE(?,?,?,?,?,?,000000013FBC50A8), ref: 000000013FBC6000

Part of subcall function 000000013FBC4A40: ReadFile.KERNEL32 ref: 000000013FBC4A7C

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBC9070, Relevance: 4.6, APIs: 3, Instructions: 59registry

APIs

Part of subcall function 000000013FBD7BC8: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBD7CEA
Part of subcall function 000000013FBD7BC8: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBD7D00

RegisterEventSourceA.ADVAPI32 ref: 000000013FBC90FC
ReportEventA.ADVAPI32 ref: 000000013FBC9138
DeregisterEventSource.ADVAPI32 ref: 000000013FBC9141

Part of subcall function 000000013FBD62F4: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBD6311

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBE3AC0, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 126

APIs

GetCPInfo.KERNEL32 ref: 000000013FBE3AF6

Part of subcall function 000000013FBE5D3C: MultiByteToWideChar.KERNEL32 ref: 000000013FBE5DAF
Part of subcall function 000000013FBE5D3C: MultiByteToWideChar.KERNEL32 ref: 000000013FBE5E78
Part of subcall function 000000013FBE5D3C: GetStringTypeW.KERNEL32 ref: 000000013FBE5E92

Strings

, xrefs: 000000013FBE3B3B

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBDFFD4, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56LIBRARYCODE

APIs

Part of subcall function 000000013FBDF900: LoadLibraryExW.KERNELBASE ref: 000000013FBDF99C
Part of subcall function 000000013FBDF900: GetLastError.KERNEL32 ref: 000000013FBDF9AA
Part of subcall function 000000013FBDF900: LoadLibraryExW.KERNEL32 ref: 000000013FBDF9BD
Part of subcall function 000000013FBDF900: FreeLibrary.KERNEL32 ref: 000000013FBDF9F6
Part of subcall function 000000013FBDF900: GetProcAddress.KERNEL32 ref: 000000013FBDFA22

LCMapStringW.KERNEL32 ref: 000000013FBE00A2

Strings

LCMapStringEx, xrefs: 000000013FBE0006

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBC6BC0, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 51

APIs

__std_exception_copy.LIBVCRUNTIME ref: 000000013FBC6C4C

Part of subcall function 000000013FBD4118: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000013FBD0917), ref: 000000013FBD4195
Part of subcall function 000000013FBD4118: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000013FBD0917), ref: 000000013FBD41D4

Strings

bad locale name, xrefs: 000000013FBC6C31

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBDFE68, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32LIBRARYCODE

APIs

Part of subcall function 000000013FBDF900: LoadLibraryExW.KERNELBASE ref: 000000013FBDF99C
Part of subcall function 000000013FBDF900: GetLastError.KERNEL32 ref: 000000013FBDF9AA
Part of subcall function 000000013FBDF900: LoadLibraryExW.KERNEL32 ref: 000000013FBDF9BD
Part of subcall function 000000013FBDF900: FreeLibrary.KERNEL32 ref: 000000013FBDF9F6
Part of subcall function 000000013FBDF900: GetProcAddress.KERNEL32 ref: 000000013FBDFA22

InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,002D8888,000000013FBE0BCE,?,?,?,000000013FBE0A9A,?,?,?,000000013FBDB3DE), ref: 000000013FBDFEC5

Strings

InitializeCriticalSectionEx, xrefs: 000000013FBDFE92

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBDFD9C, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23time

APIs

Part of subcall function 000000013FBDF900: LoadLibraryExW.KERNELBASE ref: 000000013FBDF99C
Part of subcall function 000000013FBDF900: GetLastError.KERNEL32 ref: 000000013FBDF9AA
Part of subcall function 000000013FBDF900: LoadLibraryExW.KERNEL32 ref: 000000013FBDF9BD
Part of subcall function 000000013FBDF900: FreeLibrary.KERNEL32 ref: 000000013FBDF9F6
Part of subcall function 000000013FBDF900: GetProcAddress.KERNEL32 ref: 000000013FBDFA22

GetSystemTimeAsFileTime.KERNEL32(?,?,?,000000013FBD7F88,?,?,00000000,000000013FBD8005), ref: 000000013FBDFDE3

Strings

GetSystemTimePreciseAsFileTime, xrefs: 000000013FBDFDBC

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBDFB94, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22

APIs

Part of subcall function 000000013FBDF900: LoadLibraryExW.KERNELBASE ref: 000000013FBDF99C
Part of subcall function 000000013FBDF900: GetLastError.KERNEL32 ref: 000000013FBDF9AA
Part of subcall function 000000013FBDF900: LoadLibraryExW.KERNEL32 ref: 000000013FBDF9BD
Part of subcall function 000000013FBDF900: FreeLibrary.KERNEL32 ref: 000000013FBDF9F6
Part of subcall function 000000013FBDF900: GetProcAddress.KERNEL32 ref: 000000013FBDFA22

TlsAlloc.KERNEL32(?,?,?,000000013FBDF730), ref: 000000013FBDFBD8

Strings

FlsAlloc, xrefs: 000000013FBDFBB4

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBE3F44, Relevance: 3.2, APIs: 2, Instructions: 186

APIs

Part of subcall function 000000013FBE39B0: GetOEMCP.KERNEL32(?,?,?,?,?,?,FFFFFFFD,000000013FBE3CCD,?,?,?,?,?,?,?,000000013FBE3E75), ref: 000000013FBE39DA
Part of subcall function 000000013FBE39B0: GetACP.KERNEL32(?,?,?,?,?,?,FFFFFFFD,000000013FBE3CCD,?,?,?,?,?,?,?,000000013FBE3E75), ref: 000000013FBE39F1

IsValidCodePage.KERNEL32(?,?,?,00000000,?,00000000,00000001,000000013FBE3D80,?,?,?,?,?,?,?,000000013FBE3E75), ref: 000000013FBE3FBE
GetCPInfo.KERNEL32(?,?,?,00000000,?,00000000,00000001,000000013FBE3D80,?,?,?,?,?,?,?,000000013FBE3E75), ref: 000000013FBE3FD3

Part of subcall function 000000013FBE3AC0: GetCPInfo.KERNEL32 ref: 000000013FBE3AF6

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBCFCAC, Relevance: 3.1, APIs: 2, Instructions: 89

APIs

__scrt_acquire_startup_lock.LIBCMT ref: 000000013FBCFCD7

Part of subcall function 000000013FBD0294: GetStartupInfoW.KERNEL32 ref: 000000013FBD02B0

Part of subcall function 000000013FBCEFA0: GetCommandLineA.KERNEL32 ref: 000000013FBCEFCA

__scrt_is_managed_app.LIBCMT ref: 000000013FBCFDC5

Part of subcall function 000000013FBD02D0: GetModuleHandleW.KERNEL32(?,?,?,?,000000013FBCFDCA), ref: 000000013FBD02D6

Part of subcall function 000000013FBD014C: IsProcessorFeaturePresent.KERNEL32 ref: 000000013FBD0168
Part of subcall function 000000013FBD014C: RtlCaptureContext.KERNEL32 ref: 000000013FBD0191
Part of subcall function 000000013FBD014C: RtlLookupFunctionEntry.KERNEL32 ref: 000000013FBD01AB
Part of subcall function 000000013FBD014C: RtlVirtualUnwind.KERNEL32 ref: 000000013FBD01EC
Part of subcall function 000000013FBD014C: IsDebuggerPresent.KERNEL32 ref: 000000013FBD0240
Part of subcall function 000000013FBD014C: SetUnhandledExceptionFilter.KERNEL32 ref: 000000013FBD0261
Part of subcall function 000000013FBD014C: UnhandledExceptionFilter.KERNEL32 ref: 000000013FBD026C

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBC1B70, Relevance: 3.1, APIs: 2, Instructions: 86

APIs

GetCurrentDirectoryA.KERNEL32 ref: 000000013FBC1BB1
SetFilePointer.KERNEL32 ref: 000000013FBC1C09

Part of subcall function 000000013FBC48F0: CreateFileA.KERNEL32 ref: 000000013FBC496E
Part of subcall function 000000013FBC48F0: SetFilePointer.KERNELBASE ref: 000000013FBC49A3
Part of subcall function 000000013FBC48F0: new.LIBCMT ref: 000000013FBC49BA
Part of subcall function 000000013FBC48F0: SetFilePointer.KERNELBASE ref: 000000013FBC4A0B

Part of subcall function 000000013FBC5060: SetFilePointer.KERNELBASE ref: 000000013FBC50D0

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBD5B8C, Relevance: 3.1, APIs: 2, Instructions: 82

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000013FBD5BBC

Part of subcall function 000000013FBE0A50: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBE0A64

_invalid_parameter_noinfo.LIBCMT ref: 000000013FBD5C58

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBC1C90, Relevance: 3.1, APIs: 2, Instructions: 60

APIs

new.LIBCMT ref: 000000013FBC1CCE

Part of subcall function 000000013FBC1B70: GetCurrentDirectoryA.KERNEL32 ref: 000000013FBC1BB1
Part of subcall function 000000013FBC1B70: SetFilePointer.KERNEL32 ref: 000000013FBC1C09

new.LIBCMT ref: 000000013FBC1D5D

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBE1FEC, Relevance: 3.0, APIs: 2, Instructions: 42

APIs

Part of subcall function 000000013FBE4D50: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBE4DB7

SetFilePointerEx.KERNEL32 ref: 000000013FBE2030
GetLastError.KERNEL32 ref: 000000013FBE203A

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBD7D24, Relevance: 3.0, APIs: 2, Instructions: 35thread

APIs

GetLastError.KERNEL32 ref: 000000013FBD7D36
ExitThread.KERNEL32 ref: 000000013FBD7D3E

Part of subcall function 000000013FBDF5EC: GetLastError.KERNEL32(?,?,?,000000013FBDAA8D,?,?,?,?,000000013FBD096E), ref: 000000013FBDF5F6
Part of subcall function 000000013FBDF5EC: SetLastError.KERNEL32(?,?,?,000000013FBDAA8D,?,?,?,?,000000013FBD096E), ref: 000000013FBDF65E
Part of subcall function 000000013FBDF5EC: SetLastError.KERNEL32(?,?,?,000000013FBDAA8D,?,?,?,?,000000013FBD096E), ref: 000000013FBDF674

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBDB460, Relevance: 2.5, APIs: 2, Instructions: 19LIBRARYCODE

APIs

HeapFree.KERNEL32 ref: 000000013FBDB476
GetLastError.KERNEL32 ref: 000000013FBDB488

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBC5650, Relevance: 1.7, APIs: 1, Instructions: 229

APIs

SetFilePointer.KERNELBASE ref: 000000013FBC569E

Part of subcall function 000000013FBC60A0: ReadFile.KERNEL32 ref: 000000013FBC60DC

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBC5060, Relevance: 1.7, APIs: 1, Instructions: 223

APIs

Part of subcall function 000000013FBC5EF0: SetFilePointer.KERNELBASE(?,?,?,?,?,?,000000013FBC50A8), ref: 000000013FBC5F14
Part of subcall function 000000013FBC5EF0: SetFilePointer.KERNELBASE(?,?,?,?,?,?,000000013FBC50A8), ref: 000000013FBC5F55
Part of subcall function 000000013FBC5EF0: SetFilePointer.KERNELBASE(?,?,?,?,?,?,000000013FBC50A8), ref: 000000013FBC6000

SetFilePointer.KERNELBASE ref: 000000013FBC50D0

Part of subcall function 000000013FBC60A0: ReadFile.KERNEL32 ref: 000000013FBC60DC

Part of subcall function 000000013FBC48B0: CloseHandle.KERNEL32 ref: 000000013FBC48D1

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBC5370, Relevance: 1.7, APIs: 1, Instructions: 205

APIs

SetFilePointer.KERNELBASE(?,?,?,000000013FBC2105), ref: 000000013FBC546B

Part of subcall function 000000013FBC4A40: ReadFile.KERNEL32 ref: 000000013FBC4A7C

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBE1EFC, Relevance: 1.6, APIs: 1, Instructions: 68

APIs

Part of subcall function 000000013FBE1FEC: SetFilePointerEx.KERNEL32 ref: 000000013FBE2030
Part of subcall function 000000013FBE1FEC: GetLastError.KERNEL32 ref: 000000013FBE203A

_invalid_parameter_noinfo.LIBCMT ref: 000000013FBE1FCB

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBE12C4, Relevance: 1.6, APIs: 1, Instructions: 68LIBRARYCODE

APIs

Part of subcall function 000000013FBE13B0: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBE13F5
Part of subcall function 000000013FBE13B0: GetConsoleMode.KERNEL32 ref: 000000013FBE14B8
Part of subcall function 000000013FBE13B0: GetLastError.KERNEL32 ref: 000000013FBE1533
Part of subcall function 000000013FBE13B0: WriteFile.KERNEL32 ref: 000000013FBE15E0
Part of subcall function 000000013FBE13B0: GetLastError.KERNEL32 ref: 000000013FBE15EA

_invalid_parameter_noinfo.LIBCMT ref: 000000013FBE1390

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBEC194, Relevance: 1.6, APIs: 1, Instructions: 64LIBRARYCODE

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000013FBEC1C4

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBDB440, Relevance: 1.6, APIs: 1, Instructions: 60LIBRARYCODE

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000013FBDB39F

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBC60A0, Relevance: 1.6, APIs: 1, Instructions: 58file

APIs

ReadFile.KERNEL32 ref: 000000013FBC60DC

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBCCBF0, Relevance: 1.6, APIs: 1, Instructions: 57

APIs

new.LIBCMT ref: 000000013FBCCC34

Part of subcall function 000000013FBC6BC0: __std_exception_copy.LIBVCRUNTIME ref: 000000013FBC6C4C

Part of subcall function 000000013FBC7440: std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 000000013FBC7457

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBE49A4, Relevance: 1.6, APIs: 1, Instructions: 51

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000013FBE49D8

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBC4A40, Relevance: 1.5, APIs: 1, Instructions: 44file

APIs

ReadFile.KERNEL32 ref: 000000013FBC4A7C

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBD56F8, Relevance: 1.5, APIs: 1, Instructions: 40LIBRARYCODE

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000013FBD5715

Part of subcall function 000000013FBE0A50: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBE0A64

Part of subcall function 000000013FBE08F0: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBE0984

Part of subcall function 000000013FBDB460: HeapFree.KERNEL32 ref: 000000013FBDB476
Part of subcall function 000000013FBDB460: GetLastError.KERNEL32 ref: 000000013FBDB488

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBD9E9C, Relevance: 1.5, APIs: 1, Instructions: 40LIBRARYCODE

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000013FBD9EC7

Part of subcall function 000000013FBDF5EC: GetLastError.KERNEL32(?,?,?,000000013FBDAA8D,?,?,?,?,000000013FBD096E), ref: 000000013FBDF5F6
Part of subcall function 000000013FBDF5EC: SetLastError.KERNEL32(?,?,?,000000013FBDAA8D,?,?,?,?,000000013FBD096E), ref: 000000013FBDF65E
Part of subcall function 000000013FBDF5EC: SetLastError.KERNEL32(?,?,?,000000013FBDAA8D,?,?,?,?,000000013FBD096E), ref: 000000013FBDF674

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBD7F50, Relevance: 1.5, APIs: 1, Instructions: 38

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000013FBD7F69

Part of subcall function 000000013FBDFD9C: GetSystemTimeAsFileTime.KERNEL32(?,?,?,000000013FBD7F88,?,?,00000000,000000013FBD8005), ref: 000000013FBDFDE3

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBCCE40, Relevance: 1.5, APIs: 1, Instructions: 35

APIs

new.LIBCMT ref: 000000013FBCCE91

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBD577C, Relevance: 1.5, APIs: 1, Instructions: 33LIBRARYCODE

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000013FBD57A5

Part of subcall function 000000013FBD56F8: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBD5715

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBDA7FC, Relevance: 1.3, APIs: 1, Instructions: 36LIBRARYCODE

APIs

HeapAlloc.KERNEL32 ref: 000000013FBDA851

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBDB4A0, Relevance: 1.3, APIs: 1, Instructions: 29LIBRARYCODE

APIs

HeapAlloc.KERNEL32 ref: 000000013FBDB4DE

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Non-executed Functions

Function 000000013FBCB640, Relevance: 44.1, APIs: 16, Strings: 9, Instructions: 312window

APIs

Part of subcall function 000000013FBC9000: OpenSCManagerA.ADVAPI32(?,?,?,000000013FBC8DC3), ref: 000000013FBC901E
Part of subcall function 000000013FBC9000: OpenServiceA.ADVAPI32(?,?,?,000000013FBC8DC3), ref: 000000013FBC9037
Part of subcall function 000000013FBC9000: CloseServiceHandle.ADVAPI32(?,?,?,000000013FBC8DC3), ref: 000000013FBC904A
Part of subcall function 000000013FBC9000: CloseServiceHandle.ADVAPI32(?,?,?,000000013FBC8DC3), ref: 000000013FBC9053

OpenSCManagerA.ADVAPI32 ref: 000000013FBCB68C
LoadStringA.USER32 ref: 000000013FBCB6CD
MessageBoxA.USER32 ref: 000000013FBCB73A
OpenServiceA.ADVAPI32 ref: 000000013FBCB75F
CloseServiceHandle.ADVAPI32 ref: 000000013FBCB774

Part of subcall function 000000013FBD061C: EnterCriticalSection.KERNEL32(?,?,?,000000013FBC8631), ref: 000000013FBD063A
Part of subcall function 000000013FBD061C: LeaveCriticalSection.KERNEL32(?,?,?,000000013FBC8631), ref: 000000013FBD0658
Part of subcall function 000000013FBD061C: RaiseException.KERNEL32(?,?,?,000000013FBC8631), ref: 000000013FBD0691

LoadStringA.USER32 ref: 000000013FBCB7A9
ControlService.ADVAPI32 ref: 000000013FBCB821
GetLastError.KERNEL32 ref: 000000013FBCB82F
MessageBoxA.USER32 ref: 000000013FBCB8AE
DeleteService.ADVAPI32 ref: 000000013FBCB8B7
CloseServiceHandle.ADVAPI32 ref: 000000013FBCB8C2
CloseServiceHandle.ADVAPI32 ref: 000000013FBCB8CB

Part of subcall function 000000013FBC8600: LoadStringA.USER32 ref: 000000013FBC8650

MessageBoxA.USER32 ref: 000000013FBCB946

Part of subcall function 000000013FBD5494: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBD54B9

Part of subcall function 000000013FBCB640: RegDeleteValueA.ADVAPI32 ref: 000000013FBCBAAF
Part of subcall function 000000013FBCB640: RegCloseKey.ADVAPI32 ref: 000000013FBCBAFD
Part of subcall function 000000013FBCB640: RegCloseKey.ADVAPI32 ref: 000000013FBCBB10

Strings

{23D22352-DC86-4346-B298-C56CB6A1C99F}, xrefs: 000000013FBCBACB
LocalService, xrefs: 000000013FBCBAA8
APPID, xrefs: 000000013FBCBABC
{23D22352-DC86-4346-B298-C56CB6A1C99F}, xrefs: 000000013FBCBA71
Could not delete service, xrefs: 000000013FBCB8F5
Could not open Service Manager, xrefs: 000000013FBCB6EE
Could not stop service, xrefs: 000000013FBCB863
Could not open service, xrefs: 000000013FBCB7CA
AppID, xrefs: 000000013FBCBA2C

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBCA5F0, Relevance: 42.5, APIs: 18, Strings: 6, Instructions: 482stringregistry

APIs

Part of subcall function 000000013FBC93B0: CharNextA.USER32 ref: 000000013FBC93E8
Part of subcall function 000000013FBC93B0: CharNextA.USER32 ref: 000000013FBC9423
Part of subcall function 000000013FBC93B0: CharNextA.USER32 ref: 000000013FBC9439
Part of subcall function 000000013FBC93B0: CharNextA.USER32 ref: 000000013FBC944C
Part of subcall function 000000013FBC93B0: CharNextA.USER32 ref: 000000013FBC945B
Part of subcall function 000000013FBC93B0: CharNextA.USER32 ref: 000000013FBC94B5
Part of subcall function 000000013FBC93B0: CharNextA.USER32 ref: 000000013FBC94D9

lstrcmpiA.KERNEL32(?,00000000,00000000,0000000100002600,000000013FBCA2B9), ref: 000000013FBCA677
lstrcmpiA.KERNEL32 ref: 000000013FBCA68F
CharNextA.USER32 ref: 000000013FBCA6E4
lstrcmpiA.KERNEL32 ref: 000000013FBCA716

Part of subcall function 000000013FBC9D70: RegEnumKeyExA.ADVAPI32 ref: 000000013FBC9DFE
Part of subcall function 000000013FBC9D70: RegEnumKeyExA.ADVAPI32 ref: 000000013FBC9E57
Part of subcall function 000000013FBC9D70: RegCloseKey.ADVAPI32 ref: 000000013FBC9E6B
Part of subcall function 000000013FBC9D70: RegCloseKey.ADVAPI32 ref: 000000013FBC9E91

lstrcmpiA.KERNEL32 ref: 000000013FBCA786
lstrcmpiA.KERNEL32 ref: 000000013FBCA7B8

Part of subcall function 000000013FBC7EA0: CharNextA.USER32 ref: 000000013FBC7F50
Part of subcall function 000000013FBC7EA0: CharNextA.USER32 ref: 000000013FBC8033
Part of subcall function 000000013FBC7EA0: CharNextA.USER32 ref: 000000013FBC804C
Part of subcall function 000000013FBC7EA0: IsDBCSLeadByte.KERNEL32 ref: 000000013FBC805C
Part of subcall function 000000013FBC7EA0: VarUI4FromStr.OLEAUT32 ref: 000000013FBC818D
Part of subcall function 000000013FBC7EA0: RegSetValueExA.ADVAPI32 ref: 000000013FBC8359
Part of subcall function 000000013FBC7EA0: RegSetValueExA.ADVAPI32 ref: 000000013FBC83AC

Part of subcall function 000000013FBCA5F0: RegDeleteValueA.ADVAPI32 ref: 000000013FBCA87D
Part of subcall function 000000013FBCA5F0: RegCloseKey.ADVAPI32 ref: 000000013FBCA896
Part of subcall function 000000013FBCA5F0: CharNextA.USER32 ref: 000000013FBCA8C4
Part of subcall function 000000013FBCA5F0: GetModuleHandleA.KERNEL32 ref: 000000013FBCA949
Part of subcall function 000000013FBCA5F0: GetProcAddress.KERNEL32 ref: 000000013FBCA966
Part of subcall function 000000013FBCA5F0: RegCreateKeyExA.ADVAPI32 ref: 000000013FBCA9F6
Part of subcall function 000000013FBCA5F0: RegCloseKey.ADVAPI32 ref: 000000013FBCAA0F
Part of subcall function 000000013FBCA5F0: lstrcmpiA.KERNEL32 ref: 000000013FBCAC07
Part of subcall function 000000013FBCA5F0: RegCloseKey.ADVAPI32 ref: 000000013FBCAC5D
Part of subcall function 000000013FBCA5F0: RegCloseKey.ADVAPI32 ref: 000000013FBCACC5
Part of subcall function 000000013FBCA5F0: RegCloseKey.ADVAPI32 ref: 000000013FBCACDF

Part of subcall function 000000013FBC9590: GetModuleHandleA.KERNEL32 ref: 000000013FBC95CD
Part of subcall function 000000013FBC9590: GetProcAddress.KERNEL32 ref: 000000013FBC95E9
Part of subcall function 000000013FBC9590: RegOpenKeyExA.ADVAPI32 ref: 000000013FBC963F
Part of subcall function 000000013FBC9590: RegCloseKey.ADVAPI32 ref: 000000013FBC9651

Part of subcall function 000000013FBCB270: CharNextA.USER32 ref: 000000013FBCB2D0

RegCloseKey.ADVAPI32(?,00000000,00000000,0000000100002600,000000013FBCA2B9), ref: 000000013FBCAD28

Strings

Advapi32.dll, xrefs: 000000013FBCA942
RegCreateKeyTransactedA, xrefs: 000000013FBCA95C
ForceRemove, xrefs: 000000013FBCA685
Val, xrefs: 000000013FBCA7AE
Delete, xrefs: 000000013FBCA66D
NoRemove, xrefs: 000000013FBCA77C

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBC8DA0, Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 140window

APIs

Part of subcall function 000000013FBC9000: OpenSCManagerA.ADVAPI32(?,?,?,000000013FBC8DC3), ref: 000000013FBC901E
Part of subcall function 000000013FBC9000: OpenServiceA.ADVAPI32(?,?,?,000000013FBC8DC3), ref: 000000013FBC9037
Part of subcall function 000000013FBC9000: CloseServiceHandle.ADVAPI32(?,?,?,000000013FBC8DC3), ref: 000000013FBC904A
Part of subcall function 000000013FBC9000: CloseServiceHandle.ADVAPI32(?,?,?,000000013FBC8DC3), ref: 000000013FBC9053

GetModuleFileNameA.KERNEL32 ref: 000000013FBC8DDE
OpenSCManagerA.ADVAPI32 ref: 000000013FBC8E29
CreateServiceA.ADVAPI32 ref: 000000013FBC8F29
CloseServiceHandle.ADVAPI32 ref: 000000013FBC8F37

Part of subcall function 000000013FBC8600: LoadStringA.USER32 ref: 000000013FBC8650

MessageBoxA.USER32 ref: 000000013FBC8EA9

Part of subcall function 000000013FBD5494: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBD54B9

CloseServiceHandle.ADVAPI32 ref: 000000013FBC8F98
CloseServiceHandle.ADVAPI32 ref: 000000013FBC8FA1

Strings

Could not start service, xrefs: 000000013FBC8F59
RPCSS, xrefs: 000000013FBC8ED4
Could not open Service Manager, xrefs: 000000013FBC8E57
", xrefs: 000000013FBC8E02

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBEA388, Relevance: 18.8, APIs: 6, Strings: 4, Instructions: 1323

APIs

fegetenv.LIBCMT ref: 000000013FBEA3D1

Part of subcall function 000000013FBED2B8: fegetenv.LIBCMT ref: 000000013FBED2D0

_invalid_parameter_noinfo.LIBCMT ref: 000000013FBEAA4A
_invalid_parameter_noinfo.LIBCMT ref: 000000013FBEAC0D
_invalid_parameter_noinfo.LIBCMT ref: 000000013FBEAE1D
_invalid_parameter_noinfo.LIBCMT ref: 000000013FBEB0AC
_invalid_parameter_noinfo.LIBCMT ref: 000000013FBEB2A6

Part of subcall function 000000013FBDBAB0: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBDBAE2

Part of subcall function 000000013FBD5494: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBD54B9

Part of subcall function 000000013FBD516C: GetCurrentProcess.KERNEL32(000000013FBD52DD), ref: 000000013FBD5199

Part of subcall function 000000013FBED26C: fegetenv.LIBCMT ref: 000000013FBED293

Strings

1#QNAN, xrefs: 000000013FBEB620
1#SNAN, xrefs: 000000013FBEB601
1#IND, xrefs: 000000013FBEB5E2
1#INF, xrefs: 000000013FBEB63F

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBC7EA0, Relevance: 10.9, APIs: 7, Instructions: 367registry

APIs

Part of subcall function 000000013FBC93B0: CharNextA.USER32 ref: 000000013FBC93E8
Part of subcall function 000000013FBC93B0: CharNextA.USER32 ref: 000000013FBC9423
Part of subcall function 000000013FBC93B0: CharNextA.USER32 ref: 000000013FBC9439
Part of subcall function 000000013FBC93B0: CharNextA.USER32 ref: 000000013FBC944C
Part of subcall function 000000013FBC93B0: CharNextA.USER32 ref: 000000013FBC945B
Part of subcall function 000000013FBC93B0: CharNextA.USER32 ref: 000000013FBC94B5
Part of subcall function 000000013FBC93B0: CharNextA.USER32 ref: 000000013FBC94D9

Part of subcall function 000000013FBCC3D0: lstrcmpiA.KERNEL32 ref: 000000013FBCC427

CharNextA.USER32 ref: 000000013FBC7F50
CharNextA.USER32 ref: 000000013FBC8033
CharNextA.USER32 ref: 000000013FBC804C
IsDBCSLeadByte.KERNEL32 ref: 000000013FBC805C

Part of subcall function 000000013FBCB210: RegSetValueExA.ADVAPI32 ref: 000000013FBCB264

Part of subcall function 000000013FBC8500: MultiByteToWideChar.KERNEL32 ref: 000000013FBC8535

VarUI4FromStr.OLEAUT32 ref: 000000013FBC818D

Part of subcall function 000000013FBCB1D0: RegSetValueExA.ADVAPI32 ref: 000000013FBCB1F7

RegSetValueExA.ADVAPI32 ref: 000000013FBC8359
RegSetValueExA.ADVAPI32 ref: 000000013FBC83AC

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBD014C, Relevance: 10.6, APIs: 7, Instructions: 70

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 000000013FBD0168
RtlCaptureContext.KERNEL32 ref: 000000013FBD0191
RtlLookupFunctionEntry.KERNEL32 ref: 000000013FBD01AB
RtlVirtualUnwind.KERNEL32 ref: 000000013FBD01EC
IsDebuggerPresent.KERNEL32 ref: 000000013FBD0240
SetUnhandledExceptionFilter.KERNEL32 ref: 000000013FBD0261
UnhandledExceptionFilter.KERNEL32 ref: 000000013FBD026C

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBE6B68, Relevance: 9.2, APIs: 6, Instructions: 208LIBRARYCODE

APIs

Part of subcall function 000000013FBDF5EC: GetLastError.KERNEL32(?,?,?,000000013FBDAA8D,?,?,?,?,000000013FBD096E), ref: 000000013FBDF5F6
Part of subcall function 000000013FBDF5EC: SetLastError.KERNEL32(?,?,?,000000013FBDAA8D,?,?,?,?,000000013FBD096E), ref: 000000013FBDF65E
Part of subcall function 000000013FBDF5EC: SetLastError.KERNEL32(?,?,?,000000013FBDAA8D,?,?,?,?,000000013FBD096E), ref: 000000013FBDF674

TranslateName.LIBCMT ref: 000000013FBE6BD2
TranslateName.LIBCMT ref: 000000013FBE6C0D

Part of subcall function 000000013FBE69B0: GetACP.KERNEL32(?,?,000000A0,000000013FBE6C4E,?,?,?,00000000,?,000000013FBD9BE4), ref: 000000013FBE6A4E

IsValidCodePage.KERNEL32(?,?,?,00000000,?,000000013FBD9BE4), ref: 000000013FBE6C6A

Part of subcall function 000000013FBE47D8: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBE4803

Part of subcall function 000000013FBDFD04: GetLocaleInfoW.KERNEL32(?,?,00000000,000000013FBD9C6B), ref: 000000013FBDFD7B

wcschr.LIBVCRUNTIME ref: 000000013FBE6CFD
wcschr.LIBVCRUNTIME ref: 000000013FBE6D0D

Part of subcall function 000000013FBD516C: GetCurrentProcess.KERNEL32(000000013FBD52DD), ref: 000000013FBD5199

GetLocaleInfoW.KERNEL32 ref: 000000013FBE6DF5

Part of subcall function 000000013FBE92C0: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBE92E7
Part of subcall function 000000013FBE92C0: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBE9385

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBE7554, Relevance: 9.2, APIs: 6, Instructions: 174LIBRARYCODE

APIs

Part of subcall function 000000013FBDF5EC: GetLastError.KERNEL32(?,?,?,000000013FBDAA8D,?,?,?,?,000000013FBD096E), ref: 000000013FBDF5F6
Part of subcall function 000000013FBDF5EC: SetLastError.KERNEL32(?,?,?,000000013FBDAA8D,?,?,?,?,000000013FBD096E), ref: 000000013FBDF65E
Part of subcall function 000000013FBDF5EC: SetLastError.KERNEL32(?,?,?,000000013FBDAA8D,?,?,?,?,000000013FBD096E), ref: 000000013FBDF674

Part of subcall function 000000013FBE6F44: EnumSystemLocalesW.KERNEL32(?,?,?,000000013FBE7613,?,00000000,?,00000000,00000001,00000000,?,000000013FBD9BDD), ref: 000000013FBE6FC4

Part of subcall function 000000013FBE6E74: EnumSystemLocalesW.KERNEL32(?,?,?,000000013FBE7657,?,00000000,?,00000000,00000001,00000000,?,000000013FBD9BDD), ref: 000000013FBE6F12

EnumSystemLocalesW.KERNEL32(?,00000000,?,00000000,00000001,00000000,?,000000013FBD9BDD), ref: 000000013FBE76AB
GetUserDefaultLCID.KERNEL32(?,00000000,?,00000000), ref: 000000013FBE76C4

Part of subcall function 000000013FBE736C: GetLocaleInfoW.KERNEL32(?,?,?,?,?,?,?,000000013FBE76F3), ref: 000000013FBE73C1
Part of subcall function 000000013FBE736C: GetLocaleInfoW.KERNEL32(?,?,?,?,?,?,?,000000013FBE76F3), ref: 000000013FBE73EE
Part of subcall function 000000013FBE736C: GetACP.KERNEL32(?,?,?,?,?,?,?,000000013FBE76F3), ref: 000000013FBE7404

IsValidCodePage.KERNEL32 ref: 000000013FBE770F
IsValidLocale.KERNEL32 ref: 000000013FBE7725
GetLocaleInfoW.KERNEL32 ref: 000000013FBE7781
GetLocaleInfoW.KERNEL32 ref: 000000013FBE779D

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBD4F10, Relevance: 9.1, APIs: 6, Instructions: 83LIBRARYCODE

APIs

RtlCaptureContext.KERNEL32 ref: 000000013FBD4F89
RtlLookupFunctionEntry.KERNEL32 ref: 000000013FBD4FA1
RtlVirtualUnwind.KERNEL32 ref: 000000013FBD4FDC
IsDebuggerPresent.KERNEL32 ref: 000000013FBD5015
SetUnhandledExceptionFilter.KERNEL32 ref: 000000013FBD501F
UnhandledExceptionFilter.KERNEL32 ref: 000000013FBD502A

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBE736C, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50LIBRARYCODE

APIs

GetLocaleInfoW.KERNEL32(?,?,?,?,?,?,?,000000013FBE76F3), ref: 000000013FBE73C1
GetLocaleInfoW.KERNEL32(?,?,?,?,?,?,?,000000013FBE76F3), ref: 000000013FBE73EE
GetACP.KERNEL32(?,?,?,?,?,?,?,000000013FBE76F3), ref: 000000013FBE7404

Strings

OCP, xrefs: 000000013FBE739D
ACP, xrefs: 000000013FBE738D

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBE31C8, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000013FBE31F8

Part of subcall function 000000013FBE9688: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBE96B3

Part of subcall function 000000013FBDB460: HeapFree.KERNEL32 ref: 000000013FBDB476
Part of subcall function 000000013FBDB460: GetLastError.KERNEL32 ref: 000000013FBDB488

Part of subcall function 000000013FBD516C: GetCurrentProcess.KERNEL32(000000013FBD52DD), ref: 000000013FBD5199

Part of subcall function 000000013FBE33D4: FindFirstFileExA.KERNEL32 ref: 000000013FBE35B4

Strings

., xrefs: 000000013FBE3618
*?, xrefs: 000000013FBE321F

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBE6FDC, Relevance: 4.7, APIs: 3, Instructions: 165

APIs

Part of subcall function 000000013FBDF5EC: GetLastError.KERNEL32(?,?,?,000000013FBDAA8D,?,?,?,?,000000013FBD096E), ref: 000000013FBDF5F6
Part of subcall function 000000013FBDF5EC: SetLastError.KERNEL32(?,?,?,000000013FBDAA8D,?,?,?,?,000000013FBD096E), ref: 000000013FBDF65E
Part of subcall function 000000013FBDF5EC: SetLastError.KERNEL32(?,?,?,000000013FBDAA8D,?,?,?,?,000000013FBD096E), ref: 000000013FBDF674

GetLocaleInfoW.KERNEL32 ref: 000000013FBE7049

Part of subcall function 000000013FBE92C0: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBE92E7
Part of subcall function 000000013FBE92C0: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBE9385

GetLocaleInfoW.KERNEL32 ref: 000000013FBE709B

Part of subcall function 000000013FBEBDA4: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBEBDD0
Part of subcall function 000000013FBEBDA4: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBEBE81

GetLocaleInfoW.KERNEL32 ref: 000000013FBE7160

Part of subcall function 000000013FBE741C: GetLocaleInfoW.KERNEL32(?,?,?,000000013FBE71DC), ref: 000000013FBE7453

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBCF114, Relevance: 4.5, APIs: 3, Instructions: 13LIBRARYCODE

APIs

SetUnhandledExceptionFilter.KERNEL32 ref: 000000013FBCF11F
UnhandledExceptionFilter.KERNEL32 ref: 000000013FBCF128
GetCurrentProcess.KERNEL32(?,?,?,000000013FBCF2C6,?,?,?,?,000000013FBCF22A,?,?,?,?,000000013FBC148A), ref: 000000013FBCF12E

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBE33D4, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97

APIs

Part of subcall function 000000013FBDA7FC: HeapAlloc.KERNEL32 ref: 000000013FBDA851

Part of subcall function 000000013FBE9688: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBE96B3

Part of subcall function 000000013FBD516C: GetCurrentProcess.KERNEL32(000000013FBD52DD), ref: 000000013FBD5199

FindFirstFileExA.KERNEL32 ref: 000000013FBE35B4

Strings

., xrefs: 000000013FBE3618

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBDFD04, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42LIBRARYCODE

APIs

Part of subcall function 000000013FBDF900: LoadLibraryExW.KERNELBASE ref: 000000013FBDF99C
Part of subcall function 000000013FBDF900: GetLastError.KERNEL32 ref: 000000013FBDF9AA
Part of subcall function 000000013FBDF900: LoadLibraryExW.KERNEL32 ref: 000000013FBDF9BD
Part of subcall function 000000013FBDF900: FreeLibrary.KERNEL32 ref: 000000013FBDF9F6
Part of subcall function 000000013FBDF900: GetProcAddress.KERNEL32 ref: 000000013FBDFA22

GetLocaleInfoW.KERNEL32(?,?,00000000,000000013FBD9C6B), ref: 000000013FBDFD7B

Strings

GetLocaleInfoEx, xrefs: 000000013FBDFD36

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBE8B6C, Relevance: 3.2, APIs: 2, Instructions: 227LIBRARYCODE

APIs

_clrfp.LIBCMT ref: 000000013FBE8DB9
RaiseException.KERNEL32 ref: 000000013FBE8DCA

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBDAAE8, Relevance: 1.8, APIs: 1, Instructions: 339

APIs

Part of subcall function 000000013FBDA7FC: HeapAlloc.KERNEL32 ref: 000000013FBDA851

Part of subcall function 000000013FBDB460: HeapFree.KERNEL32 ref: 000000013FBDB476
Part of subcall function 000000013FBDB460: GetLastError.KERNEL32 ref: 000000013FBDB488

GetCPInfo.KERNEL32 ref: 000000013FBDAC32

Part of subcall function 000000013FBE5D3C: MultiByteToWideChar.KERNEL32 ref: 000000013FBE5DAF
Part of subcall function 000000013FBE5D3C: MultiByteToWideChar.KERNEL32 ref: 000000013FBE5E78
Part of subcall function 000000013FBE5D3C: GetStringTypeW.KERNEL32 ref: 000000013FBE5E92

Part of subcall function 000000013FBE7A94: GetLastError.KERNEL32 ref: 000000013FBE7B39

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBD9A38, Relevance: 1.8, APIs: 1, Instructions: 287LIBRARYCODE

APIs

Part of subcall function 000000013FBDF5EC: GetLastError.KERNEL32(?,?,?,000000013FBDAA8D,?,?,?,?,000000013FBD096E), ref: 000000013FBDF5F6
Part of subcall function 000000013FBDF5EC: SetLastError.KERNEL32(?,?,?,000000013FBDAA8D,?,?,?,?,000000013FBD096E), ref: 000000013FBDF65E
Part of subcall function 000000013FBDF5EC: SetLastError.KERNEL32(?,?,?,000000013FBDAA8D,?,?,?,?,000000013FBD096E), ref: 000000013FBDF674

Part of subcall function 000000013FBE47D8: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBE4803

Part of subcall function 000000013FBE6B68: TranslateName.LIBCMT ref: 000000013FBE6BD2
Part of subcall function 000000013FBE6B68: TranslateName.LIBCMT ref: 000000013FBE6C0D
Part of subcall function 000000013FBE6B68: IsValidCodePage.KERNEL32(?,?,?,00000000,?,000000013FBD9BE4), ref: 000000013FBE6C6A
Part of subcall function 000000013FBE6B68: wcschr.LIBVCRUNTIME ref: 000000013FBE6CFD
Part of subcall function 000000013FBE6B68: wcschr.LIBVCRUNTIME ref: 000000013FBE6D0D
Part of subcall function 000000013FBE6B68: GetLocaleInfoW.KERNEL32 ref: 000000013FBE6DF5

Part of subcall function 000000013FBE7554: EnumSystemLocalesW.KERNEL32(?,00000000,?,00000000,00000001,00000000,?,000000013FBD9BDD), ref: 000000013FBE76AB
Part of subcall function 000000013FBE7554: GetUserDefaultLCID.KERNEL32(?,00000000,?,00000000), ref: 000000013FBE76C4
Part of subcall function 000000013FBE7554: IsValidCodePage.KERNEL32 ref: 000000013FBE770F
Part of subcall function 000000013FBE7554: IsValidLocale.KERNEL32 ref: 000000013FBE7725
Part of subcall function 000000013FBE7554: GetLocaleInfoW.KERNEL32 ref: 000000013FBE7781
Part of subcall function 000000013FBE7554: GetLocaleInfoW.KERNEL32 ref: 000000013FBE779D

Part of subcall function 000000013FBDFEE0: IsValidLocale.KERNEL32(?,?,00000000,000000013FBD9C4B), ref: 000000013FBDFF35

Part of subcall function 000000013FBDFD04: GetLocaleInfoW.KERNEL32(?,?,00000000,000000013FBD9C6B), ref: 000000013FBDFD7B

GetACP.KERNEL32 ref: 000000013FBD9C77

Part of subcall function 000000013FBDE0A8: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBDE0CE

Part of subcall function 000000013FBD516C: GetCurrentProcess.KERNEL32(000000013FBD52DD), ref: 000000013FBD5199

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBE7220, Relevance: 1.6, APIs: 1, Instructions: 69

APIs

Part of subcall function 000000013FBDF5EC: GetLastError.KERNEL32(?,?,?,000000013FBDAA8D,?,?,?,?,000000013FBD096E), ref: 000000013FBDF5F6
Part of subcall function 000000013FBDF5EC: SetLastError.KERNEL32(?,?,?,000000013FBDAA8D,?,?,?,?,000000013FBD096E), ref: 000000013FBDF65E
Part of subcall function 000000013FBDF5EC: SetLastError.KERNEL32(?,?,?,000000013FBDAA8D,?,?,?,?,000000013FBD096E), ref: 000000013FBDF674

GetLocaleInfoW.KERNEL32 ref: 000000013FBE7289

Part of subcall function 000000013FBE92C0: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBE92E7
Part of subcall function 000000013FBE92C0: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBE9385

Part of subcall function 000000013FBE741C: GetLocaleInfoW.KERNEL32(?,?,?,000000013FBE71DC), ref: 000000013FBE7453

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBE6E74, Relevance: 1.6, APIs: 1, Instructions: 61LIBRARYCODE

APIs

Part of subcall function 000000013FBDF5EC: GetLastError.KERNEL32(?,?,?,000000013FBDAA8D,?,?,?,?,000000013FBD096E), ref: 000000013FBDF5F6
Part of subcall function 000000013FBDF5EC: SetLastError.KERNEL32(?,?,?,000000013FBDAA8D,?,?,?,?,000000013FBD096E), ref: 000000013FBDF65E
Part of subcall function 000000013FBDF5EC: SetLastError.KERNEL32(?,?,?,000000013FBDAA8D,?,?,?,?,000000013FBD096E), ref: 000000013FBDF674

EnumSystemLocalesW.KERNEL32(?,?,?,000000013FBE7657,?,00000000,?,00000000,00000001,00000000,?,000000013FBD9BDD), ref: 000000013FBE6F12

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBE741C, Relevance: 1.6, APIs: 1, Instructions: 50

APIs

Part of subcall function 000000013FBDF5EC: GetLastError.KERNEL32(?,?,?,000000013FBDAA8D,?,?,?,?,000000013FBD096E), ref: 000000013FBDF5F6
Part of subcall function 000000013FBDF5EC: SetLastError.KERNEL32(?,?,?,000000013FBDAA8D,?,?,?,?,000000013FBD096E), ref: 000000013FBDF65E
Part of subcall function 000000013FBDF5EC: SetLastError.KERNEL32(?,?,?,000000013FBDAA8D,?,?,?,?,000000013FBD096E), ref: 000000013FBDF674

GetLocaleInfoW.KERNEL32(?,?,?,000000013FBE71DC), ref: 000000013FBE7453

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBE6F44, Relevance: 1.5, APIs: 1, Instructions: 42LIBRARYCODE

APIs

Part of subcall function 000000013FBDF5EC: GetLastError.KERNEL32(?,?,?,000000013FBDAA8D,?,?,?,?,000000013FBD096E), ref: 000000013FBDF5F6
Part of subcall function 000000013FBDF5EC: SetLastError.KERNEL32(?,?,?,000000013FBDAA8D,?,?,?,?,000000013FBD096E), ref: 000000013FBDF65E
Part of subcall function 000000013FBDF5EC: SetLastError.KERNEL32(?,?,?,000000013FBDAA8D,?,?,?,?,000000013FBD096E), ref: 000000013FBDF674

EnumSystemLocalesW.KERNEL32(?,?,?,000000013FBE7613,?,00000000,?,00000000,00000001,00000000,?,000000013FBD9BDD), ref: 000000013FBE6FC4

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBDF868, Relevance: 1.5, APIs: 1, Instructions: 42LIBRARYCODE

APIs

EnumSystemLocalesW.KERNEL32(?,?,00000000,000000013FBDFB7D,?,?,?,?,?,?,00000000,000000013FBE6446), ref: 000000013FBDF8BC

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBD715C, Relevance: 1.4, Strings: 1, Instructions: 199

Strings

0, xrefs: 000000013FBD72F6

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBD8CA8, Relevance: 1.4, Strings: 1, Instructions: 139

Strings

@, xrefs: 000000013FBD8CE4

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBE7A94, Relevance: 1.4, APIs: 1, Instructions: 137

APIs

GetLastError.KERNEL32 ref: 000000013FBE7B39

Part of subcall function 000000013FBE9688: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBE96B3

Part of subcall function 000000013FBDB460: HeapFree.KERNEL32 ref: 000000013FBDB476
Part of subcall function 000000013FBDB460: GetLastError.KERNEL32 ref: 000000013FBDB488

Part of subcall function 000000013FBDFD04: GetLocaleInfoW.KERNEL32(?,?,00000000,000000013FBD9C6B), ref: 000000013FBDFD7B

Part of subcall function 000000013FBD516C: GetCurrentProcess.KERNEL32(000000013FBD52DD), ref: 000000013FBD5199

Part of subcall function 000000013FBDA7FC: HeapAlloc.KERNEL32 ref: 000000013FBDA851

Part of subcall function 000000013FBE78F4: WideCharToMultiByte.KERNEL32 ref: 000000013FBE7A36

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBD9754, Relevance: 1.4, Strings: 1, Instructions: 128LIBRARYCODE

Strings

_.,, xrefs: 000000013FBD97C9

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBDBB89, Relevance: .5, Instructions: 537

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBDB5E0, Relevance: .3, Instructions: 340

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBE4ED4, Relevance: .3, Instructions: 338

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBE6510, Relevance: .3, Instructions: 329

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBEC274, Relevance: .2, Instructions: 194LIBRARYCODE

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBC4AE0, Relevance: .1, Instructions: 95

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBD0324, Relevance: .0, Instructions: 2

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBC9A00, Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 232

APIs

CoTaskMemAlloc.OLE32 ref: 000000013FBC9A8D
CharNextA.USER32 ref: 000000013FBC9C95

Part of subcall function 000000013FBD4E0C: strstr.LIBVCRUNTIME ref: 000000013FBD4E43
Part of subcall function 000000013FBD4E0C: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBD4E60

CharNextA.USER32 ref: 000000013FBC9AFA
CharNextA.USER32 ref: 000000013FBC9B06
CharNextA.USER32 ref: 000000013FBC9B12
CharNextA.USER32 ref: 000000013FBC9B1E
CharNextA.USER32 ref: 000000013FBC9B59
CharNextA.USER32 ref: 000000013FBC9B6C
CharNextA.USER32 ref: 000000013FBC9B7B
CharNextA.USER32 ref: 000000013FBC9BE8

Part of subcall function 000000013FBCB530: CharNextA.USER32 ref: 000000013FBCB55C

Part of subcall function 000000013FBCB590: EnterCriticalSection.KERNEL32 ref: 000000013FBCB5B2
Part of subcall function 000000013FBCB590: lstrcmpiA.KERNEL32 ref: 000000013FBCB5CE
Part of subcall function 000000013FBCB590: LeaveCriticalSection.KERNEL32 ref: 000000013FBCB5E7
Part of subcall function 000000013FBCB590: RaiseException.KERNEL32 ref: 000000013FBCB633
Part of subcall function 000000013FBCB590: OpenSCManagerA.ADVAPI32 ref: 000000013FBCB68C
Part of subcall function 000000013FBCB590: LoadStringA.USER32 ref: 000000013FBCB6CD
Part of subcall function 000000013FBCB590: MessageBoxA.USER32 ref: 000000013FBCB73A
Part of subcall function 000000013FBCB590: OpenServiceA.ADVAPI32 ref: 000000013FBCB75F
Part of subcall function 000000013FBCB590: CloseServiceHandle.ADVAPI32 ref: 000000013FBCB774
Part of subcall function 000000013FBCB590: LoadStringA.USER32 ref: 000000013FBCB7A9
Part of subcall function 000000013FBCB590: ControlService.ADVAPI32 ref: 000000013FBCB821
Part of subcall function 000000013FBCB590: GetLastError.KERNEL32 ref: 000000013FBCB82F
Part of subcall function 000000013FBCB590: MessageBoxA.USER32 ref: 000000013FBCB8AE
Part of subcall function 000000013FBCB590: DeleteService.ADVAPI32 ref: 000000013FBCB8B7
Part of subcall function 000000013FBCB590: CloseServiceHandle.ADVAPI32 ref: 000000013FBCB8C2
Part of subcall function 000000013FBCB590: CloseServiceHandle.ADVAPI32 ref: 000000013FBCB8CB
Part of subcall function 000000013FBCB590: MessageBoxA.USER32 ref: 000000013FBCB946
Part of subcall function 000000013FBCB590: RegDeleteValueA.ADVAPI32 ref: 000000013FBCBAAF
Part of subcall function 000000013FBCB590: RegCloseKey.ADVAPI32 ref: 000000013FBCBAFD
Part of subcall function 000000013FBCB590: RegCloseKey.ADVAPI32 ref: 000000013FBCBB10

CharNextA.USER32 ref: 000000013FBC9CA5

Part of subcall function 000000013FBC8430: CoTaskMemRealloc.OLE32(?,?,?,000000013FBC7E47), ref: 000000013FBC8485

CharNextA.USER32 ref: 000000013FBC9CC4
CoTaskMemFree.OLE32 ref: 000000013FBC9D26

Strings

}}, xrefs: 000000013FBC9BBD
HKCU{Software{Classes, xrefs: 000000013FBC9B27
HKCR, xrefs: 000000013FBC9ADE

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBCBE90, Relevance: 24.9, APIs: 11, Strings: 3, Instructions: 367

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 000000013FBCBF05
GetLastError.KERNEL32 ref: 000000013FBCBF0F
EnterCriticalSection.KERNEL32 ref: 000000013FBCBF30
LeaveCriticalSection.KERNEL32 ref: 000000013FBCBF43
DeleteCriticalSection.KERNEL32 ref: 000000013FBCBF57
EnterCriticalSection.KERNEL32 ref: 000000013FBCBFD8

Part of subcall function 000000013FBC87B0: RaiseException.KERNEL32(?,?,?,000000013FBC73DA), ref: 000000013FBC885D
Part of subcall function 000000013FBC87B0: RaiseException.KERNEL32(?,?,?,000000013FBC73DA), ref: 000000013FBC8873
Part of subcall function 000000013FBC87B0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,000000013FBC73DA), ref: 000000013FBC8894
Part of subcall function 000000013FBC87B0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,000000013FBC73DA), ref: 000000013FBC88A8

LeaveCriticalSection.KERNEL32 ref: 000000013FBCBFEB
DeleteCriticalSection.KERNEL32 ref: 000000013FBCBFFF
GetModuleFileNameA.KERNEL32 ref: 000000013FBCC04C
_invalid_parameter_noinfo.LIBCMT ref: 000000013FBCC2E8

Part of subcall function 000000013FBC85D0: GetLastError.KERNEL32 ref: 000000013FBC85D4

Part of subcall function 000000013FBC8500: MultiByteToWideChar.KERNEL32 ref: 000000013FBC8535

Part of subcall function 000000013FBC73B0: EnterCriticalSection.KERNEL32 ref: 000000013FBC73CB
Part of subcall function 000000013FBC73B0: LeaveCriticalSection.KERNEL32 ref: 000000013FBC73DE
Part of subcall function 000000013FBC73B0: DeleteCriticalSection.KERNEL32 ref: 000000013FBC73F2

GetModuleHandleA.KERNEL32 ref: 000000013FBCC1EF

Part of subcall function 000000013FBC7B80: EnterCriticalSection.KERNEL32 ref: 000000013FBC7BD4
Part of subcall function 000000013FBC7B80: LeaveCriticalSection.KERNEL32 ref: 000000013FBC7CB6

Strings

Module, xrefs: 000000013FBCC29B
REGISTRY, xrefs: 000000013FBCC360
Module_Raw, xrefs: 000000013FBCC31C

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBD2DE0, Relevance: 24.8, APIs: 11, Strings: 3, Instructions: 332LIBRARYCODE

APIs

_GetEstablisherFrame.LIBVCRUNTIME ref: 000000013FBD2E3C

Part of subcall function 000000013FBD1F28: RtlLookupFunctionEntry.KERNEL32 ref: 000000013FBD1F8A

__GetUnwindTryBlock.LIBVCRUNTIME ref: 000000013FBD2E4A

Part of subcall function 000000013FBD4AF8: _GetEstablisherFrame.LIBVCRUNTIME ref: 000000013FBD4B06

__SetUnwindTryBlock.LIBVCRUNTIME ref: 000000013FBD2E71

Part of subcall function 000000013FBD4B30: _GetEstablisherFrame.LIBVCRUNTIME ref: 000000013FBD4B45

__GetUnwindTryBlock.LIBVCRUNTIME ref: 000000013FBD2E7B
IsInExceptionSpec.LIBVCRUNTIME ref: 000000013FBD2F4C
_GetRangeOfTrysToCheck.LIBVCRUNTIME ref: 000000013FBD3017
__TypeMatch.LIBVCRUNTIME ref: 000000013FBD30A8

Part of subcall function 000000013FBD2C94: _GetEstablisherFrame.LIBVCRUNTIME ref: 000000013FBD2CCC
Part of subcall function 000000013FBD2C94: _UnwindNestedFrames.LIBVCRUNTIME ref: 000000013FBD2D37

_ExecutionInCatch.LIBVCRUNTIME ref: 000000013FBD317B
IsInExceptionSpec.LIBVCRUNTIME ref: 000000013FBD31AB

Part of subcall function 000000013FBD351C: __TypeMatch.LIBVCRUNTIME ref: 000000013FBD35AA

_GetEstablisherFrame.LIBVCRUNTIME ref: 000000013FBD31C1
_UnwindNestedFrames.LIBVCRUNTIME ref: 000000013FBD31EE

Part of subcall function 000000013FBD23C0: RtlUnwindEx.KERNEL32 ref: 000000013FBD24C3

Part of subcall function 000000013FBD32B0: EncodePointer.KERNEL32(?,000000013FBD2551,?,?,?,?,?,?,?,000000013FBCFAB0), ref: 000000013FBD32FF
Part of subcall function 000000013FBD32B0: _GetRangeOfTrysToCheck.LIBVCRUNTIME ref: 000000013FBD338D

Part of subcall function 000000013FBD4118: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000013FBD0917), ref: 000000013FBD4195
Part of subcall function 000000013FBD4118: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000013FBD0917), ref: 000000013FBD41D4

Strings

csm, xrefs: 000000013FBD2F00
csm, xrefs: 000000013FBD2E94
csm, xrefs: 000000013FBD2FC2

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBE879C, Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 197LIBRARYCODE

APIs

Part of subcall function 000000013FBEC068: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBEC086
Part of subcall function 000000013FBEC068: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBEC109

_invalid_parameter_noinfo.LIBCMT ref: 000000013FBE8A24

Strings

, xrefs: 000000013FBE87D1
UTF-8, xrefs: 000000013FBE89A9
, xrefs: 000000013FBE8A0F
a, xrefs: 000000013FBE87D6
UTF-16LEUNICODE, xrefs: 000000013FBE89CC
w, xrefs: 000000013FBE87E0
, xrefs: 000000013FBE8991
, xrefs: 000000013FBE894F
r, xrefs: 000000013FBE87DB
=, xrefs: 000000013FBE8996
ccs, xrefs: 000000013FBE8971
, xrefs: 000000013FBE899E

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBCF740, Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 81library

APIs

Part of subcall function 000000013FBD476C: try_get_function.LIBVCRUNTIME ref: 000000013FBD47A2
Part of subcall function 000000013FBD476C: InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,?,000000013FBD4D08,?,?,00000001,000000013FBD43FF,?,?,?,?,000000013FBCF4FB), ref: 000000013FBD47C8

GetModuleHandleW.KERNEL32 ref: 000000013FBCF76A
GetProcAddress.KERNEL32 ref: 000000013FBCF786
GetProcAddress.KERNEL32 ref: 000000013FBCF799
GetProcAddress.KERNEL32 ref: 000000013FBCF7AC
CreateEventW.KERNEL32 ref: 000000013FBCF834

Part of subcall function 000000013FBD014C: IsProcessorFeaturePresent.KERNEL32 ref: 000000013FBD0168
Part of subcall function 000000013FBD014C: RtlCaptureContext.KERNEL32 ref: 000000013FBD0191
Part of subcall function 000000013FBD014C: RtlLookupFunctionEntry.KERNEL32 ref: 000000013FBD01AB
Part of subcall function 000000013FBD014C: RtlVirtualUnwind.KERNEL32 ref: 000000013FBD01EC
Part of subcall function 000000013FBD014C: IsDebuggerPresent.KERNEL32 ref: 000000013FBD0240
Part of subcall function 000000013FBD014C: SetUnhandledExceptionFilter.KERNEL32 ref: 000000013FBD0261
Part of subcall function 000000013FBD014C: UnhandledExceptionFilter.KERNEL32 ref: 000000013FBD026C

DeleteCriticalSection.KERNEL32 ref: 000000013FBCF86B
CloseHandle.KERNEL32 ref: 000000013FBCF87D

Strings

SleepConditionVariableCS, xrefs: 000000013FBCF78C
InitializeConditionVariable, xrefs: 000000013FBCF77C
kernel32.dll, xrefs: 000000013FBCF763
WakeAllConditionVariable, xrefs: 000000013FBCF79F

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBC9F70, Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 106registry

APIs

Part of subcall function 000000013FBCB640: OpenSCManagerA.ADVAPI32 ref: 000000013FBCB68C
Part of subcall function 000000013FBCB640: LoadStringA.USER32 ref: 000000013FBCB6CD
Part of subcall function 000000013FBCB640: MessageBoxA.USER32 ref: 000000013FBCB73A
Part of subcall function 000000013FBCB640: OpenServiceA.ADVAPI32 ref: 000000013FBCB75F
Part of subcall function 000000013FBCB640: CloseServiceHandle.ADVAPI32 ref: 000000013FBCB774
Part of subcall function 000000013FBCB640: LoadStringA.USER32 ref: 000000013FBCB7A9
Part of subcall function 000000013FBCB640: ControlService.ADVAPI32 ref: 000000013FBCB821
Part of subcall function 000000013FBCB640: GetLastError.KERNEL32 ref: 000000013FBCB82F
Part of subcall function 000000013FBCB640: MessageBoxA.USER32 ref: 000000013FBCB8AE
Part of subcall function 000000013FBCB640: DeleteService.ADVAPI32 ref: 000000013FBCB8B7
Part of subcall function 000000013FBCB640: CloseServiceHandle.ADVAPI32 ref: 000000013FBCB8C2
Part of subcall function 000000013FBCB640: CloseServiceHandle.ADVAPI32 ref: 000000013FBCB8CB
Part of subcall function 000000013FBCB640: MessageBoxA.USER32 ref: 000000013FBCB946
Part of subcall function 000000013FBCB640: RegDeleteValueA.ADVAPI32 ref: 000000013FBCBAAF
Part of subcall function 000000013FBCB640: RegCloseKey.ADVAPI32 ref: 000000013FBCBAFD
Part of subcall function 000000013FBCB640: RegCloseKey.ADVAPI32 ref: 000000013FBCBB10

Part of subcall function 000000013FBCBE90: InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 000000013FBCBF05
Part of subcall function 000000013FBCBE90: GetLastError.KERNEL32 ref: 000000013FBCBF0F
Part of subcall function 000000013FBCBE90: EnterCriticalSection.KERNEL32 ref: 000000013FBCBF30
Part of subcall function 000000013FBCBE90: LeaveCriticalSection.KERNEL32 ref: 000000013FBCBF43
Part of subcall function 000000013FBCBE90: DeleteCriticalSection.KERNEL32 ref: 000000013FBCBF57
Part of subcall function 000000013FBCBE90: EnterCriticalSection.KERNEL32 ref: 000000013FBCBFD8
Part of subcall function 000000013FBCBE90: LeaveCriticalSection.KERNEL32 ref: 000000013FBCBFEB
Part of subcall function 000000013FBCBE90: DeleteCriticalSection.KERNEL32 ref: 000000013FBCBFFF
Part of subcall function 000000013FBCBE90: GetModuleFileNameA.KERNEL32 ref: 000000013FBCC04C
Part of subcall function 000000013FBCBE90: GetModuleHandleA.KERNEL32 ref: 000000013FBCC1EF
Part of subcall function 000000013FBCBE90: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBCC2E8

Part of subcall function 000000013FBC9590: GetModuleHandleA.KERNEL32 ref: 000000013FBC95CD
Part of subcall function 000000013FBC9590: GetProcAddress.KERNEL32 ref: 000000013FBC95E9
Part of subcall function 000000013FBC9590: RegOpenKeyExA.ADVAPI32 ref: 000000013FBC963F
Part of subcall function 000000013FBC9590: RegCloseKey.ADVAPI32 ref: 000000013FBC9651

RegCreateKeyExA.ADVAPI32 ref: 000000013FBCA06A
RegDeleteValueA.ADVAPI32 ref: 000000013FBCA086
RegSetValueExA.ADVAPI32 ref: 000000013FBCA0C6

Part of subcall function 000000013FBC8DA0: GetModuleFileNameA.KERNEL32 ref: 000000013FBC8DDE
Part of subcall function 000000013FBC8DA0: OpenSCManagerA.ADVAPI32 ref: 000000013FBC8E29
Part of subcall function 000000013FBC8DA0: MessageBoxA.USER32 ref: 000000013FBC8EA9
Part of subcall function 000000013FBC8DA0: CreateServiceA.ADVAPI32 ref: 000000013FBC8F29
Part of subcall function 000000013FBC8DA0: CloseServiceHandle.ADVAPI32 ref: 000000013FBC8F37
Part of subcall function 000000013FBC8DA0: CloseServiceHandle.ADVAPI32 ref: 000000013FBC8F98
Part of subcall function 000000013FBC8DA0: CloseServiceHandle.ADVAPI32 ref: 000000013FBC8FA1

RegCloseKey.ADVAPI32 ref: 000000013FBCA0F0
RegCloseKey.ADVAPI32 ref: 000000013FBCA10B

Strings

{23D22352-DC86-4346-B298-C56CB6A1C99F}, xrefs: 000000013FBC9FAF
LocalService, xrefs: 000000013FBCA07C, 000000013FBCA0AA
APPID, xrefs: 000000013FBC9F9E
{23D22352-DC86-4346-B298-C56CB6A1C99F}, xrefs: 000000013FBCA02C
AppID, xrefs: 000000013FBC9FDC

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBE2E14, Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 117

APIs

Part of subcall function 000000013FBD5494: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBD54B9

Part of subcall function 000000013FBD516C: GetCurrentProcess.KERNEL32(000000013FBD52DD), ref: 000000013FBD5199

Part of subcall function 000000013FBEA388: fegetenv.LIBCMT ref: 000000013FBEA3D1
Part of subcall function 000000013FBEA388: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBEAA4A
Part of subcall function 000000013FBEA388: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBEAC0D
Part of subcall function 000000013FBEA388: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBEAE1D
Part of subcall function 000000013FBEA388: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBEB0AC
Part of subcall function 000000013FBEA388: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBEB2A6

Part of subcall function 000000013FBEA2C8: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBEA2E1

Part of subcall function 000000013FBE2588: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBE25EC
Part of subcall function 000000013FBE2588: strrchr.LIBVCRUNTIME ref: 000000013FBE2657

_invalid_parameter_noinfo.LIBCMT ref: 000000013FBE2F91

Strings

INF, xrefs: 000000013FBE2E87
nan(snan), xrefs: 000000013FBE2EB4
NAN(SNAN), xrefs: 000000013FBE2EA9
NAN(IND), xrefs: 000000013FBE2EBF
nan(ind), xrefs: 000000013FBE2ECA
NAN, xrefs: 000000013FBE2E75
inf, xrefs: 000000013FBE2E9A
nan, xrefs: 000000013FBE2E7C

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBC9690, Relevance: 15.1, APIs: 6, Strings: 4, Instructions: 142

APIs

CharNextA.USER32 ref: 000000013FBC96EE
CharNextA.USER32 ref: 000000013FBC96FC
CharNextA.USER32 ref: 000000013FBC9724

Part of subcall function 000000013FBCC500: CharUpperA.USER32 ref: 000000013FBCC51E
Part of subcall function 000000013FBCC500: CharUpperA.USER32 ref: 000000013FBCC52B
Part of subcall function 000000013FBCC500: CharNextA.USER32 ref: 000000013FBCC554
Part of subcall function 000000013FBCC500: CharNextA.USER32 ref: 000000013FBCC560
Part of subcall function 000000013FBCC500: CharUpperA.USER32 ref: 000000013FBCC56D
Part of subcall function 000000013FBCC500: CharUpperA.USER32 ref: 000000013FBCC57A

CharNextA.USER32 ref: 000000013FBC97BB
CharNextA.USER32 ref: 000000013FBC97CC
CharNextA.USER32 ref: 000000013FBC97E2

Part of subcall function 000000013FBCBA10: RegDeleteValueA.ADVAPI32 ref: 000000013FBCBAAF
Part of subcall function 000000013FBCBA10: RegCloseKey.ADVAPI32 ref: 000000013FBCBAFD
Part of subcall function 000000013FBCBA10: RegCloseKey.ADVAPI32 ref: 000000013FBCBB10

Part of subcall function 000000013FBC9F70: RegCreateKeyExA.ADVAPI32 ref: 000000013FBCA06A
Part of subcall function 000000013FBC9F70: RegDeleteValueA.ADVAPI32 ref: 000000013FBCA086
Part of subcall function 000000013FBC9F70: RegSetValueExA.ADVAPI32 ref: 000000013FBCA0C6
Part of subcall function 000000013FBC9F70: RegCloseKey.ADVAPI32 ref: 000000013FBCA0F0
Part of subcall function 000000013FBC9F70: RegCloseKey.ADVAPI32 ref: 000000013FBCA10B

Strings

RegServer, xrefs: 000000013FBC9757
UnregServer, xrefs: 000000013FBC9740
UnregServerPerUser, xrefs: 000000013FBC976E
RegServerPerUser, xrefs: 000000013FBC9785

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBCC500, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 59

APIs

CharUpperA.USER32 ref: 000000013FBCC51E
CharUpperA.USER32 ref: 000000013FBCC52B
CharNextA.USER32 ref: 000000013FBCC554
CharNextA.USER32 ref: 000000013FBCC560
CharUpperA.USER32 ref: 000000013FBCC56D
CharUpperA.USER32 ref: 000000013FBCC57A

Strings

, xrefs: 000000013FBCC58A
, xrefs: 000000013FBCC547

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBCA300, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 209library

APIs

Part of subcall function 000000013FBC86B0: WideCharToMultiByte.KERNEL32 ref: 000000013FBC86EF

LoadLibraryExA.KERNEL32 ref: 000000013FBCA41F
LoadLibraryExA.KERNEL32 ref: 000000013FBCA43A
FindResourceA.KERNEL32 ref: 000000013FBCA461
LoadResource.KERNEL32 ref: 000000013FBCA47F
FreeLibrary.KERNEL32 ref: 000000013FBCA552

Part of subcall function 000000013FBC85D0: GetLastError.KERNEL32 ref: 000000013FBC85D4

SizeofResource.KERNEL32 ref: 000000013FBCA4A1

Part of subcall function 000000013FBCA120: lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,000000013FBCA548), ref: 000000013FBCA1D8
Part of subcall function 000000013FBCA120: CoTaskMemFree.OLE32 ref: 000000013FBCA210
Part of subcall function 000000013FBCA120: CharNextA.USER32 ref: 000000013FBCA2E4

Strings

REGISTRY, xrefs: 000000013FBCA303

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBC8B20, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 90library

APIs

GetModuleHandleA.KERNEL32 ref: 000000013FBC8B5E
GetProcAddress.KERNEL32 ref: 000000013FBC8B73
GetModuleHandleA.KERNEL32 ref: 000000013FBC9EE5
GetProcAddress.KERNEL32 ref: 000000013FBC9EFA

Strings

Advapi32.dll, xrefs: 000000013FBC8B57, 000000013FBC9EDE
RegDeleteKeyExA, xrefs: 000000013FBC8B69
RegDeleteKeyTransactedA, xrefs: 000000013FBC9EF0

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBCC6F0, Relevance: 12.1, APIs: 8, Instructions: 119

APIs

new.LIBCMT ref: 000000013FBCC785
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCC78F
new.LIBCMT ref: 000000013FBCC7A3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCC7B0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCC80D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCC81C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCC82B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCC837

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBE9E60, Relevance: 10.8, APIs: 7, Instructions: 294fileLIBRARYCODE

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000013FBE9F84

Part of subcall function 000000013FBDB4A0: HeapAlloc.KERNEL32 ref: 000000013FBDB4DE

Part of subcall function 000000013FBDB460: HeapFree.KERNEL32 ref: 000000013FBDB476
Part of subcall function 000000013FBDB460: GetLastError.KERNEL32 ref: 000000013FBDB488

Part of subcall function 000000013FBE975C: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBE97AF

GetConsoleMode.KERNEL32 ref: 000000013FBEA0CE
ReadConsoleW.KERNEL32 ref: 000000013FBEA0FD
GetLastError.KERNEL32 ref: 000000013FBEA107
ReadFile.KERNEL32 ref: 000000013FBEA14F

Part of subcall function 000000013FBE9818: ReadFile.KERNEL32 ref: 000000013FBE98FE

Part of subcall function 000000013FBE9A48: ReadFile.KERNEL32 ref: 000000013FBE9B1F
Part of subcall function 000000013FBE9A48: MultiByteToWideChar.KERNEL32 ref: 000000013FBE9CF0
Part of subcall function 000000013FBE9A48: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 000000013FBE9CFC

GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000000,000000013FBD1402,000000013FBEC796), ref: 000000013FBEA259
_invalid_parameter_noinfo.LIBCMT ref: 000000013FBEA2A5

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBCE8C0, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 229

APIs

Part of subcall function 000000013FBD5A24: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBD5A52
Part of subcall function 000000013FBD5A24: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBD5AEB

_invalid_parameter_noinfo.LIBCMT ref: 000000013FBCEB09

Part of subcall function 000000013FBD66D8: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBD6703

Part of subcall function 000000013FBCC6F0: new.LIBCMT ref: 000000013FBCC785
Part of subcall function 000000013FBCC6F0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCC78F
Part of subcall function 000000013FBCC6F0: new.LIBCMT ref: 000000013FBCC7A3
Part of subcall function 000000013FBCC6F0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCC7B0
Part of subcall function 000000013FBCC6F0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCC80D
Part of subcall function 000000013FBCC6F0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCC81C
Part of subcall function 000000013FBCC6F0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCC82B
Part of subcall function 000000013FBCC6F0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCC837

Part of subcall function 000000013FBD0918: std::invalid_argument::invalid_argument.LIBCONCRT ref: 000000013FBD0924

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCEBB5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCEBC4
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCEBD3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCEBDF

Strings

string too long, xrefs: 000000013FBCEB79, 000000013FBCEB86

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBC98A0, Relevance: 10.6, APIs: 6, Strings: 1, Instructions: 100

APIs

Part of subcall function 000000013FBC9690: CharNextA.USER32 ref: 000000013FBC96EE
Part of subcall function 000000013FBC9690: CharNextA.USER32 ref: 000000013FBC96FC
Part of subcall function 000000013FBC9690: CharNextA.USER32 ref: 000000013FBC9724
Part of subcall function 000000013FBC9690: CharNextA.USER32 ref: 000000013FBC97BB
Part of subcall function 000000013FBC9690: CharNextA.USER32 ref: 000000013FBC97CC
Part of subcall function 000000013FBC9690: CharNextA.USER32 ref: 000000013FBC97E2

CharNextA.USER32 ref: 000000013FBC990E
CharNextA.USER32 ref: 000000013FBC991C
CharNextA.USER32 ref: 000000013FBC9944

Part of subcall function 000000013FBCC500: CharUpperA.USER32 ref: 000000013FBCC51E
Part of subcall function 000000013FBCC500: CharUpperA.USER32 ref: 000000013FBCC52B
Part of subcall function 000000013FBCC500: CharNextA.USER32 ref: 000000013FBCC554
Part of subcall function 000000013FBCC500: CharNextA.USER32 ref: 000000013FBCC560
Part of subcall function 000000013FBCC500: CharUpperA.USER32 ref: 000000013FBCC56D
Part of subcall function 000000013FBCC500: CharUpperA.USER32 ref: 000000013FBCC57A

CharNextA.USER32 ref: 000000013FBC998E
CharNextA.USER32 ref: 000000013FBC999C
CharNextA.USER32 ref: 000000013FBC99B2

Part of subcall function 000000013FBC9F70: RegCreateKeyExA.ADVAPI32 ref: 000000013FBCA06A
Part of subcall function 000000013FBC9F70: RegDeleteValueA.ADVAPI32 ref: 000000013FBCA086
Part of subcall function 000000013FBC9F70: RegSetValueExA.ADVAPI32 ref: 000000013FBCA0C6
Part of subcall function 000000013FBC9F70: RegCloseKey.ADVAPI32 ref: 000000013FBCA0F0
Part of subcall function 000000013FBC9F70: RegCloseKey.ADVAPI32 ref: 000000013FBCA10B

Strings

Service, xrefs: 000000013FBC9960

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBE837C, Relevance: 9.2, APIs: 6, Instructions: 223LIBRARYCODE

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000013FBE83D8
WideCharToMultiByte.KERNEL32 ref: 000000013FBE84A9
WideCharToMultiByte.KERNEL32 ref: 000000013FBE84F5
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,00000000,?,00000000,00000000,?,000000013FBE8713), ref: 000000013FBE851F
WideCharToMultiByte.KERNEL32 ref: 000000013FBE8572
WideCharToMultiByte.KERNEL32 ref: 000000013FBE864D

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBC6C90, Relevance: 9.1, APIs: 6, Instructions: 110

APIs

Part of subcall function 000000013FBCCF90: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCD023
Part of subcall function 000000013FBCCF90: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCD032
Part of subcall function 000000013FBCCF90: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCD041
Part of subcall function 000000013FBCCF90: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCD04D

__std_exception_copy.LIBVCRUNTIME ref: 000000013FBC6D2C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC6DAD
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC6DB3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC6DB9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC6DBF
__std_exception_copy.LIBVCRUNTIME ref: 000000013FBC6DFB

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBCC8A0, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 171

APIs

Part of subcall function 000000013FBD61A8: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBD61DD

Part of subcall function 000000013FBCC6F0: new.LIBCMT ref: 000000013FBCC785
Part of subcall function 000000013FBCC6F0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCC78F
Part of subcall function 000000013FBCC6F0: new.LIBCMT ref: 000000013FBCC7A3
Part of subcall function 000000013FBCC6F0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCC7B0
Part of subcall function 000000013FBCC6F0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCC80D
Part of subcall function 000000013FBCC6F0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCC81C
Part of subcall function 000000013FBCC6F0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCC82B
Part of subcall function 000000013FBCC6F0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCC837

Part of subcall function 000000013FBD0918: std::invalid_argument::invalid_argument.LIBCONCRT ref: 000000013FBD0924

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCCAB3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCCAC2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCCAD1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCCADD

Strings

string too long, xrefs: 000000013FBCCA7F, 000000013FBCCA8C

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBC93B0, Relevance: 8.9, APIs: 7, Instructions: 117

APIs

CharNextA.USER32 ref: 000000013FBC93E8
CharNextA.USER32 ref: 000000013FBC9423
CharNextA.USER32 ref: 000000013FBC9439
CharNextA.USER32 ref: 000000013FBC944C
CharNextA.USER32 ref: 000000013FBC945B
CharNextA.USER32 ref: 000000013FBC94B5
CharNextA.USER32 ref: 000000013FBC94D9

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBD8420, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29library

APIs

GetModuleHandleExW.KERNEL32 ref: 000000013FBD8440
GetProcAddress.KERNEL32 ref: 000000013FBD8456
FreeLibrary.KERNEL32 ref: 000000013FBD847B

Strings

CorExitProcess, xrefs: 000000013FBD844F
mscoree.dll, xrefs: 000000013FBD8437

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBE0D24, Relevance: 7.6, APIs: 5, Instructions: 142fileLIBRARYCODE

APIs

GetConsoleCP.KERNEL32 ref: 000000013FBE0D81
WideCharToMultiByte.KERNEL32 ref: 000000013FBE0E5D
WriteFile.KERNEL32 ref: 000000013FBE0E83
WriteFile.KERNEL32 ref: 000000013FBE0EC2
GetLastError.KERNEL32 ref: 000000013FBE0EFA

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBE8050, Relevance: 7.6, APIs: 5, Instructions: 133LIBRARYCODE

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000013FBE80A1
MultiByteToWideChar.KERNEL32 ref: 000000013FBE8118
GetLastError.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,000000013FBE82D0), ref: 000000013FBE8129
MultiByteToWideChar.KERNEL32 ref: 000000013FBE8186
MultiByteToWideChar.KERNEL32 ref: 000000013FBE81D9

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBED97C, Relevance: 7.6, APIs: 5, Instructions: 72LIBRARYCODE

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000013FBED9AC
MultiByteToWideChar.KERNEL32 ref: 000000013FBED9E3
GetLastError.KERNEL32(?,?,?,?,?,000000013FBEC806), ref: 000000013FBED9F0

Part of subcall function 000000013FBDB4A0: HeapAlloc.KERNEL32 ref: 000000013FBDB4DE

MultiByteToWideChar.KERNEL32 ref: 000000013FBEDA28
GetLastError.KERNEL32(?,?,?,?,?,000000013FBEC806), ref: 000000013FBEDA32

Part of subcall function 000000013FBDB460: HeapFree.KERNEL32 ref: 000000013FBDB476
Part of subcall function 000000013FBDB460: GetLastError.KERNEL32 ref: 000000013FBDB488

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBEE873, Relevance: 7.6, APIs: 5, Instructions: 52

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBEE89B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBEE8AE
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBEE8BD
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBEE8CC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBEE8D8

Part of subcall function 000000013FBD4118: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000013FBD0917), ref: 000000013FBD4195
Part of subcall function 000000013FBD4118: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000013FBD0917), ref: 000000013FBD41D4

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBD7D9C, Relevance: 7.5, APIs: 5, Instructions: 31thread

APIs

Part of subcall function 000000013FBDF680: GetLastError.KERNEL32 ref: 000000013FBDF68F
Part of subcall function 000000013FBDF680: SetLastError.KERNEL32 ref: 000000013FBDF6F9
Part of subcall function 000000013FBDF680: SetLastError.KERNEL32 ref: 000000013FBDF703

ExitThread.KERNEL32 ref: 000000013FBD7DB4
ExitThread.KERNEL32 ref: 000000013FBD7DC9
CloseHandle.KERNEL32 ref: 000000013FBD7DE9
FreeLibraryAndExitThread.KERNEL32(?,?,?,000000013FBD7F4D,?,?,?,?,000000013FBD7D88), ref: 000000013FBD7DFF
ExitThread.KERNEL32 ref: 000000013FBD7E08

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBD32B0, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 161LIBRARYCODE

APIs

EncodePointer.KERNEL32(?,000000013FBD2551,?,?,?,?,?,?,?,000000013FBCFAB0), ref: 000000013FBD32FF
_GetRangeOfTrysToCheck.LIBVCRUNTIME ref: 000000013FBD338D

Part of subcall function 000000013FBD2C94: _GetEstablisherFrame.LIBVCRUNTIME ref: 000000013FBD2CCC
Part of subcall function 000000013FBD2C94: _UnwindNestedFrames.LIBVCRUNTIME ref: 000000013FBD2D37

Strings

MOC, xrefs: 000000013FBD3313
RCC, xrefs: 000000013FBD331B

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBD6CC0, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 153

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000013FBD6CED

Part of subcall function 000000013FBD6FE0: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBD7023

Part of subcall function 000000013FBD6ED4: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBD6F3B

_invalid_parameter_noinfo.LIBCMT ref: 000000013FBD6EC9

Strings

, xrefs: 000000013FBD6E47
*, xrefs: 000000013FBD6DF2

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBCA120, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 119string

APIs

Part of subcall function 000000013FBC9A00: CoTaskMemAlloc.OLE32 ref: 000000013FBC9A8D
Part of subcall function 000000013FBC9A00: CharNextA.USER32 ref: 000000013FBC9AFA
Part of subcall function 000000013FBC9A00: CharNextA.USER32 ref: 000000013FBC9B06
Part of subcall function 000000013FBC9A00: CharNextA.USER32 ref: 000000013FBC9B12
Part of subcall function 000000013FBC9A00: CharNextA.USER32 ref: 000000013FBC9B1E
Part of subcall function 000000013FBC9A00: CharNextA.USER32 ref: 000000013FBC9B59
Part of subcall function 000000013FBC9A00: CharNextA.USER32 ref: 000000013FBC9B6C
Part of subcall function 000000013FBC9A00: CharNextA.USER32 ref: 000000013FBC9B7B
Part of subcall function 000000013FBC9A00: CharNextA.USER32 ref: 000000013FBC9BE8
Part of subcall function 000000013FBC9A00: CharNextA.USER32 ref: 000000013FBC9C95
Part of subcall function 000000013FBC9A00: CharNextA.USER32 ref: 000000013FBC9CA5
Part of subcall function 000000013FBC9A00: CharNextA.USER32 ref: 000000013FBC9CC4
Part of subcall function 000000013FBC9A00: CoTaskMemFree.OLE32 ref: 000000013FBC9D26

Part of subcall function 000000013FBC93B0: CharNextA.USER32 ref: 000000013FBC93E8
Part of subcall function 000000013FBC93B0: CharNextA.USER32 ref: 000000013FBC9423
Part of subcall function 000000013FBC93B0: CharNextA.USER32 ref: 000000013FBC9439
Part of subcall function 000000013FBC93B0: CharNextA.USER32 ref: 000000013FBC944C
Part of subcall function 000000013FBC93B0: CharNextA.USER32 ref: 000000013FBC945B
Part of subcall function 000000013FBC93B0: CharNextA.USER32 ref: 000000013FBC94B5
Part of subcall function 000000013FBC93B0: CharNextA.USER32 ref: 000000013FBC94D9

lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,000000013FBCA548), ref: 000000013FBCA1D8
CoTaskMemFree.OLE32 ref: 000000013FBCA210

Part of subcall function 000000013FBCA5F0: lstrcmpiA.KERNEL32(?,00000000,00000000,0000000100002600,000000013FBCA2B9), ref: 000000013FBCA677
Part of subcall function 000000013FBCA5F0: lstrcmpiA.KERNEL32 ref: 000000013FBCA68F
Part of subcall function 000000013FBCA5F0: CharNextA.USER32 ref: 000000013FBCA6E4
Part of subcall function 000000013FBCA5F0: lstrcmpiA.KERNEL32 ref: 000000013FBCA716
Part of subcall function 000000013FBCA5F0: lstrcmpiA.KERNEL32 ref: 000000013FBCA786
Part of subcall function 000000013FBCA5F0: lstrcmpiA.KERNEL32 ref: 000000013FBCA7B8
Part of subcall function 000000013FBCA5F0: RegDeleteValueA.ADVAPI32 ref: 000000013FBCA87D
Part of subcall function 000000013FBCA5F0: RegCloseKey.ADVAPI32 ref: 000000013FBCA896
Part of subcall function 000000013FBCA5F0: CharNextA.USER32 ref: 000000013FBCA8C4
Part of subcall function 000000013FBCA5F0: GetModuleHandleA.KERNEL32 ref: 000000013FBCA949
Part of subcall function 000000013FBCA5F0: GetProcAddress.KERNEL32 ref: 000000013FBCA966
Part of subcall function 000000013FBCA5F0: RegCreateKeyExA.ADVAPI32 ref: 000000013FBCA9F6
Part of subcall function 000000013FBCA5F0: RegCloseKey.ADVAPI32 ref: 000000013FBCAA0F
Part of subcall function 000000013FBCA5F0: lstrcmpiA.KERNEL32 ref: 000000013FBCAC07
Part of subcall function 000000013FBCA5F0: RegCloseKey.ADVAPI32 ref: 000000013FBCAC5D
Part of subcall function 000000013FBCA5F0: RegCloseKey.ADVAPI32 ref: 000000013FBCACC5
Part of subcall function 000000013FBCA5F0: RegCloseKey.ADVAPI32 ref: 000000013FBCACDF
Part of subcall function 000000013FBCA5F0: RegCloseKey.ADVAPI32(?,00000000,00000000,0000000100002600,000000013FBCA2B9), ref: 000000013FBCAD28

CharNextA.USER32 ref: 000000013FBCA2E4

Strings

{, xrefs: 000000013FBCA265

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBE1150, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileLIBRARYCODE

APIs

WideCharToMultiByte.KERNEL32 ref: 000000013FBE1236
WriteFile.KERNEL32 ref: 000000013FBE1269
GetLastError.KERNEL32 ref: 000000013FBE128B

Strings

U, xrefs: 000000013FBE1214

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBD0540, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42

APIs

GetLastError.KERNEL32 ref: 000000013FBD05A1
IsDebuggerPresent.KERNEL32 ref: 000000013FBD05B9
OutputDebugStringW.KERNEL32 ref: 000000013FBD05CA

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 000000013FBD05C3

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBE2388, Relevance: 6.1, APIs: 4, Instructions: 104

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000013FBE23DB
WideCharToMultiByte.KERNEL32 ref: 000000013FBE24AD
GetLastError.KERNEL32 ref: 000000013FBE24D0
_invalid_parameter_noinfo.LIBCMT ref: 000000013FBE2502

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBC1330, Relevance: 6.1, APIs: 4, Instructions: 91

APIs

CreateDirectoryA.KERNEL32 ref: 000000013FBC1456

Part of subcall function 000000013FBC1330: GetFileAttributesA.KERNEL32 ref: 000000013FBC135A
Part of subcall function 000000013FBC1330: CreateDirectoryA.KERNEL32 ref: 000000013FBC136A

GetFileAttributesA.KERNEL32 ref: 000000013FBC1444

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBD5370, Relevance: 6.1, APIs: 4, Instructions: 81

APIs

VirtualQuery.KERNEL32 ref: 000000013FBD53C1
GetSystemInfo.KERNEL32 ref: 000000013FBD53D8
VirtualAlloc.KERNEL32 ref: 000000013FBD543C
VirtualProtect.KERNEL32 ref: 000000013FBD5456

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBC9D70, Relevance: 6.1, APIs: 4, Instructions: 80registry

APIs

Part of subcall function 000000013FBC9590: GetModuleHandleA.KERNEL32 ref: 000000013FBC95CD
Part of subcall function 000000013FBC9590: GetProcAddress.KERNEL32 ref: 000000013FBC95E9
Part of subcall function 000000013FBC9590: RegOpenKeyExA.ADVAPI32 ref: 000000013FBC963F
Part of subcall function 000000013FBC9590: RegCloseKey.ADVAPI32 ref: 000000013FBC9651

RegEnumKeyExA.ADVAPI32 ref: 000000013FBC9DFE
RegCloseKey.ADVAPI32 ref: 000000013FBC9E6B

Part of subcall function 000000013FBC8B20: GetModuleHandleA.KERNEL32 ref: 000000013FBC8B5E
Part of subcall function 000000013FBC8B20: GetProcAddress.KERNEL32 ref: 000000013FBC8B73
Part of subcall function 000000013FBC8B20: GetModuleHandleA.KERNEL32 ref: 000000013FBC9EE5
Part of subcall function 000000013FBC8B20: GetProcAddress.KERNEL32 ref: 000000013FBC9EFA

Part of subcall function 000000013FBC9D70: RegEnumKeyExA.ADVAPI32 ref: 000000013FBC9E57

RegCloseKey.ADVAPI32 ref: 000000013FBC9E91

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBCCF90, Relevance: 6.1, APIs: 4, Instructions: 79

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCD023
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCD032
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCD041
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCD04D

Part of subcall function 000000013FBC72E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC7349
Part of subcall function 000000013FBC72E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC734F
Part of subcall function 000000013FBC72E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC7355
Part of subcall function 000000013FBC72E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC735B

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBC87B0, Relevance: 6.1, APIs: 4, Instructions: 78

APIs

RaiseException.KERNEL32(?,?,?,000000013FBC73DA), ref: 000000013FBC885D
RaiseException.KERNEL32(?,?,?,000000013FBC73DA), ref: 000000013FBC8873
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,000000013FBC73DA), ref: 000000013FBC8894

Part of subcall function 000000013FBC87B0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,000000013FBC73DA), ref: 000000013FBC88A8

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBCB590, Relevance: 6.1, APIs: 4, Instructions: 78windowstring

APIs

EnterCriticalSection.KERNEL32 ref: 000000013FBCB5B2
lstrcmpiA.KERNEL32 ref: 000000013FBCB5CE
LeaveCriticalSection.KERNEL32 ref: 000000013FBCB5E7

Part of subcall function 000000013FBC8600: LoadStringA.USER32 ref: 000000013FBC8650

Part of subcall function 000000013FBCB640: RegDeleteValueA.ADVAPI32 ref: 000000013FBCBAAF
Part of subcall function 000000013FBCB640: RegCloseKey.ADVAPI32 ref: 000000013FBCBAFD
Part of subcall function 000000013FBCB640: RegCloseKey.ADVAPI32 ref: 000000013FBCBB10

RaiseException.KERNEL32 ref: 000000013FBCB633

Part of subcall function 000000013FBC9000: OpenSCManagerA.ADVAPI32(?,?,?,000000013FBC8DC3), ref: 000000013FBC901E
Part of subcall function 000000013FBC9000: OpenServiceA.ADVAPI32(?,?,?,000000013FBC8DC3), ref: 000000013FBC9037
Part of subcall function 000000013FBC9000: CloseServiceHandle.ADVAPI32(?,?,?,000000013FBC8DC3), ref: 000000013FBC904A
Part of subcall function 000000013FBC9000: CloseServiceHandle.ADVAPI32(?,?,?,000000013FBC8DC3), ref: 000000013FBC9053

OpenSCManagerA.ADVAPI32 ref: 000000013FBCB68C
LoadStringA.USER32 ref: 000000013FBCB6CD
MessageBoxA.USER32 ref: 000000013FBCB73A
OpenServiceA.ADVAPI32 ref: 000000013FBCB75F
CloseServiceHandle.ADVAPI32 ref: 000000013FBCB774

Part of subcall function 000000013FBD061C: EnterCriticalSection.KERNEL32(?,?,?,000000013FBC8631), ref: 000000013FBD063A
Part of subcall function 000000013FBD061C: LeaveCriticalSection.KERNEL32(?,?,?,000000013FBC8631), ref: 000000013FBD0658
Part of subcall function 000000013FBD061C: RaiseException.KERNEL32(?,?,?,000000013FBC8631), ref: 000000013FBD0691

LoadStringA.USER32 ref: 000000013FBCB7A9
ControlService.ADVAPI32 ref: 000000013FBCB821
GetLastError.KERNEL32 ref: 000000013FBCB82F
MessageBoxA.USER32 ref: 000000013FBCB8AE
DeleteService.ADVAPI32 ref: 000000013FBCB8B7
CloseServiceHandle.ADVAPI32 ref: 000000013FBCB8C2
CloseServiceHandle.ADVAPI32 ref: 000000013FBCB8CB
MessageBoxA.USER32 ref: 000000013FBCB946

Part of subcall function 000000013FBD5494: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBD54B9

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBCC7B8, Relevance: 6.1, APIs: 4, Instructions: 62

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCC80D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCC81C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCC82B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCC837

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBEEF22, Relevance: 6.1, APIs: 4, Instructions: 57

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBEEFC2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBEEFC8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBEEFCE
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBEEFD4

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBC72E0, Relevance: 6.1, APIs: 4, Instructions: 56

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC7349
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC734F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC7355
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBC735B

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBCD200, Relevance: 6.0, APIs: 4, Instructions: 46

APIs

new.LIBCMT ref: 000000013FBCD222
new.LIBCMT ref: 000000013FBCD243
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCD255
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 000000013FBCD25B

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBD038C, Relevance: 6.0, APIs: 4, Instructions: 39timethread

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 000000013FBD03B8
GetCurrentThreadId.KERNEL32 ref: 000000013FBD03C6
GetCurrentProcessId.KERNEL32 ref: 000000013FBD03D2
QueryPerformanceCounter.KERNEL32 ref: 000000013FBD03E2

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBC9000, Relevance: 6.0, APIs: 4, Instructions: 30

APIs

OpenSCManagerA.ADVAPI32(?,?,?,000000013FBC8DC3), ref: 000000013FBC901E
OpenServiceA.ADVAPI32(?,?,?,000000013FBC8DC3), ref: 000000013FBC9037
CloseServiceHandle.ADVAPI32(?,?,?,000000013FBC8DC3), ref: 000000013FBC904A
CloseServiceHandle.ADVAPI32(?,?,?,000000013FBC8DC3), ref: 000000013FBC9053

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBE2588, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 245string

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000013FBE25EC
strrchr.LIBVCRUNTIME ref: 000000013FBE2657

Strings

gfffffff, xrefs: 000000013FBE287A

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBD3CA4, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 166LIBRARYCODE

APIs

__FrameUnwindToEmptyState.LIBVCRUNTIME ref: 000000013FBD3DCD

Part of subcall function 000000013FBD2120: _GetEstablisherFrame.LIBVCRUNTIME ref: 000000013FBD213D

Part of subcall function 000000013FBD3B10: __GetCurrentState.LIBVCRUNTIME ref: 000000013FBD3B51

Part of subcall function 000000013FBD2DE0: _GetEstablisherFrame.LIBVCRUNTIME ref: 000000013FBD2E3C
Part of subcall function 000000013FBD2DE0: __GetUnwindTryBlock.LIBVCRUNTIME ref: 000000013FBD2E4A
Part of subcall function 000000013FBD2DE0: __SetUnwindTryBlock.LIBVCRUNTIME ref: 000000013FBD2E71
Part of subcall function 000000013FBD2DE0: __GetUnwindTryBlock.LIBVCRUNTIME ref: 000000013FBD2E7B
Part of subcall function 000000013FBD2DE0: IsInExceptionSpec.LIBVCRUNTIME ref: 000000013FBD2F4C
Part of subcall function 000000013FBD2DE0: _GetRangeOfTrysToCheck.LIBVCRUNTIME ref: 000000013FBD3017
Part of subcall function 000000013FBD2DE0: __TypeMatch.LIBVCRUNTIME ref: 000000013FBD30A8
Part of subcall function 000000013FBD2DE0: _ExecutionInCatch.LIBVCRUNTIME ref: 000000013FBD317B
Part of subcall function 000000013FBD2DE0: IsInExceptionSpec.LIBVCRUNTIME ref: 000000013FBD31AB
Part of subcall function 000000013FBD2DE0: _GetEstablisherFrame.LIBVCRUNTIME ref: 000000013FBD31C1
Part of subcall function 000000013FBD2DE0: _UnwindNestedFrames.LIBVCRUNTIME ref: 000000013FBD31EE

Strings

csm, xrefs: 000000013FBD3E1D
csm, xrefs: 000000013FBD3D04

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBE29B8, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000013FBE29FB

Part of subcall function 000000013FBD5494: _invalid_parameter_noinfo.LIBCMT ref: 000000013FBD54B9

Part of subcall function 000000013FBD516C: GetCurrentProcess.KERNEL32(000000013FBD52DD), ref: 000000013FBD5199

Strings

gfff, xrefs: 000000013FBE2B26
e+000, xrefs: 000000013FBE2AA3

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBD8730, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000013FBD875A
GetModuleFileNameA.KERNEL32(?,?,?,?,?,000000013FBCFC1A), ref: 000000013FBD877B

Part of subcall function 000000013FBDB460: HeapFree.KERNEL32 ref: 000000013FBDB476
Part of subcall function 000000013FBDB460: GetLastError.KERNEL32 ref: 000000013FBDB488

Strings

C:\Windows\system32\xbox-service.exe, xrefs: 000000013FBD8769

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBE0704, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70

APIs

GetStdHandle.KERNEL32 ref: 000000013FBE0776
GetFileType.KERNEL32 ref: 000000013FBE078C

Strings

@, xrefs: 000000013FBE07B7

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBE69B0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50LIBRARYCODE

APIs

Part of subcall function 000000013FBDFD04: GetLocaleInfoW.KERNEL32(?,?,00000000,000000013FBD9C6B), ref: 000000013FBDFD7B

GetACP.KERNEL32(?,?,000000A0,000000013FBE6C4E,?,?,?,00000000,?,000000013FBD9BE4), ref: 000000013FBE6A4E

Strings

OCP, xrefs: 000000013FBE69E1
ACP, xrefs: 000000013FBE69D1

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBD4704, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28LIBRARYCODE

APIs

try_get_function.LIBVCRUNTIME ref: 000000013FBD4732

Part of subcall function 000000013FBD4440: LoadLibraryExW.KERNELBASE(?,?,?,000000013FBD47A7,?,?,?,000000013FBD4D08,?,?,00000001,000000013FBD43FF), ref: 000000013FBD44EC
Part of subcall function 000000013FBD4440: GetLastError.KERNEL32(?,?,?,000000013FBD47A7,?,?,?,000000013FBD4D08,?,?,00000001,000000013FBD43FF), ref: 000000013FBD44FF
Part of subcall function 000000013FBD4440: LoadLibraryExW.KERNEL32(?,?,?,000000013FBD47A7,?,?,?,000000013FBD4D08,?,?,00000001,000000013FBD43FF), ref: 000000013FBD4512
Part of subcall function 000000013FBD4440: FreeLibrary.KERNEL32(?,?,?,000000013FBD47A7,?,?,?,000000013FBD4D08,?,?,00000001,000000013FBD43FF), ref: 000000013FBD454F
Part of subcall function 000000013FBD4440: GetProcAddress.KERNEL32(?,?,?,000000013FBD47A7,?,?,?,000000013FBD4D08,?,?,00000001,000000013FBD43FF), ref: 000000013FBD4583

TlsSetValue.KERNEL32(?,?,?,000000013FBD4A99,?,?,?,?,000000013FBD440C,?,?,?,?,000000013FBCF4FB), ref: 000000013FBD4755

Strings

FlsSetValue, xrefs: 000000013FBD471F

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBD46B0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23LIBRARYCODE

APIs

try_get_function.LIBVCRUNTIME ref: 000000013FBD46D6

Part of subcall function 000000013FBD4440: LoadLibraryExW.KERNELBASE(?,?,?,000000013FBD47A7,?,?,?,000000013FBD4D08,?,?,00000001,000000013FBD43FF), ref: 000000013FBD44EC
Part of subcall function 000000013FBD4440: GetLastError.KERNEL32(?,?,?,000000013FBD47A7,?,?,?,000000013FBD4D08,?,?,00000001,000000013FBD43FF), ref: 000000013FBD44FF
Part of subcall function 000000013FBD4440: LoadLibraryExW.KERNEL32(?,?,?,000000013FBD47A7,?,?,?,000000013FBD4D08,?,?,00000001,000000013FBD43FF), ref: 000000013FBD4512
Part of subcall function 000000013FBD4440: FreeLibrary.KERNEL32(?,?,?,000000013FBD47A7,?,?,?,000000013FBD4D08,?,?,00000001,000000013FBD43FF), ref: 000000013FBD454F
Part of subcall function 000000013FBD4440: GetProcAddress.KERNEL32(?,?,?,000000013FBD47A7,?,?,?,000000013FBD4D08,?,?,00000001,000000013FBD43FF), ref: 000000013FBD4583

TlsGetValue.KERNEL32 ref: 000000013FBD46F3

Strings

FlsGetValue, xrefs: 000000013FBD46CF

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Function 000000013FBD465C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23

APIs

try_get_function.LIBVCRUNTIME ref: 000000013FBD4682

Part of subcall function 000000013FBD4440: LoadLibraryExW.KERNELBASE(?,?,?,000000013FBD47A7,?,?,?,000000013FBD4D08,?,?,00000001,000000013FBD43FF), ref: 000000013FBD44EC
Part of subcall function 000000013FBD4440: GetLastError.KERNEL32(?,?,?,000000013FBD47A7,?,?,?,000000013FBD4D08,?,?,00000001,000000013FBD43FF), ref: 000000013FBD44FF
Part of subcall function 000000013FBD4440: LoadLibraryExW.KERNEL32(?,?,?,000000013FBD47A7,?,?,?,000000013FBD4D08,?,?,00000001,000000013FBD43FF), ref: 000000013FBD4512
Part of subcall function 000000013FBD4440: FreeLibrary.KERNEL32(?,?,?,000000013FBD47A7,?,?,?,000000013FBD4D08,?,?,00000001,000000013FBD43FF), ref: 000000013FBD454F
Part of subcall function 000000013FBD4440: GetProcAddress.KERNEL32(?,?,?,000000013FBD47A7,?,?,?,000000013FBD4D08,?,?,00000001,000000013FBD43FF), ref: 000000013FBD4583

TlsFree.KERNEL32(?,?,?,000000013FBD4AC0,?,?,?,?,000000013FBD4AA2,?,?,?,?,000000013FBD440C), ref: 000000013FBD469F

Strings

FlsFree, xrefs: 000000013FBD467B

Memory Dump Source

Source File: 00000009.00000001.12620100914.000000013FBC1000.00000020.sdmp, Offset: 000000013FBC0000, based on PE: true

Associated: 00000009.00000001.12620002454.000000013FBC0000.00000002.sdmp
Associated: 00000009.00000001.12620962077.000000013FBF0000.00000002.sdmp
Associated: 00000009.00000001.12621111071.000000013FC09000.00000004.sdmp
Associated: 00000009.00000001.12621161617.000000013FC0C000.00000002.sdmp
Associated: 00000009.00000001.12621224874.000000013FC10000.00000008.sdmp
Associated: 00000009.00000001.12621293325.000000013FC11000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_13fbc0000_xbox-service.jbxd

Analysis Process: rundll32.exe PID: 1928 Parent PID: 2572

Executed Functions

Function 0000000180016220, Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 41
network

Control-flow Graph

Executed
Not Executed

APIs

WSAStartup.WS2_32 ref: 000000018001625C
GetTickCount64.KERNEL32 ref: 00000001800162C5

Part of subcall function 000000018008E150: IsProcessorFeaturePresent.KERNEL32 ref: 000000018008E90E

Strings

T:\Bin-prep\mhd\src\libmicrohttpd-0.9.55\W32\VS2015\..\..\src\microhttpd\daemon.c, xrefs: 000000018001627A
T:\Bin-prep\mhd\src\libmicrohttpd-0.9.55\W32\VS2015\..\..\src\microhttpd\daemon.c, xrefs: 00000001800162B7
Failed to initialize winsock, xrefs: 000000018001626D
Winsock version 2.2 is not available, xrefs: 00000001800162AA

Memory Dump Source

Source File: 0000000A.00000001.12626740060.0000000180001000.00000020.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 0000000A.00000001.12626629467.0000000180000000.00000002.sdmp
Associated: 0000000A.00000001.12627159628.00000001800D9000.00000002.sdmp
Associated: 0000000A.00000001.12627296916.0000000180137000.00000008.sdmp
Associated: 0000000A.00000001.12627338778.000000018014F000.00000004.sdmp
Associated: 0000000A.00000001.12627357441.0000000180151000.00000008.sdmp
Associated: 0000000A.00000001.12627382775.0000000180156000.00000004.sdmp
Associated: 0000000A.00000001.12627397864.0000000180157000.00000008.sdmp
Associated: 0000000A.00000001.12627422877.000000018015B000.00000004.sdmp
Associated: 0000000A.00000001.12627444444.000000018015D000.00000002.sdmp
Associated: 0000000A.00000001.12627486600.000000018016B000.00000008.sdmp
Associated: 0000000A.00000001.12627502996.000000018016C000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_1_180000000_rundll32.jbxd

Function 00000001800C4AE8, Relevance: 7.6, APIs: 5, Instructions: 114
libraryLIBRARYCODE

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(?,?,00000004,00000001800C4EFF,?,?,00000000,00000001800C37EB,?,?,?,00000001800B1B11), ref: 00000001800C4B84
GetLastError.KERNEL32(?,?,00000004,00000001800C4EFF,?,?,00000000,00000001800C37EB,?,?,?,00000001800B1B11), ref: 00000001800C4B92
LoadLibraryExW.KERNEL32(?,?,00000004,00000001800C4EFF,?,?,00000000,00000001800C37EB,?,?,?,00000001800B1B11), ref: 00000001800C4BA5
FreeLibrary.KERNEL32(?,?,00000004,00000001800C4EFF,?,?,00000000,00000001800C37EB,?,?,?,00000001800B1B11), ref: 00000001800C4BDE
GetProcAddress.KERNEL32(?,?,00000004,00000001800C4EFF,?,?,00000000,00000001800C37EB,?,?,?,00000001800B1B11), ref: 00000001800C4C0A

Memory Dump Source

Source File: 0000000A.00000001.12626740060.0000000180001000.00000020.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 0000000A.00000001.12626629467.0000000180000000.00000002.sdmp
Associated: 0000000A.00000001.12627159628.00000001800D9000.00000002.sdmp
Associated: 0000000A.00000001.12627296916.0000000180137000.00000008.sdmp
Associated: 0000000A.00000001.12627338778.000000018014F000.00000004.sdmp
Associated: 0000000A.00000001.12627357441.0000000180151000.00000008.sdmp
Associated: 0000000A.00000001.12627382775.0000000180156000.00000004.sdmp
Associated: 0000000A.00000001.12627397864.0000000180157000.00000008.sdmp
Associated: 0000000A.00000001.12627422877.000000018015B000.00000004.sdmp
Associated: 0000000A.00000001.12627444444.000000018015D000.00000002.sdmp
Associated: 0000000A.00000001.12627486600.000000018016B000.00000008.sdmp
Associated: 0000000A.00000001.12627502996.000000018016C000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_1_180000000_rundll32.jbxd

Function 00000001800B038C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32

Control-flow Graph

Executed
Not Executed

APIs

try_get_function.LIBVCRUNTIME ref: 00000001800B03C2

Part of subcall function 00000001800B0060: LoadLibraryExW.KERNELBASE(?,?,00000000,00000001800B02FB,?,?,00000000,00000001800B0C86,?,?,?,00000001800B0C41), ref: 00000001800B010C
Part of subcall function 00000001800B0060: GetLastError.KERNEL32(?,?,00000000,00000001800B02FB,?,?,00000000,00000001800B0C86,?,?,?,00000001800B0C41), ref: 00000001800B011F
Part of subcall function 00000001800B0060: LoadLibraryExW.KERNEL32(?,?,00000000,00000001800B02FB,?,?,00000000,00000001800B0C86,?,?,?,00000001800B0C41), ref: 00000001800B0132
Part of subcall function 00000001800B0060: FreeLibrary.KERNEL32(?,?,00000000,00000001800B02FB,?,?,00000000,00000001800B0C86,?,?,?,00000001800B0C41), ref: 00000001800B016F
Part of subcall function 00000001800B0060: GetProcAddress.KERNEL32(?,?,00000000,00000001800B02FB,?,?,00000000,00000001800B0C86,?,?,?,00000001800B0C41), ref: 00000001800B01A3

InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,?,00000001800B0F68,?,?,00000001,00000001800AFDEB,?,?,?,?,000000018008E347), ref: 00000001800B03E8

Strings

InitializeCriticalSectionEx, xrefs: 00000001800B03B6

Memory Dump Source

Source File: 0000000A.00000001.12626740060.0000000180001000.00000020.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 0000000A.00000001.12626629467.0000000180000000.00000002.sdmp
Associated: 0000000A.00000001.12627159628.00000001800D9000.00000002.sdmp
Associated: 0000000A.00000001.12627296916.0000000180137000.00000008.sdmp
Associated: 0000000A.00000001.12627338778.000000018014F000.00000004.sdmp
Associated: 0000000A.00000001.12627357441.0000000180151000.00000008.sdmp
Associated: 0000000A.00000001.12627382775.0000000180156000.00000004.sdmp
Associated: 0000000A.00000001.12627397864.0000000180157000.00000008.sdmp
Associated: 0000000A.00000001.12627422877.000000018015B000.00000004.sdmp
Associated: 0000000A.00000001.12627444444.000000018015D000.00000002.sdmp
Associated: 0000000A.00000001.12627486600.000000018016B000.00000008.sdmp
Associated: 0000000A.00000001.12627502996.000000018016C000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_1_180000000_rundll32.jbxd

Function 000000018008CAC0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25

Control-flow Graph

Executed
Not Executed

APIs

shared_ptr.LIBCPMT ref: 000000018008CB02

Part of subcall function 000000018008C8A4: RtlPcToFileHeader.KERNEL32 ref: 000000018008C924
Part of subcall function 000000018008C8A4: make_shared.LIBCPMT ref: 000000018008C977

__std_exception_destroy.LIBVCRUNTIME ref: 000000018008CB19

Strings

bad allocation, xrefs: 000000018008CADE

Memory Dump Source

Source File: 0000000A.00000001.12626740060.0000000180001000.00000020.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 0000000A.00000001.12626629467.0000000180000000.00000002.sdmp
Associated: 0000000A.00000001.12627159628.00000001800D9000.00000002.sdmp
Associated: 0000000A.00000001.12627296916.0000000180137000.00000008.sdmp
Associated: 0000000A.00000001.12627338778.000000018014F000.00000004.sdmp
Associated: 0000000A.00000001.12627357441.0000000180151000.00000008.sdmp
Associated: 0000000A.00000001.12627382775.0000000180156000.00000004.sdmp
Associated: 0000000A.00000001.12627397864.0000000180157000.00000008.sdmp
Associated: 0000000A.00000001.12627422877.000000018015B000.00000004.sdmp
Associated: 0000000A.00000001.12627444444.000000018015D000.00000002.sdmp
Associated: 0000000A.00000001.12627486600.000000018016B000.00000008.sdmp
Associated: 0000000A.00000001.12627502996.000000018016C000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_1_180000000_rundll32.jbxd

Function 00000001800B0228, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22

Control-flow Graph

Executed
Not Executed

APIs

try_get_function.LIBVCRUNTIME ref: 00000001800B024F

Part of subcall function 00000001800B0060: LoadLibraryExW.KERNELBASE(?,?,00000000,00000001800B02FB,?,?,00000000,00000001800B0C86,?,?,?,00000001800B0C41), ref: 00000001800B010C
Part of subcall function 00000001800B0060: GetLastError.KERNEL32(?,?,00000000,00000001800B02FB,?,?,00000000,00000001800B0C86,?,?,?,00000001800B0C41), ref: 00000001800B011F
Part of subcall function 00000001800B0060: LoadLibraryExW.KERNEL32(?,?,00000000,00000001800B02FB,?,?,00000000,00000001800B0C86,?,?,?,00000001800B0C41), ref: 00000001800B0132
Part of subcall function 00000001800B0060: FreeLibrary.KERNEL32(?,?,00000000,00000001800B02FB,?,?,00000000,00000001800B0C86,?,?,?,00000001800B0C41), ref: 00000001800B016F
Part of subcall function 00000001800B0060: GetProcAddress.KERNEL32(?,?,00000000,00000001800B02FB,?,?,00000000,00000001800B0C86,?,?,?,00000001800B0C41), ref: 00000001800B01A3

TlsAlloc.KERNEL32(?,?,?,00000001800B0D1C,?,?,?,?,00000001800AFDF8,?,?,?,?,000000018008E347), ref: 00000001800B026B

Strings

FlsAlloc, xrefs: 00000001800B0248

Memory Dump Source

Source File: 0000000A.00000001.12626740060.0000000180001000.00000020.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 0000000A.00000001.12626629467.0000000180000000.00000002.sdmp
Associated: 0000000A.00000001.12627159628.00000001800D9000.00000002.sdmp
Associated: 0000000A.00000001.12627296916.0000000180137000.00000008.sdmp
Associated: 0000000A.00000001.12627338778.000000018014F000.00000004.sdmp
Associated: 0000000A.00000001.12627357441.0000000180151000.00000008.sdmp
Associated: 0000000A.00000001.12627382775.0000000180156000.00000004.sdmp
Associated: 0000000A.00000001.12627397864.0000000180157000.00000008.sdmp
Associated: 0000000A.00000001.12627422877.000000018015B000.00000004.sdmp
Associated: 0000000A.00000001.12627444444.000000018015D000.00000002.sdmp
Associated: 0000000A.00000001.12627486600.000000018016B000.00000008.sdmp
Associated: 0000000A.00000001.12627502996.000000018016C000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_1_180000000_rundll32.jbxd

Function 00000001800C6088, Relevance: 4.7, APIs: 3, Instructions: 237

Control-flow Graph

Executed
Not Executed

APIs

MultiByteToWideChar.KERNEL32 ref: 00000001800C610F
MultiByteToWideChar.KERNEL32 ref: 00000001800C61D4

Part of subcall function 00000001800C5090: LCMapStringW.KERNEL32 ref: 00000001800C515E

Part of subcall function 00000001800BEE88: HeapAlloc.KERNEL32 ref: 00000001800BEEC6

WideCharToMultiByte.KERNEL32 ref: 00000001800C6364

Part of subcall function 00000001800BED30: HeapFree.KERNEL32 ref: 00000001800BED46
Part of subcall function 00000001800BED30: GetLastError.KERNEL32(?,?,00000000,00000001800C37DB,?,?,?,00000001800B1B11,?,?,?,?,00000001800C32FA,?,?,00000000), ref: 00000001800BED58

Part of subcall function 000000018008E150: IsProcessorFeaturePresent.KERNEL32 ref: 000000018008E90E

Memory Dump Source

Source File: 0000000A.00000001.12626740060.0000000180001000.00000020.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 0000000A.00000001.12626629467.0000000180000000.00000002.sdmp
Associated: 0000000A.00000001.12627159628.00000001800D9000.00000002.sdmp
Associated: 0000000A.00000001.12627296916.0000000180137000.00000008.sdmp
Associated: 0000000A.00000001.12627338778.000000018014F000.00000004.sdmp
Associated: 0000000A.00000001.12627357441.0000000180151000.00000008.sdmp
Associated: 0000000A.00000001.12627382775.0000000180156000.00000004.sdmp
Associated: 0000000A.00000001.12627397864.0000000180157000.00000008.sdmp
Associated: 0000000A.00000001.12627422877.000000018015B000.00000004.sdmp
Associated: 0000000A.00000001.12627444444.000000018015D000.00000002.sdmp
Associated: 0000000A.00000001.12627486600.000000018016B000.00000008.sdmp
Associated: 0000000A.00000001.12627502996.000000018016C000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_1_180000000_rundll32.jbxd

Function 00000001800921D4, Relevance: 4.5, APIs: 3, Instructions: 22
threadtime

Control-flow Graph

Executed
Not Executed

APIs

EncodePointer.KERNEL32(?,?,?,?,?,000000018000115D), ref: 00000001800921EB
GetCurrentThread.KERNEL32(?,?,?,?,?,000000018000115D), ref: 00000001800921FB
GetThreadTimes.KERNEL32 ref: 000000018009221D

Memory Dump Source

Source File: 0000000A.00000001.12626740060.0000000180001000.00000020.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 0000000A.00000001.12626629467.0000000180000000.00000002.sdmp
Associated: 0000000A.00000001.12627159628.00000001800D9000.00000002.sdmp
Associated: 0000000A.00000001.12627296916.0000000180137000.00000008.sdmp
Associated: 0000000A.00000001.12627338778.000000018014F000.00000004.sdmp
Associated: 0000000A.00000001.12627357441.0000000180151000.00000008.sdmp
Associated: 0000000A.00000001.12627382775.0000000180156000.00000004.sdmp
Associated: 0000000A.00000001.12627397864.0000000180157000.00000008.sdmp
Associated: 0000000A.00000001.12627422877.000000018015B000.00000004.sdmp
Associated: 0000000A.00000001.12627444444.000000018015D000.00000002.sdmp
Associated: 0000000A.00000001.12627486600.000000018016B000.00000008.sdmp
Associated: 0000000A.00000001.12627502996.000000018016C000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_1_180000000_rundll32.jbxd

Function 00000001800CA35C, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 126

Control-flow Graph

Executed
Not Executed

APIs

GetCPInfo.KERNEL32 ref: 00000001800CA392

Part of subcall function 00000001800C911C: MultiByteToWideChar.KERNEL32 ref: 00000001800C918F
Part of subcall function 00000001800C911C: MultiByteToWideChar.KERNEL32 ref: 00000001800C9258
Part of subcall function 00000001800C911C: GetStringTypeW.KERNEL32 ref: 00000001800C9272

Part of subcall function 000000018008E150: IsProcessorFeaturePresent.KERNEL32 ref: 000000018008E90E

Strings

, xrefs: 00000001800CA3D7

Memory Dump Source

Source File: 0000000A.00000001.12626740060.0000000180001000.00000020.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 0000000A.00000001.12626629467.0000000180000000.00000002.sdmp
Associated: 0000000A.00000001.12627159628.00000001800D9000.00000002.sdmp
Associated: 0000000A.00000001.12627296916.0000000180137000.00000008.sdmp
Associated: 0000000A.00000001.12627338778.000000018014F000.00000004.sdmp
Associated: 0000000A.00000001.12627357441.0000000180151000.00000008.sdmp
Associated: 0000000A.00000001.12627382775.0000000180156000.00000004.sdmp
Associated: 0000000A.00000001.12627397864.0000000180157000.00000008.sdmp
Associated: 0000000A.00000001.12627422877.000000018015B000.00000004.sdmp
Associated: 0000000A.00000001.12627444444.000000018015D000.00000002.sdmp
Associated: 0000000A.00000001.12627486600.000000018016B000.00000008.sdmp
Associated: 0000000A.00000001.12627502996.000000018016C000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_1_180000000_rundll32.jbxd

Function 00000001800CA7E0, Relevance: 3.2, APIs: 2, Instructions: 186

APIs

Part of subcall function 00000001800CA24C: GetOEMCP.KERNEL32(?,?,?,?,?,?,FFFFFFFD,00000001800CA569,?,?,?,?,?,?,?,00000001800CA711), ref: 00000001800CA276
Part of subcall function 00000001800CA24C: GetACP.KERNEL32(?,?,?,?,?,?,FFFFFFFD,00000001800CA569,?,?,?,?,?,?,?,00000001800CA711), ref: 00000001800CA28D

IsValidCodePage.KERNEL32(?,?,?,00000000,?,00000000,00000001,00000001800CA61C,?,?,?,?,?,?,?,00000001800CA711), ref: 00000001800CA85A
GetCPInfo.KERNEL32(?,?,?,00000000,?,00000000,00000001,00000001800CA61C,?,?,?,?,?,?,?,00000001800CA711), ref: 00000001800CA86F

Part of subcall function 00000001800CA35C: GetCPInfo.KERNEL32 ref: 00000001800CA392

Part of subcall function 000000018008E150: IsProcessorFeaturePresent.KERNEL32 ref: 000000018008E90E

Memory Dump Source

Source File: 0000000A.00000001.12626740060.0000000180001000.00000020.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 0000000A.00000001.12626629467.0000000180000000.00000002.sdmp
Associated: 0000000A.00000001.12627159628.00000001800D9000.00000002.sdmp
Associated: 0000000A.00000001.12627296916.0000000180137000.00000008.sdmp
Associated: 0000000A.00000001.12627338778.000000018014F000.00000004.sdmp
Associated: 0000000A.00000001.12627357441.0000000180151000.00000008.sdmp
Associated: 0000000A.00000001.12627382775.0000000180156000.00000004.sdmp
Associated: 0000000A.00000001.12627397864.0000000180157000.00000008.sdmp
Associated: 0000000A.00000001.12627422877.000000018015B000.00000004.sdmp
Associated: 0000000A.00000001.12627444444.000000018015D000.00000002.sdmp
Associated: 0000000A.00000001.12627486600.000000018016B000.00000008.sdmp
Associated: 0000000A.00000001.12627502996.000000018016C000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_1_180000000_rundll32.jbxd

Function 000000018008C2BC, Relevance: 3.0, APIs: 2, Instructions: 39LIBRARYCODE

APIs

_StaticAlloc.LIBCPMT ref: 000000018008C2EF
_Ptr_base.LIBCPMT ref: 000000018008C32B

Part of subcall function 000000018008C23C: __ExceptionPtr::__ExceptionPtr.LIBCPMT ref: 000000018008C2A5

Memory Dump Source

Source File: 0000000A.00000001.12626740060.0000000180001000.00000020.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 0000000A.00000001.12626629467.0000000180000000.00000002.sdmp
Associated: 0000000A.00000001.12627159628.00000001800D9000.00000002.sdmp
Associated: 0000000A.00000001.12627296916.0000000180137000.00000008.sdmp
Associated: 0000000A.00000001.12627338778.000000018014F000.00000004.sdmp
Associated: 0000000A.00000001.12627357441.0000000180151000.00000008.sdmp
Associated: 0000000A.00000001.12627382775.0000000180156000.00000004.sdmp
Associated: 0000000A.00000001.12627397864.0000000180157000.00000008.sdmp
Associated: 0000000A.00000001.12627422877.000000018015B000.00000004.sdmp
Associated: 0000000A.00000001.12627444444.000000018015D000.00000002.sdmp
Associated: 0000000A.00000001.12627486600.000000018016B000.00000008.sdmp
Associated: 0000000A.00000001.12627502996.000000018016C000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_1_180000000_rundll32.jbxd

Function 00000001800C22A4, Relevance: 1.6, APIs: 1, Instructions: 124network

APIs

Part of subcall function 00000001800BED30: HeapFree.KERNEL32 ref: 00000001800BED46
Part of subcall function 00000001800BED30: GetLastError.KERNEL32(?,?,00000000,00000001800C37DB,?,?,?,00000001800B1B11,?,?,?,?,00000001800C32FA,?,?,00000000), ref: 00000001800BED58

WSACleanup.WS2_32(?,?,?,?,?,?,?,00000001800C2665), ref: 00000001800C23BD

Memory Dump Source

Source File: 0000000A.00000001.12626740060.0000000180001000.00000020.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 0000000A.00000001.12626629467.0000000180000000.00000002.sdmp
Associated: 0000000A.00000001.12627159628.00000001800D9000.00000002.sdmp
Associated: 0000000A.00000001.12627296916.0000000180137000.00000008.sdmp
Associated: 0000000A.00000001.12627338778.000000018014F000.00000004.sdmp
Associated: 0000000A.00000001.12627357441.0000000180151000.00000008.sdmp
Associated: 0000000A.00000001.12627382775.0000000180156000.00000004.sdmp
Associated: 0000000A.00000001.12627397864.0000000180157000.00000008.sdmp
Associated: 0000000A.00000001.12627422877.000000018015B000.00000004.sdmp
Associated: 0000000A.00000001.12627444444.000000018015D000.00000002.sdmp
Associated: 0000000A.00000001.12627486600.000000018016B000.00000008.sdmp
Associated: 0000000A.00000001.12627502996.000000018016C000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_1_180000000_rundll32.jbxd

Function 000000018008C23C, Relevance: 1.5, APIs: 1, Instructions: 38LIBRARYCODE

APIs

__ExceptionPtr::__ExceptionPtr.LIBCPMT ref: 000000018008C2A5

Part of subcall function 000000018008C3E4: EncodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,000000018008C2AA), ref: 000000018008C4D3
Part of subcall function 000000018008C3E4: _StaticAlloc.LIBCPMT ref: 000000018008C4FD
Part of subcall function 000000018008C3E4: __ExceptionPtr::_CallCopyCtor.LIBCPMT ref: 000000018008C51D
Part of subcall function 000000018008C3E4: __std_exception_copy.LIBVCRUNTIME ref: 000000018008C58F

Memory Dump Source

Source File: 0000000A.00000001.12626740060.0000000180001000.00000020.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 0000000A.00000001.12626629467.0000000180000000.00000002.sdmp
Associated: 0000000A.00000001.12627159628.00000001800D9000.00000002.sdmp
Associated: 0000000A.00000001.12627296916.0000000180137000.00000008.sdmp
Associated: 0000000A.00000001.12627338778.000000018014F000.00000004.sdmp
Associated: 0000000A.00000001.12627357441.0000000180151000.00000008.sdmp
Associated: 0000000A.00000001.12627382775.0000000180156000.00000004.sdmp
Associated: 0000000A.00000001.12627397864.0000000180157000.00000008.sdmp
Associated: 0000000A.00000001.12627422877.000000018015B000.00000004.sdmp
Associated: 0000000A.00000001.12627444444.000000018015D000.00000002.sdmp
Associated: 0000000A.00000001.12627486600.000000018016B000.00000008.sdmp
Associated: 0000000A.00000001.12627502996.000000018016C000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_1_180000000_rundll32.jbxd

Function 00000001800B27EC, Relevance: 1.5, APIs: 1, Instructions: 38

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00000001800B2805

Part of subcall function 00000001800C4FC0: GetSystemTimeAsFileTime.KERNEL32(?,?,?,00000001800B2824,?,?,00000000,00000001800B28A1), ref: 00000001800C5007

Memory Dump Source

Source File: 0000000A.00000001.12626740060.0000000180001000.00000020.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 0000000A.00000001.12626629467.0000000180000000.00000002.sdmp
Associated: 0000000A.00000001.12627159628.00000001800D9000.00000002.sdmp
Associated: 0000000A.00000001.12627296916.0000000180137000.00000008.sdmp
Associated: 0000000A.00000001.12627338778.000000018014F000.00000004.sdmp
Associated: 0000000A.00000001.12627357441.0000000180151000.00000008.sdmp
Associated: 0000000A.00000001.12627382775.0000000180156000.00000004.sdmp
Associated: 0000000A.00000001.12627397864.0000000180157000.00000008.sdmp
Associated: 0000000A.00000001.12627422877.000000018015B000.00000004.sdmp
Associated: 0000000A.00000001.12627444444.000000018015D000.00000002.sdmp
Associated: 0000000A.00000001.12627486600.000000018016B000.00000008.sdmp
Associated: 0000000A.00000001.12627502996.000000018016C000.00000002.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_1_180000000_rundll32.jbxd

Non-executed Functions

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report

Overview

General Information

Detection

Confidence

Classification

Analysis Advice

Signature Overview

AV Detection:

Cryptography:

Bitcoin Miner:

Spreading:

Networking:

Spam, unwanted Advertisements and Ransom Demands:

DDoS:

Operating System Destruction:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Boot Survival:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Lowering of HIPS / PFW / Operating System Security Settings:

Remote Access Functionality:

Behavior Graph

Simulations

Behavior and APIs

Antivirus Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Yara Overview

Initial Sample

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Joe Sandbox View / Context

IPs

Domains

ASN

Dropped Files

Screenshots

Startup

Created / dropped Files

Contacted Domains/Contacted IPs

Contacted Domains

Contacted URLs

Contacted IPs

Public

Private

Static File Info

General

File Icon

Static OLE Info

General

OLE File "pdfescape-desktop-asian-and-extended.msi"

Indicators

Summary

Streams

Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 580

General

Stream Path: \x16678\x14437\x16830\x16740, File Type: Microsoft Cabinet archive data, 3551059 bytes, 239 files, Stream Size: 3551059

General

Stream Path: \x16786\x17522\x16702\x17206\x17508\x17215\x17574\x18481, File Type: MS Windows icon resource - 2 icons, 32x32, 256-colors, Stream Size: 5430

General

Stream Path: \x16786\x17522\x16766\x17848\x17516\x17832\x18422\x16812\x17522, File Type: MS Windows icon resource - 2 icons, 32x32, 256-colors, Stream Size: 5430

General